>
> > It is unfortunate that RedHat's SU keeps the same environment and
> > specially the same PATH as this leaves the user open to a trivial
>
> Actually doing anything else would be extremely broken.
>
Caldera does it nearly right (except for the fact they reset all the
environment variables including DISPLAY): look at their trick. By the
way it is not in the RPM containing SU but in the one containing the
files looked by the shell at startup.
> > and then tricks root for using su from the same terminal instead of
> > doing a full login or, a program who installs malicious code into the
> > $HOME/bin (and madifies the .profile to place it at the head of the
> > PATH) like a fake 'ls' who excs the noraml 'ls' if used by normal user
> > but destroys data if the user is using it as root (after using SU, the
> > user will have the same path so it will be the trojan 'ls who will be
> > executed uinstead of the noraml one).
>
> Any root user who does this screwed up a while back. How does he know the
> shell is in fact running the real /bin/su and not recording his password
> then running it down a pipe.
>
Right. Root should never accept to su from a terminal someone else is
logged in, but this still leaves the problem of the security conscious
Root user who never runs untrusted software as root but one day while
logged as a normal user he runs a program we will call "trojan" who will
modify his path in order to ensure a trojan version of ls or cp is the
one excuted. This would not be a problem if RedHat's su would reset
the environment or at least the key variables.
Some people have suggested using "su -" but I think they forget that
Linux is not Unix. In Linux, like in every system affordable enough
for personal use, the desktop, or tiny companies, we have to asssume
part of the users are not trained users.
--
Jean Francois Martinez
Project Independence: Linux for the Masses
http://www.independence.seul.org
--
To unsubscribe:
mail -s unsubscribe [EMAIL PROTECTED] < /dev/null
