Re: the su - user thread [Potential Debian Security Issue]

To: Adam Warner <lists@consulting.net.nz>, debian security <debian-security@lists.debian.org>
Subject: Re: the su - user thread [Potential Debian Security Issue]
From: Kevin van Haaren <kevin@vanhaaren.net>
Date: Tue, 22 Jan 2002 10:47:56 -0600
Message-id: <p05001901b87346285c4f@[192.168.128.145]>
In-reply-to: <[🔎] 1011672705.12002.0.camel@web>
References: <[🔎] 20020121162642.GA5213@fishbowl.madduck.net> <[🔎] 1011672705.12002.0.camel@web>

At 5:11 PM +1300 1/22/02, Adam Warner wrote:

1. Log in as root
2. su - user
3. startx (running KDE, not GNOME)
4. Click on the Control Center
5. There in the Control Center info box it will state that the user is
root!

Why does the KDE Control Center think the user is currently root? In
contrast the GNOME Control Center properly identifies the username.

i've seen similar in reverse. I don't have KDE (or X actually)installed on my boxes, if I:

ssh in as a user account
su root
run set command to list environment, I see:
LOGNAME=user I ssh'd as
MAIL=/var/mail/user

I can't ssh in as root and I'm too lazy to walk downstairs and trythe other way around from the console.

Is this really a security issue? Does KDE Control Center actuallyrun as root, or just report that it is root?


Kevin

Reply to:

Follow-Ups:
- Re: the su - user thread [Potential Debian Security Issue]
  - From: Ralf Dreibrodt <ralf@dreibrodt.de>

References:
- the su - user thread
  - From: martin f krafft <madduck@madduck.net>
- Re: the su - user thread [Potential Debian Security Issue]
  - From: Adam Warner <lists@consulting.net.nz>

Prev by Date: Re: the su - user thread [Potential Debian Security Issue]
Next by Date: Re: the su - user thread [Potential Debian Security Issue]
Previous by thread: Re: the su - user thread [Potential Debian Security Issue]
Next by thread: Re: the su - user thread [Potential Debian Security Issue]
Index(es):
- Date
- Thread