On Mon, 31 Jan 2005 01:56:03 +0100, Martin B�hr wrote: > On Mon, Jan 31, 2005 at 01:39:45PM +1300, Volker Kuhlmann wrote: > > Some distros have the functionality of sux built into su, eg Redhat and > > as Yuri says Mandrake. This is a bad idea for security as in effect this > > transfers security to the target user by granting unlimited access to > > the X server. I find it much better to have to explicitly request that > > my X server is handed over to the new user. Compare ssh -x being > > default. > > for ssh that default is configurable. > and i don't really see the problem for su. it should only give access to > the shell that is started from su. which would be run by the user who > is sitting in front of the X server anyways. so whoever is running su > already HAS unlimited access to the X server. > > i see no security implication here. > the implications are rather convenience vs safety. > transfering X access is convenient, not transfering it may be safer in > terms of not being able to mess things up.
If you trust the members of your household, having lax security for convenience on the home side of the firewall, but with a darn good firewall between the LAN and the internet is an okay solution - even if it makes the �ber-sekurity-konscious type cringe. The office is a different matter altogether. Yuri -- ** WARNING to mailing list repliers ** Gmail over-rides "Reply-To:" field. Check your "To:" address before sending reply to this post.
