Le samedi 24 janvier 2009 à 09:04 +0100, Reinhard Tartler a écrit : > the latter command indeed prunes the environment, and calling > > su -c gnome-terminal - > > sucessfully fails (heh) with failing to open a display. whats the > problem here?
"su -" is actually pruning the environment as it starts a login shell. This should be slightly orthogonal to preserving the environment. Actually, "su -p -" *does* preserve it. When not starting a login shell, the -p option does actually nothing (and the documentation doesn’t mention this). I think Steve has a point, and as he explains, this is not a big security issue; however it is breaking the expectations you have when logging as another user. For example, it is not expected that starting an application as the other user will re-use the running one, and it is not expected that accessing the GNOME keyring will show the passwords of the original user. -- .''`. : :' : We are debian.org. Lower your prices, surrender your code. `. `' We will add your hardware and software distinctiveness to `- our own. Resistance is futile.
signature.asc
Description: Ceci est une partie de message numériquement signée
