On Sun, 2002-06-02 at 02:25, Borsenkow Andrej wrote: > > It is not an issue because bash ignores inherited IFS. And I actually > fail to see how you can do su from malicious terminal unless you _are_ > the malicious person ... in which case if you can do su you can do > everything.
Scenario: systems administrator comes over to user's terminal, runs /bin/su or sudo, and runs an init script. But the user has set up his environment for just such an eventuality... As I said, it's a very minor security issue. > P.S. Could you in future use unified diff please? It is much easier to > review. Oops, sorry, will do. Liam -- Liam Quin - XML Activity Lead, W3C, http://www.w3.org/People/Quin/ Ankh: irc.sorcery.net www.valinor.sorcery.net irc.gnome.org www.advogato.org Author, Open Source XML Database Toolkit, Wiley August 2000 Co-author: The XML Specification Guide, Wiley 1999; Mastering XML, Sybex 2001
