Re: su - user question
On Tue, 2002-01-22 at 07:41, Federico Grau wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Sun, Jan 20, 2002 at 11:04:13AM +1300, Adam Warner wrote:
> > Hi everyone,
> >
> ...
> > The question I have is if I "su - username" and then browse the web,
> > etc. is it impossible for a remote user who managed to gain access to
> > that user session to become root by exiting out of the user account?
> >
> Is there a reason to leave the parent shell around? How about, instead of "su
> - - username" "exec su - username". If you are simply running a console as root
> that should remove any way of getting back to root from username. If you are
> running X as root, then you have bigger problems.
Federico, are you saying that if you su - to a user account (from root)
and then start X that you are running X as root? If so that is a major
problem.
Regards,
Adam
Reply to: