Re: "su -" and "su" - what is the real difference?
2006. July 28. 16:04, Michael Marsh:
> On 7/28/06, LeVA <leva@az.isten.hu> wrote:
> > Here comes a lame question yes I know, but I need to hear the
> > experiences and opinions about this.
> > I've read thru a number of documents which described the
> > differences between the real and effective user ids and I am now
> > just wondering about this:
> >
> > What is the difference (I mean in the "real world") between running
> > `su` (getting a non-login shell) and `su -` (getting a login
> > shell). Is there a security related problem with any of the
> > invokings above? AFAIK the real and effective uids are always set
> > to 0 after both commands.
> >
> >From the info pages for su:
>
> ------- [ info su ]--------
> `-'
> `-l'
> `--login'
> Make the shell a login shell. This means the following. Unset
> all environment variables except `TERM', `HOME', and `SHELL' (which
> are set as described above), and `USER' and `LOGNAME' (which are set,
> even for the super-user, as described above), and set `PATH' to a
> compiled-in default value. Change to USER's home directory. Prepend
> `-' to the shell's name, intended to make it read its login startup
> file(s).
> ------------------------
>
> What this means is that if you just run "su", you'll be left with the
> environment of the user from whose account you entered root's. In
> particular, $PATH, $LD_PRELOAD, and $LD_LIBRARY_PATH won't be unset.
> If the user is malicious, he can get you to run different programs
> than you thought you were running. That includes dynamically linking
> in (for example) a trojaned version of libc. It's precisely because
> your euid becomes 0 that this is a problem, since the malicious user
> can set up a root-privileged back door.
>
So running su with the '-' option is safer then running without it?
Daniel
--
LeVA
Reply to: