Re: As seen above: use of su vs sudo

To: debian-user@lists.debian.org
Subject: Re: As seen above: use of su vs sudo
From: Curt <curty@free.fr>
Date: Tue, 7 Aug 2018 18:01:27 +0000 (UTC)
Message-id: <[🔎] slrnpmjnnr.23n.curty@einstein.electron.org>
References: <[🔎] 9494b29f-b9a2-7f3b-be33-0824df53aea3@online.de> <[🔎] 5B69806D.7050901@fastmail.fm> <[🔎] 722f650b-7cad-df7e-884a-d3cb994d6f03@online.de> <[🔎] 5B698B9C.1030902@fastmail.fm> <[🔎] 883ba059-4114-f2c7-3240-7f29ea497a63@online.de> <[🔎] 5B699579.9000805@fastmail.fm> <[🔎] 20180807130907.GA4027554@phare.normalesup.org> <[🔎] 5B699DBA.9060309@fastmail.fm> <[🔎] 20180807133143.GA4036167@phare.normalesup.org> <[🔎] 20180807161426.GC8348@alum> <[🔎] ca218146-9a63-11e8-9b6a-00163eeb5320@msgid.mathom.us>

On 2018-08-07, Michael Stone <mstone@debian.org> wrote:
> On Tue, Aug 07, 2018 at 11:14:26AM -0500, David Wright wrote:
>>On Tue 07 Aug 2018 at 15:31:43 (+0200), Nicolas George wrote:
>>> The Wanderer (2018-08-07):
>>
>>> > > Anyone who learns the user's password can obtain the second password
>>> > > pretty easily.
>>> > How so?
>>>
>>> Just insert a fake su in their path. There are more subtle ways.
>>
>>This does make me wonder why nobody here seems to have pointed out
>>that su should be spelled "/bin/su -". My fingers have been wired
>>that way for 20 years.
>
> Because it's unnecessary extra typing?
>

I thought his point might be that in typing the full path at least you
know you're getting '/bin/su' and not some other 'su' that a malevolent
individual might have created in your home directory after prepending HOME
to your path, for example (in that malevolent person's effort to elevate
himself to superuser status). 

Maybe he didn't mean that, though, and I've got things all wrong (famous
last words).



-- 
Some years ago, when the images which this world affords first opened upon me,
when I felt the cheering warmth of summer and heard the rustling of the leaves
and the warbling of the birds, and these were all to me, I should have wept to
die; now it is my only consolation. --Mary Shelley, Frankenstein; or, The Modern Prometheus

Reply to:

Follow-Ups:
- Re: As seen above: use of su vs sudo
  - From: Nicolas George <george@nsup.org>
- Re: As seen above: use of su vs sudo
  - From: Michael Stone <mstone@debian.org>

References:
- As seen above: use of su vs sudo
  - From: Martin Drescher <keine-eile@online.de>
- Re: As seen above: use of su vs sudo
  - From: The Wanderer <wanderer@fastmail.fm>
- Re: As seen above: use of su vs sudo
  - From: Martin <keine-eile@online.de>
- Re: As seen above: use of su vs sudo
  - From: The Wanderer <wanderer@fastmail.fm>
- Re: As seen above: use of su vs sudo
  - From: Martin <keine-eile@online.de>
- Re: As seen above: use of su vs sudo
  - From: The Wanderer <wanderer@fastmail.fm>
- Re: As seen above: use of su vs sudo
  - From: Nicolas George <george@nsup.org>
- Re: As seen above: use of su vs sudo
  - From: The Wanderer <wanderer@fastmail.fm>
- Re: As seen above: use of su vs sudo
  - From: Nicolas George <george@nsup.org>
- Re: As seen above: use of su vs sudo
  - From: David Wright <deblis@lionunicorn.co.uk>
- Re: As seen above: use of su vs sudo
  - From: Michael Stone <mstone@debian.org>

Prev by Date: [solved?] Re: New `no sound' problems
Next by Date: Re: As seen above: use of su vs sudo
Previous by thread: Re: As seen above: use of su vs sudo
Next by thread: Re: As seen above: use of su vs sudo
Index(es):
- Date
- Thread