Re: the su - user thread [Potential Debian Security Issue]

To: debian security <debian-security@lists.debian.org>
Subject: Re: the su - user thread [Potential Debian Security Issue]
From: martin f krafft <madduck@madduck.net>
Date: Tue, 22 Jan 2002 11:31:27 +0100
Message-id: <[🔎] 20020122103127.GE22289@fishbowl.madduck.net>
Mail-followup-to: debian security <debian-security@lists.debian.org>
In-reply-to: <[🔎] 1011672705.12002.0.camel@web>
References: <[🔎] 20020121162642.GA5213@fishbowl.madduck.net> <[🔎] 1011672705.12002.0.camel@web>

also sprach Adam Warner <lists@consulting.net.nz> [2002.01.22.0511 +0100]:
> I realise now that I have witnessed this kind of issue before ("In some
> circumstances, it's possible for a non-privileged process to have `root'
> as the login name returned by getlogin.")

okay, and that does it for me. can you try it with exec:

> 1. Log in as root
> 2. exec su - user
     ^^^^
> 3. startx (running KDE, not GNOME)
> 4. Click on the Control Center
> 5. There in the Control Center info box it will state that the user is
> root!

-- 
martin;              (greetings from the heart of the sun.)
  \____ echo mailto: !#^."<*>"|tr "<*> mailto:"; net@madduck
  
as i learn the innermost secrets of the people around me,
they reward me in many ways to keep me quiet.

Attachment: pgp6wZRbeCt6G.pgp
Description: PGP signature

Reply to:

Follow-Ups:
- Re: the su - user thread [Potential Debian Security Issue]
  - From: Adam Warner <lists@consulting.net.nz>

References:
- the su - user thread
  - From: martin f krafft <madduck@madduck.net>
- Re: the su - user thread [Potential Debian Security Issue]
  - From: Adam Warner <lists@consulting.net.nz>

Prev by Date: Re: the su - user thread [Potential Debian Security Issue]
Next by Date: Re: dpkg-buildpackage (-rfakeroot) leaves setuid binaries
Previous by thread: Re: the su - user thread [Potential Debian Security Issue]
Next by thread: Re: the su - user thread [Potential Debian Security Issue]
Index(es):
- Date
- Thread