On Sat, Jan 24, 2009 at 08:41:37AM +0100, Josselin Mouette wrote: > it has been brought to my attention (through #512803) that su does not > clean the environment at all. This has several security implications: > * variables like PERL5LIB or GTK_MODULES can be passed to another > user, leading to unwanted execution of code; > * variables like DBUS_SESSION_BUS_ADDRESS or XDG_SESSION_COOKIE > export authentication information that could be used to obtain > private information such as passwords in gnome-keyring.
> Before I work around this specific issue in the fugliest way, shouldn’t > we prevent su from preserving the environment? > There have been several security advisories related to sudo not cleaning > the environment, and the final call has been to make env_reset the > default. Is there any reason why su should not be considered vulnerable > the same way? Because su does not attempt to control what commands are being run; if you can su to another user, you can run arbitrary commands as that user, which means there's no sense in trying to filter the environment. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer http://www.debian.org/ slanga...@ubuntu.com vor...@debian.org -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
