On Tue 07 Aug 2018 at 15:31:43 (+0200), Nicolas George wrote: > The Wanderer (2018-08-07): > > > Anyone who learns the user's password can obtain the second password > > > pretty easily. > > How so? > > Just insert a fake su in their path. There are more subtle ways. This does make me wonder why nobody here seems to have pointed out that su should be spelled "/bin/su -". My fingers have been wired that way for 20 years. Cheers, David.