> Right. Root should never accept to su from a terminal someone else is
> logged in, but this still leaves the problem of the security conscious
> Root user who never runs untrusted software as root but one day while
> logged as a normal user he runs a program we will call "trojan" who will
> modify his path in order to ensure a trojan version of ls or cp is the
> one excuted. This would not be a problem if RedHat's su would reset
> the environment or at least the key variables.
Since it is the same controlling terminal resetting variables makes no
change. The termios ioctls and the other features of the terminal interface
you are sharing still allow it.
Su isnt intended to be security partitioning. Thats when you want multiple
consoles and/or SAK
Alan
--
To unsubscribe:
mail -s unsubscribe [EMAIL PROTECTED] < /dev/null
