tags 155279 help thanks Please read http://bugs.debian.org/155279 for the whole story.
In short, this bug requests that "auth required pam_env.so" is added to /etc/pam.d/su so that the contents of /etc/environment is used when issuing a "su -" to become root. OTOH, doing so will lead to "su" getting env variables from that file too and thus breaking the expected behaviour (keeping the originating user environment). So, we (shadow package maintainers) cannot blindly add the offending line to the /etc/pam.d/su file. One suggestion in the bug log is a modification to su code so that it reads pam_env.so only when called as "su -". This sounds a bit strange to me as it would require hard-encoding this module name in su code as this is of course the only module that should be ignored. Seems to go against the "spirit" of PAM (modularity). My opinion, currently, is that nothing can really be done about this. Eduard Bloch, in the bug log, even raised the severity to "grave" which seems oveflated (and maybe not directly related as he mentions the lack of using pam_access). I think we really need some external advice here, but I want first to have other team members advice, as well as the bug submitter opinion. -- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
