[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: the su - user thread [Potential Debian Security Issue]

also sprach Adam Warner <lists@consulting.net.nz> [2002.01.22.0511 +0100]:
> I realise now that I have witnessed this kind of issue before ("In some
> circumstances, it's possible for a non-privileged process to have `root'
> as the login name returned by getlogin.")

okay, and that does it for me. can you try it with exec:

> 1. Log in as root
> 2. exec su - user
> 3. startx (running KDE, not GNOME)
> 4. Click on the Control Center
> 5. There in the Control Center info box it will state that the user is
> root!

martin;              (greetings from the heart of the sun.)
  \____ echo mailto: !#^."<*>"|tr "<*> mailto:"; net@madduck
as i learn the innermost secrets of the people around me,
they reward me in many ways to keep me quiet.

Attachment: pgp6wZRbeCt6G.pgp
Description: PGP signature

Reply to: