]] Lennart Poettering > Well, that's quite arbitrary. What about dbus, X11, and so on, do you > plan to turn that off for the new session too?
Yes, please. In the following, I'm talking about «su -» not plain «su», which I think should go away since the semantics are woolen. > su is a hack, it is not clear what credentials it changes and which ones > it doesn't. It's entirely random what people think su should do, and > it's a security nightmare, as nobody knows the environment programs run > in anymore, there's no chance to get this done correctly. I don't see it as any more arbitrary than login or ssh. (ssh can transfer a bunch of credentials just fine, think Kerberos GSSAPI delegation or agent forwarding.) That we're not tracking loginuid across the network is just a limitation of the tools, there's nothing inherent which says that we should stop at a host boundary. Older, weaker protocols exist for tracking that, such as ident. > Quit frankly, I am pretty sure the best approach is to simply prohibit > running graphical applications from su sessions, it's never going to > work. Letting other user access some (but not all) of a private user's > bits and pieces is never going to work if those bits and pieces are > nowadays a mix of dconf, X11, PA, dbus, security creds, keyrings, yadda > yada... If you want to run graphical applications through su, you need to do xhost +SI:localuser:$newuser and set DISPLAY correctly. That's fine, and I think requiring people to do so is fine. > > Until then I recommend applying this patch (or something equivalent) > > which at least stops destroying existing runtime dirs and makes it > > compliant to the spec [4]. With that, things like pulse, dconf, or > > dbus will still need to keep their internal fallback if there is no > > runtime dir, but that's a less pressing matter. > > So, what's the intention here? That XDG_RUNTIME_DIR is entirely unset > after "su"? That sounds kinda acceptable to me. Either unset or set to the new user's XDG_RUNTIME_DIR. The main point is «it should not be wrong» (which it is today). If we can make it point somewhere sensible that's a bonus, but not required. -- Tollef Fog Heen UNIX is user friendly, it's just picky about who its friends are _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
