2006. July 28. 16:04, Michael Marsh: > On 7/28/06, LeVA <[EMAIL PROTECTED]> wrote: > > Here comes a lame question yes I know, but I need to hear the > > experiences and opinions about this. > > I've read thru a number of documents which described the > > differences between the real and effective user ids and I am now > > just wondering about this: > > > > What is the difference (I mean in the "real world") between running > > `su` (getting a non-login shell) and `su -` (getting a login > > shell). Is there a security related problem with any of the > > invokings above? AFAIK the real and effective uids are always set > > to 0 after both commands. > > > >From the info pages for su: > > ------- [ info su ]-------- > `-' > `-l' > `--login' > Make the shell a login shell. This means the following. Unset > all environment variables except `TERM', `HOME', and `SHELL' (which > are set as described above), and `USER' and `LOGNAME' (which are set, > even for the super-user, as described above), and set `PATH' to a > compiled-in default value. Change to USER's home directory. Prepend > `-' to the shell's name, intended to make it read its login startup > file(s). > ------------------------ > > What this means is that if you just run "su", you'll be left with the > environment of the user from whose account you entered root's. In > particular, $PATH, $LD_PRELOAD, and $LD_LIBRARY_PATH won't be unset. > If the user is malicious, he can get you to run different programs > than you thought you were running. That includes dynamically linking > in (for example) a trojaned version of libc. It's precisely because > your euid becomes 0 that this is a problem, since the malicious user > can set up a root-privileged back door. > So running su with the '-' option is safer then running without it?
Daniel -- LeVA -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]