2006. July 28. 16:04, Michael Marsh: > On 7/28/06, LeVA <[EMAIL PROTECTED]> wrote: > > Here comes a lame question yes I know, but I need to hear the > > experiences and opinions about this. > > I've read thru a number of documents which described the > > differences between the real and effective user ids and I am now > > just wondering about this: > > > > What is the difference (I mean in the "real world") between running > > `su` (getting a non-login shell) and `su -` (getting a login > > shell). Is there a security related problem with any of the > > invokings above? AFAIK the real and effective uids are always set > > to 0 after both commands. [snip] > What this means is that if you just run "su", you'll be left with the > environment of the user from whose account you entered root's. In > particular, $PATH, $LD_PRELOAD, and $LD_LIBRARY_PATH won't be unset. > If the user is malicious, he can get you to run different programs > than you thought you were running. That includes dynamically linking > in (for example) a trojaned version of libc. It's precisely because > your euid becomes 0 that this is a problem, since the malicious user > can set up a root-privileged back door.
And can you tell me why the $USER and the $LOGNAME variables gets resetted by su, no matter if I've invoked it with or without the '-' option? Under OpenBSD (yes, yes I know this is not a obsd list :) if the target uid is 0, then su (without the '-') doesn't change the USER nor the LOGNAME variables. Is this a minor thing and I'm just facing two coders who were not thinking the same when creating two different type of su programs; or those are the same su programs and there is some deeper evil lying behind those variables? Daniel -- LeVA -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]