Subject: Re: su -d ?
To: David Laight <david@l8s.co.uk>
From: Greywolf <greywolf@starwolf.com>
List: tech-userlevel
Date: 04/27/2003 13:45:36
Thus spake David Laight ("DL> ") sometime Today...

DL> You need to RTFM.....

This is rude.  Shall I say "You need to UTFC"?

DL> 'su - root' (and 'su -l root') are safe, it is 'su root' that
DL> is dangerous.

Poppycock.  If you have root set up to use a shell that has not
been properly hardened, you're begging for trouble.

csh, as distasteful as it is for some, properly handles this.
tcsh, likewise.
bash, hackish as it is written, handles this, although I'm not quite sure
how.
ksh is the only shell that fails this test.

I have no problems using "su root".

"Just because we can prevent people from doing stupid things
doesn't mean we should," and I don't think we should.  If the
semantics by which 'su' operates were to change, I, for one,
would find it greatly disturbing.  It would completely violate
the PoLS.

				--*greywolf;
--
NetBSD, stupid.