2014-12-18 13:19 GMT+01:00 Simon McVittie <simon.mcvit...@collabora.co.uk>: > On 18/12/14 08:05, Andrei Borzenkov wrote: >> Any initscript that is using "su -" would [cause badness] > > Don't do that then? Init scripts are fairly clearly not login sessions. > Which init scripts do that? > > In Debian, our init scripts would typically use "start-stop-daemon > --chuid whateveruser --start whateverd" instead of su. Does your > distribution have an equivalent? > > I'm gradually forming the opinion that su should be considered > deprecated for both its roles (interactive privilege > escalation/privilege-dropping for one-off commands or interactive > shells, and automated uid swapping), because it doesn't do either of > them particularly well; in particular, it doesn't sanitize environment > variables by default (you have to remember the "-" which has other > side-effects), and the need for the command to be a shell command-line > rather than an argument vector makes it hard to use securely.
I remember that util-linux added a "runuser" utility [1] which is supposed to be more suitable to run processes under certain gid/uids from within scripts. [1] http://linux.die.net/man/1/runuser -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel