Re: the su - user thread [Potential Debian Security Issue]
On Tue, 2002-01-22 at 23:31, martin f krafft wrote:
> also sprach Adam Warner <lists@consulting.net.nz> [2002.01.22.0511 +0100]:
> > I realise now that I have witnessed this kind of issue before ("In some
> > circumstances, it's possible for a non-privileged process to have `root'
> > as the login name returned by getlogin.")
>
> okay, and that does it for me. can you try it with exec:
>
> > 1. Log in as root
> > 2. exec su - user
> ^^^^
> > 3. startx (running KDE, not GNOME)
> > 4. Click on the Control Center
> > 5. There in the Control Center info box it will state that the user is
> > root!
The info box still says root after using using exec su - user.
Well we now know there is a difference between logging in a user and
using exec su - user.
Regards,
Adam
Reply to: