[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Why is su preserving the environment?

On Sat Jan 24 11:00, Reinhard Tartler wrote:
> Josselin Mouette <joss@debian.org> writes:
> > I think Steve has a point, and as he explains, this is not a big
> > security issue; however it is breaking the expectations you have when
> > logging as another user. For example, it is not expected that starting
> > an application as the other user will re-use the running one, and it is
> > not expected that accessing the GNOME keyring will show the passwords of
> > the original user.
> Well, then how about gnome-keyring or other applications not expecting
> that behaviour should then check the effective user id in addition to
> the session cookie in the environment variable?
> In any case, this behaviour should probably be somewhere properly
> documented, at least in the developer and/or user documentation of
> gnome-keyring (I have to admit that I didn't check it myself, since I
> haven't developed an application which uses gnome-keyring yet).

Well, if they are using DBUS this should be fine. You cannot connect to
a session bus with a uid other than the one it is running as (including


Matthew Johnson

Attachment: signature.asc
Description: Digital signature

Reply to: