L> From: LeVA <[EMAIL PROTECTED]>
L> Date: Fri, 28 Jul 2006 15:58:04 +0200
L> What is the difference (I mean in the "real world") between running `su`
L> (getting a non-login shell) and `su -` (getting a login shell). Is
L> there a security related problem with any of the invokings above? AFAIK
L> the real and effective uids are always set to 0 after both commands.
There are several cases when su is preferable to su -.
If there are some additional directories in your $PATH, which you
might want to access as a normal user AND as a root, su would be
better.
Also, if there are several admins on your machine, each might have her
own customized aliases, commands, etc. The common root environment of
'su -' would be less convenient for them that the keeping of the
users' own customization.
One of the most important implication for our setup here is the
follwing. We have a rule that after each root login the admin makes
an entry in the system ChangeLog file. If I do this from emacs, and
hit C-x 4 a, the following entry appears when I use su:
2006-07-28 Boris Veytsman <[EMAIL PROTECTED]>
*
When I use 'su -', the entry is marked as done by root, which is less
convenient in a multi-admin situation.
Of course, if my user account is compromised, 'su -' IS more secure.
BUT if it happens, basically all bets are lost anyway: the attacker
could trick me to execute his own specially crafted version of su,
start a keylogger, steal my private keys, etc.
Therefore I think su makes slightly more sense with respect to
auditing, logging and convenience than su -.
--
Good luck
-Boris
The rule on staying alive as a forecaster is to give 'em a number or
give 'em a date, but never give 'em both at once.
-- Jane Bryant Quinn
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
