On Mon, Jan 31, 2005 at 01:39:45PM +1300, Volker Kuhlmann wrote:
> Some distros have the functionality of sux built into su, eg Redhat and
> as Yuri says Mandrake. This is a bad idea for security as in effect this
> transfers security to the target user by granting unlimited access to
> the X server. I find it much better to have to explicitly request that
> my X server is handed over to the new user. Compare ssh -x being
> default.
for ssh that default is configurable.
and i don't really see the problem for su. it should only give access to
the shell that is started from su. which would be run by the user who
is sitting in front of the X server anyways. so whoever is running su
already HAS unlimited access to the X server.
i see no security implication here.
the implications are rather convenience vs safety.
transfering X access is convenient, not transfering it may be safer in
terms of not being able to mess things up.
greetings, martin.
--
offering experience: sTeam, caudium, pike, roxen and unix sysadmin
doing: programming, training and administration. anywhere in the world
--
pike programmer travelling and working in europe open-steam.org
unix system- bahai.or.at iaeste.(tuwien.ac|or).at
administrator (stuts|black.linux-m68k).org is.schon.org
Martin B�hr http://www.iaeste.or.at/~mbaehr/
