[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: su - user question

On Tue, 2002-01-22 at 12:21, martin f krafft wrote:
> also sprach Adam Warner <lists@consulting.net.nz> [2002.01.21.2307 +0100]:
> > Federico, are you saying that if you su - to a user account (from root)
> > and then start X that you are running X as root? If so that is a major
> > problem.
> no, he actually says that with exec, you should theoretically be more
> secure as in a root-su-user scenario, because after you exec, the root
> shell is gone. it's an interesting proposal and when i have time, i
> would like to look at the user status after su vs. a normal login to see
> if there's *any* difference.

That would be an interesting analysis. I enjoyed your long email
discussion and understood it, thanks.

I set out to find out if su - <username> was a large security risk in
the circumstances I outlined and it appears it is not. And with
Federico's proposal of using exec (which you helped me understand) it
may even be identically secure.

Please CC me your analysis if you find time so there's no chance I miss


Reply to: