[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: the su - user thread [Potential Debian Security Issue]

At 5:11 PM +1300 1/22/02, Adam Warner wrote:
1. Log in as root
2. su - user
3. startx (running KDE, not GNOME)
4. Click on the Control Center
5. There in the Control Center info box it will state that the user is

Why does the KDE Control Center think the user is currently root? In
contrast the GNOME Control Center properly identifies the username.

i've seen similar in reverse. I don't have KDE (or X actually) installed on my boxes, if I:
ssh in as a user account
su root
run set command to list environment, I see:
LOGNAME=user I ssh'd as

I can't ssh in as root and I'm too lazy to walk downstairs and try the other way around from the console.

Is this really a security issue? Does KDE Control Center actually run as root, or just report that it is root?


Reply to: