[Pkg-shadow-devel] Bug#611584: Bug#611584: /bin/su: not quite aggressive enough about cleaning the environment

Zack Weinberg zackw at panix.com
Mon Jan 31 03:03:31 UTC 2011


On Sun, Jan 30, 2011 at 6:55 PM, Mike Frysinger <vapier at gentoo.org> wrote:
> On Sun, Jan 30, 2011 at 5:52 PM, Zack Weinberg wrote:
>> "su -" is supposed to produce the same set of environment variables that you'd
>> get if the destination user had logged in directly, but it misses at least a
>> few variables that should be unset:
>
> not really.  the man page says:
>       -, -l, --login
>           Provide an environment similar to what the user would
> expect had the user logged in directly.
>
> it does not say "exactly"

Those are weasel words intended to cope with the reality that su can't
go through *exactly* the same code path as init -> getty -> login and
therefore may not always get it spot on.

Specific instances of not getting it spot on remain bugs, especially
when they are security issues (DISPLAY and XAUTHORITY certainly are; I
don't know about XDG_SESSION_COOKIE).

zw





More information about the Pkg-shadow-devel mailing list