Re: su - user question

To: debian-security@lists.debian.org
Subject: Re: su - user question
From: Adam Warner <lists@consulting.net.nz>
Date: 22 Jan 2002 13:52:06 +1300
Message-id: <[🔎] 1011660727.6028.0.camel@web>
In-reply-to: <[🔎] 20020121232103.GC21740@fishbowl.madduck.net>
References: <[🔎] 1011477853.11070.0.camel@web> <[🔎] 20020121134139.D18464@rfa.org> <[🔎] 1011650849.1821.2.camel@web> <[🔎] 20020121232103.GC21740@fishbowl.madduck.net>

On Tue, 2002-01-22 at 12:21, martin f krafft wrote:
> also sprach Adam Warner <lists@consulting.net.nz> [2002.01.21.2307 +0100]:
> > Federico, are you saying that if you su - to a user account (from root)
> > and then start X that you are running X as root? If so that is a major
> > problem.
> 
> no, he actually says that with exec, you should theoretically be more
> secure as in a root-su-user scenario, because after you exec, the root
> shell is gone. it's an interesting proposal and when i have time, i
> would like to look at the user status after su vs. a normal login to see
> if there's *any* difference.

That would be an interesting analysis. I enjoyed your long email
discussion and understood it, thanks.

I set out to find out if su - <username> was a large security risk in
the circumstances I outlined and it appears it is not. And with
Federico's proposal of using exec (which you helped me understand) it
may even be identically secure.

Please CC me your analysis if you find time so there's no chance I miss
it.

Regards,
Adam

Reply to:

References:
- su - user question
  - From: Adam Warner <lists@consulting.net.nz>
- Re: su - user question
  - From: Federico Grau <grauf@rfa.org>
- Re: su - user question
  - From: Adam Warner <lists@consulting.net.nz>
- Re: su - user question
  - From: martin f krafft <madduck@madduck.net>

Prev by Date: Re: dpkg-buildpackage (-rfakeroot) leaves setuid binaries
Next by Date: Re: dpkg-buildpackage (-rfakeroot) leaves setuid binaries
Previous by thread: Re: su - user question
Next by thread: Unusual Bind log entry
Index(es):
- Date
- Thread