Hello,
On Wed, 08 Aug 2018, Andreas Henriksson wrote:
> Please do feel free to write something up and send it as a merge
> request! Your contribution will be very appreciated! I'll offer to
> review them once I find time for it.
I am attaching patches for "News.Debian" and "su.1".
In my opinion this should be adequate documentation of the changes.
Regards,
Kapil.
--
--- NEWS.Debian.orig 2018-08-09 08:46:41.536831490 +0530
+++ NEWS.Debian 2018-08-09 08:49:59.515824839 +0530
@@ -11,7 +11,8 @@
even in 'preserve environment' mode.
- su '' (empty user string) used to give root, but now returns an error.
- previously su only had one pam config, but now 'su -' is configured
-separately in /etc/pam.d/su-l
+separately in /etc/pam.d/su-l. This file additionally invokes
+'pam_keyinit' to revoke the session keyring.
The first difference is probably the most user visible one. Doing
plain 'su' is a really bad idea for many reasons, so using 'su -' is
--- su.1.orig 2018-08-09 08:47:43.991829392 +0530
+++ su.1 2018-08-09 08:54:31.889815688 +0530
@@ -81,6 +81,11 @@
.B TERM
.TP
o
+revokes the session keyring using the
+.BR pam_keyinit (8)
+module.
+.TP
+o
initializes the environment variables
.BR HOME ,
.BR SHELL ,