Le jeu. 28 janv. 2021 à 08:24, Michael Kerrisk (man-pages) <mtk.manpa...@gmail.com> a écrit : > > Hello Bastien, > > On 1/27/21 4:48 PM, roucaries.bast...@gmail.com wrote: > > From: Bastien Roucariès <ro...@debian.org> > > > > Clearly document that su by default does not change this variables. > > I'm dubious about this. The place that this should be (and is) > properly documented is the manual page for su(1). Why repeat it > here?
Ok for the su part. But the at login time should be documented. It is not documented on debian documentation where lie the responsability for setting this variables. As a young debian developper I was burned by su a few time. But a pointer to documentation of su should sufficient I agree. Something like Note that behavior of su could lead to a mixed environment. Thanks will redo Bastien > > Thanks, > > Miuchael > > > Signed-off-by: Bastien Roucariès <ro...@debian.org> > > --- > > man7/environ.7 | 41 +++++++++++++++++++++++++++++++++++++---- > > 1 file changed, 37 insertions(+), 4 deletions(-) > > > > diff --git a/man7/environ.7 b/man7/environ.7 > > index ec886d83d..8fc26bb92 100644 > > --- a/man7/environ.7 > > +++ b/man7/environ.7 > > @@ -65,15 +65,15 @@ Common examples are: > > .TP > > .B USER > > The name of the logged-in user (used by some BSD-derived programs). > > +Set at login time, see section NOTES below. > > .TP > > .B LOGNAME > > The name of the logged-in user (used by some System-V derived programs). > > +Set at login time, see section NOTES below. > > .TP > > .B HOME > > -A user's login directory, set by > > -.BR login (1) > > -from the password file > > -.BR passwd (5). > > +A user's login directory. > > +Set at login time, see section NOTES below. > > .TP > > .B LANG > > The name of a locale to use for locale categories when not overridden > > @@ -114,6 +114,7 @@ Set by some shells. > > .TP > > .B SHELL > > The absolute pathname of the user's login shell. > > +Set at login time, see section NOTES below. > > .TP > > .B TERM > > The terminal type for which output is to be prepared. > > @@ -260,6 +261,37 @@ The > > and > > .B PR_SET_MM_ENV_END > > operations can be used to control the location of the process's > > environment. > > +.PP > > +The > > +.B HOME, > > +.B LOGNAME, > > +.B SHELL > > +and > > +.B USER > > +variables are set from a user database (such as the > > +.B password (5) > > +database) only when when a user is changed using the > > +session management interface, for instance by the > > +.B login(1) > > +program. > > +In particular, the > > +.B setuid (2) > > +family of functions does not set these variables. > > +Note that as documented in > > +.B su (1), > > +getting a root shell with just the command > > +.I su > > +results in a mixed environment where > > +.B LOGNAME > > +and > > +.B USER > > +are retained from the old user. Using > > +.I su -p > > +preserves all the variables from the existing shell, and > > +.I su - > > +or > > +.I su -l > > +is the recommended way of getting a full root environment. > > .SH BUGS > > Clearly there is a security risk here. > > Many a system command has been > > @@ -306,6 +338,7 @@ should consider renaming their option to > > .BR mktemp (1), > > .BR printenv (1), > > .BR sh (1), > > +.BR su (1), > > .BR tcsh (1), > > .BR execve (2), > > .BR clearenv (3), > > > > > -- > Michael Kerrisk > Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/ > Linux/UNIX System Programming Training: http://man7.org/training/
