Re: Why is su preserving the environment?

[Reinhard Tartler <siretart@debian.org>]

Josselin Mouette <joss@debian.org> writes:

> I think Steve has a point, and as he explains, this is not a big
> security issue; however it is breaking the expectations you have when
> logging as another user. For example, it is not expected that starting
> an application as the other user will re-use the running one, and it is
> not expected that accessing the GNOME keyring will show the passwords of
> the original user.

Well, then how about gnome-keyring or other applications not expecting
that behaviour should then check the effective user id in addition to
the session cookie in the environment variable?

In any case, this behaviour should probably be somewhere properly
documented, at least in the developer and/or user documentation of
gnome-keyring (I have to admit that I didn't check it myself, since I
haven't developed an application which uses gnome-keyring yet).

-- 
Gruesse/greetings,
Reinhard Tartler, KeyID 945348A4