su - user question

To: debian-security@lists.debian.org
Subject: su - user question
From: Adam Warner <lists@consulting.net.nz>
Date: 20 Jan 2002 11:04:13 +1300
Message-id: <[🔎] 1011477853.11070.0.camel@web>

Hi everyone,

I'm just wondering about the safety of this security practice.

Firstly the servers are physically secure and there is no relevant issue
about having a local root console open for administration purposes.

The question I have is if I "su - username" and then browse the web,
etc. is it impossible for a remote user who managed to gain access to
that user session to become root by exiting out of the user account?

I'm almost certain the answer should be no. But I'd just like
confirmation.

Thanks,
Adam

Reply to:

Follow-Ups:
- Re: su - user question
  - From: martin f krafft <madduck@madduck.net>
- Re: su - user question
  - From: martin f krafft <madduck@madduck.net>
- Re: su - user question
  - From: Federico Grau <grauf@rfa.org>

Prev by Date: Re: [2] Mailserver HDD organization
Next by Date: Re: su - user question
Previous by thread: Re: protection against buffer overflows
Next by thread: Re: su - user question
Index(es):
- Date
- Thread