by redmail.netbsd.org with SMTP; 23 Jan 2000 20:00:18 -0000
	Sun, 23 Jan 2000 21:00:14 +0100 (CET)
Date: Sun, 23 Jan 2000 21:00:14 +0100 (CET)
From: "Martin J. Laubach" <mjl@emsi.priv.at>
Message-Id: <200001232000.VAA02366@cactus.emsi.priv.at>
To: tech-security@netbsd.org
Subject: Re: login.conf integration?
In-Reply-To: <Pine.SOL.3.96.1000123081035.2575A-100000@marcy.nas.nasa.gov>
References: <200001231242.NAA01637@cactus.emsi.priv.at> <Pine.SOL.3.96.1000123081035.2575A-100000@marcy.nas.nasa.gov>

  Peter Seebach just discovered that I accidentially added a piece
of code to our su(1) that wipes out the path and replaces it by the
default settings if one sus to root.

  From the following discussion on current-users:

| >   I can see the rationale in it (not having root depend on
| > other people's path settings (for security reasons)), however it
| > conflicts with the description in the manpage.
| > 
| >   Not sure what TRT is, fix the behaviour or the documentation?

  So what now? I don't really care much which solution we adopt
(a) su squashing the previously set path for the default path
(or what is set in login.conf) as it is now, or (b) reverting
to what we had before, su leaving the path alone.

  Opinions?

	mjl