Re: "su -" and "su" - what is the real difference?
On 7/28/06, LeVA <leva@az.isten.hu> wrote:
Here comes a lame question yes I know, but I need to hear the
experiences and opinions about this.
I've read thru a number of documents which described the differences
between the real and effective user ids and I am now just wondering
about this:
What is the difference (I mean in the "real world") between running `su`
(getting a non-login shell) and `su -` (getting a login shell). Is
there a security related problem with any of the invokings above? AFAIK
the real and effective uids are always set to 0 after both commands.
From the info pages for su:
------- [ info su ]--------
`-'
`-l'
`--login'
Make the shell a login shell. This means the following. Unset all
environment variables except `TERM', `HOME', and `SHELL' (which
are set as described above), and `USER' and `LOGNAME' (which are
set, even for the super-user, as described above), and set `PATH'
to a compiled-in default value. Change to USER's home directory.
Prepend `-' to the shell's name, intended to make it read its
login startup file(s).
------------------------
What this means is that if you just run "su", you'll be left with the
environment of the user from whose account you entered root's. In
particular, $PATH, $LD_PRELOAD, and $LD_LIBRARY_PATH won't be unset.
If the user is malicious, he can get you to run different programs
than you thought you were running. That includes dynamically linking
in (for example) a trojaned version of libc. It's precisely because
your euid becomes 0 that this is a problem, since the malicious user
can set up a root-privileged back door.
--
Michael A. Marsh
http://www.umiacs.umd.edu/~mmarsh
http://mamarsh.blogspot.com
Reply to: