Le samedi 24 janvier 2009 à 09:04 +0100, Reinhard Tartler a écrit :
> the latter command indeed prunes the environment, and calling
> 
>  su -c gnome-terminal -
> 
> sucessfully fails (heh) with failing to open a display. whats the
> problem here?

"su -" is actually pruning the environment as it starts a login shell.
This should be slightly orthogonal to preserving the environment.
Actually, "su -p -" *does* preserve it. When not starting a login shell,
the -p option does actually nothing (and the documentation doesn’t
mention this).

I think Steve has a point, and as he explains, this is not a big
security issue; however it is breaking the expectations you have when
logging as another user. For example, it is not expected that starting
an application as the other user will re-use the running one, and it is
not expected that accessing the GNOME keyring will show the passwords of
the original user.

-- 
 .''`.
: :' :      We are debian.org. Lower your prices, surrender your code.
`. `'       We will add your hardware and software distinctiveness to
  `-        our own. Resistance is futile.

Attachment: signature.asc
Description: Ceci est une partie de message numériquement signée

Reply via email to