:: Re: [DNG] The show goes on: “su” c…
Inizio della pagina
Delete this message
Reply to this message
Autore: Rainer Weikusat
Data:  
To: dng
Oggetto: Re: [DNG] The show goes on: “su” command replacement merged into systemd on Fedora Rawhide
Matteo Panella <m.panella@???> writes:
> On 28/08/2015 17:32, Laurent Bercot wrote:
>> On 28/08/2015 17:00, Michael Bütow wrote:
>>> https://tlhp.cf/lennart-poettering-su/
>>
>> The thing is, he's not entirely wrong: su *is*, really, a
>> broken concept.
>
> On a desktop system with current constraints (XDG env vars, X11
> sockets...) I'd agree, but that's hardly su's fault.
>
> On a server, tough, it just does its job nicely (unless you need strict
> audit of root-level actions, in which case sudo with a MAC system should
> be your starting point).


'su' is a somewhat generic setuid-0 program: It changes the uid and the
gids associated with itself to the ones for a certain user and then
executes a shell. In addition to that, it contains another "random
environment munger" with features someone happend to consider useful for
the su use cases he envisioned. If this happens to be what enables
someone else to achieve something he wanted to achieve, 'su' can
obviously be used for that. If not, then not. But the reason why su is
only of limited usefulness is not because the hardcoded policy isn't
complicated enough to include

$random_thing_someone_called_lennart_also_wants

for every conceivable value of the variable but because it has a
hardcoded policy at all and the solution is not "implement another,
random environment munger more to tastes of ..." but split it apart:
Have a program which changes uids and gids and executes another
program. Another program for the become root via setuid and execute
... part. And a third program (or any number of such programs) to
perform other modifications of the execution environment.