On 27 Mar 2000 17:22:56 -0500, JF Martinez <[EMAIL PROTECTED]> wrote:
>This is not the only problem. There is another one in the fact that
>every program you run could either modify your .bash_profile or modify
>the environment+silently fork a shell. The net effect is that if one
>day you do an su you could find that it is not the real 'ls' or 'cp'
>who is executing. As Root you are supposed to run only a small number
>of _trusted_ programs needed for system administration, as normal user
>you run a far greater variety of programs as this is needed for real
>work. Threse greater variety means more potential for mischief so it
>should not be allowed that SU inherits environment and specially the
>path because you never know if the user has still an untampered
>environmant.
>From su(1):
"Change the effective user id and group id to that of USER"
This says nothing about changing or clearing environmental variables. That's
what,
"-, -l, --login make the shell a login shell"
is for.
Changing this behavior is asking for serious complaints from power users and
as Alan (who is significantly smarter than me has said) would cause "Major
Brokenness" (paraphrase).
I believe that this behavior is similar in *BSD, Debian, SUSE, Solaris to name
a few.
--
Bryan C. Andregg * <[EMAIL PROTECTED]> * Red Hat, Inc.
gpg 1024D/19893A19 A8DA 869A 037A C6B5 BF07 AB61 E406 414B 1989 3A19
pgp2 1024/625FA2C5 F5 F3 DC 2E 8E AF 26 B0 2C 31 78 C2 6C FB 02 77
pgp5 1024/0x46E7A8A2 46EB 61B1 71BD 2960 723C 38B6 21E4 23CC 46E7 A8A2
--
To unsubscribe:
mail -s unsubscribe [EMAIL PROTECTED] < /dev/null
