Thus spake Greg A. Woods ("GAW> ") sometime Today...

GAW> If anything there should be a proposal to simplify 'su' so that it does
GAW> by default what is safe, and perhaps doesn't even allow anything less
GAW> safe to be done at all.  (and while we're at it '-f' is rather bogus
GAW> too)

Oh, please, please! do not modify su from its current behaviour; -f is
sorta bogus, fine, get rid of it.  But our 'su' is one that does things
right:  It will set $HOME properly so that you get the .cshrc of the
person you are becoming, instead of using the $HOME of the person you
are su-ing _from_.  This is crucial!

[The -f is, I believe, a hack from when the only shell anyone really
used (on BSD systems) was csh, and it attempted to pass the -f on as
a flag.  That implementation was less than elegant.

The Other OS uses '-f' for 'full login', something BSD used a simple
'-' for.   I'd hate to see 'su -' become dishonoured as well.

An exception to '-f' would be that if you type "su -f", it should
be honoured as "su root -f", seeing as su with no arguments implies
"su root". ]


GAW> Meanwhile your particular threat example is still the least of your
GAW> worries if you face this kind of risk....

I would agree with this.

				--*greywolf;
--
NetBSD: The choice of hundreds worldwide.