Re: the su - user thread [Potential Debian Security Issue]

To: debian-security@lists.debian.org
Subject: Re: the su - user thread [Potential Debian Security Issue]
From: Adam Warner <lists@consulting.net.nz>
Date: 23 Jan 2002 00:30:02 +1300
Message-id: <[🔎] 1011699002.673.0.camel@web>
In-reply-to: <[🔎] 20020122103127.GE22289@fishbowl.madduck.net>
References: <[🔎] 20020121162642.GA5213@fishbowl.madduck.net> <[🔎] 1011672705.12002.0.camel@web> <[🔎] 20020122103127.GE22289@fishbowl.madduck.net>

On Tue, 2002-01-22 at 23:31, martin f krafft wrote:
> also sprach Adam Warner <lists@consulting.net.nz> [2002.01.22.0511 +0100]:
> > I realise now that I have witnessed this kind of issue before ("In some
> > circumstances, it's possible for a non-privileged process to have `root'
> > as the login name returned by getlogin.")
> 
> okay, and that does it for me. can you try it with exec:
> 
> > 1. Log in as root
> > 2. exec su - user
>      ^^^^
> > 3. startx (running KDE, not GNOME)
> > 4. Click on the Control Center
> > 5. There in the Control Center info box it will state that the user is
> > root!

The info box still says root after using using exec su - user.

Well we now know there is a difference between logging in a user and
using exec su - user.

Regards,
Adam

Reply to:

References:
- the su - user thread
  - From: martin f krafft <madduck@madduck.net>
- Re: the su - user thread [Potential Debian Security Issue]
  - From: Adam Warner <lists@consulting.net.nz>
- Re: the su - user thread [Potential Debian Security Issue]
  - From: martin f krafft <madduck@madduck.net>

Prev by Date: Re: dpkg-buildpackage (-rfakeroot) leaves setuid binaries
Next by Date: Re: the su - user thread [Potential Debian Security Issue]
Previous by thread: Re: the su - user thread [Potential Debian Security Issue]
Next by thread: Re: the su - user thread [Potential Debian Security Issue]
Index(es):
- Date
- Thread