-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sun, Jan 20, 2002 at 11:04:13AM +1300, Adam Warner wrote: > Hi everyone, > ... > The question I have is if I "su - username" and then browse the web, > etc. is it impossible for a remote user who managed to gain access to > that user session to become root by exiting out of the user account? >
Is there a reason to leave the parent shell around? How about, instead of "su - - username" "exec su - username". If you are simply running a console as root that should remove any way of getting back to root from username. If you are running X as root, then you have bigger problems. donfede -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8TGDjSeRbV/op2s4RAooKAJ9WWW9snELp6NL+YgbfEbgk/100RgCdHzUd EPpCfFMyeB9L1ePRZk7mlq8= =J/aS -----END PGP SIGNATURE-----