On Tue, 2002-01-22 at 07:41, Federico Grau wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Sun, Jan 20, 2002 at 11:04:13AM +1300, Adam Warner wrote: > > Hi everyone, > > > ... > > The question I have is if I "su - username" and then browse the web, > > etc. is it impossible for a remote user who managed to gain access to > > that user session to become root by exiting out of the user account? > > > Is there a reason to leave the parent shell around? How about, instead of "su > - - username" "exec su - username". If you are simply running a console as > root > that should remove any way of getting back to root from username. If you are > running X as root, then you have bigger problems.
Federico, are you saying that if you su - to a user account (from root) and then start X that you are running X as root? If so that is a major problem. Regards, Adam
