Hello, On Wed, 08 Aug 2018, Andreas Henriksson wrote: > Please do feel free to write something up and send it as a merge > request! Your contribution will be very appreciated! I'll offer to > review them once I find time for it.
I am attaching patches for "News.Debian" and "su.1". In my opinion this should be adequate documentation of the changes. Regards, Kapil. --
--- NEWS.Debian.orig 2018-08-09 08:46:41.536831490 +0530 +++ NEWS.Debian 2018-08-09 08:49:59.515824839 +0530 @@ -11,7 +11,8 @@ even in 'preserve environment' mode. - su '' (empty user string) used to give root, but now returns an error. - previously su only had one pam config, but now 'su -' is configured - separately in /etc/pam.d/su-l + separately in /etc/pam.d/su-l. This file additionally invokes + 'pam_keyinit' to revoke the session keyring. The first difference is probably the most user visible one. Doing plain 'su' is a really bad idea for many reasons, so using 'su -' is
--- su.1.orig 2018-08-09 08:47:43.991829392 +0530 +++ su.1 2018-08-09 08:54:31.889815688 +0530 @@ -81,6 +81,11 @@ .B TERM .TP o +revokes the session keyring using the +.BR pam_keyinit (8) +module. +.TP +o initializes the environment variables .BR HOME , .BR SHELL ,