Subject: Re: su -d ?
To: David Laight <firstname.lastname@example.org>
From: Greg A. Woods <email@example.com>
Date: 04/27/2003 19:38:05
[ On Sunday, April 27, 2003 at 21:21:02 (+0100), David Laight wrote: ]
> Subject: Re: su -d ?
> You need to RTFM.....
> 'su - root' (and 'su -l root') are safe, it is 'su root' that
> is dangerous.
No, I think you need to RTFM, but not just the fine su(8) manual. :-)
"su -l root" is indeed safe -- so safe that it does not do what you want
it to do. However "env -i su root" will also be just as safe _and_ it
will do what you want it to do.
Either way "-d" is unnecessary and a complication that could only help
so-called experts who aren't using the tools already at their disposal.
This whole "-d" idea is bogus and backwards.
If anything there should be a proposal to simplify 'su' so that it does
by default what is safe, and perhaps doesn't even allow anything less
safe to be done at all. (and while we're at it '-f' is rather bogus
Meanwhile your particular threat example is still the least of your
worries if you face this kind of risk....
> On Sun, Apr 27, 2003 at 04:14:51PM -0400, Greg A. Woods wrote:
> > [ On Sunday, April 27, 2003 at 20:08:18 (+0100), David Laight wrote: ]
> > > Subject: Re: su -d ?
> > >
> > > I was actually thinking of the case where you need to su to root,
> > > but are deep within a directory hierachy and don't want to change
> > > the current directory.
> > Then don't use '-l'
> > > Using 'su root' is dangerous because it keeps all the baggage of the
> > > existing user - if ENV is set it will run that script as root (which
> > > is almost certainly not what you had in mind, never mind problems with
> > > some malicious user typing export ENV=xxx while you aren't looking).
> > Then use 'env -i su root'
> > (and don't _EVER_ allow anyone to type to your session if you are
> > privileged enough to 'su root' whether you're looking or not -- "export
> > ENV=xxx" is the very least of your worries!!!!)
Greg A. Woods
+1 416 218-0098; <firstname.lastname@example.org>; <email@example.com>
Planix, Inc. <firstname.lastname@example.org>; VE3TCP; Secrets of the Weird <email@example.com>