This is heartbreaking rather than a show. Replace everything that used
to work reliably for so many years with what clueless beginners want!
The plague has come, but not in the form of a deadly bacterium, but in
the new trend of, "sacrificing function for fashion".
On 29/08/2015, Rainer Weikusat <rainerweikusat@???> wrote:
> Matteo Panella <m.panella@???> writes:
>> On 28/08/2015 17:32, Laurent Bercot wrote:
>>> On 28/08/2015 17:00, Michael Bütow wrote:
>>>> https://tlhp.cf/lennart-poettering-su/
>>>
>>> The thing is, he's not entirely wrong: su *is*, really, a
>>> broken concept.
>>
>> On a desktop system with current constraints (XDG env vars, X11
>> sockets...) I'd agree, but that's hardly su's fault.
>>
>> On a server, tough, it just does its job nicely (unless you need strict
>> audit of root-level actions, in which case sudo with a MAC system should
>> be your starting point).
>
> 'su' is a somewhat generic setuid-0 program: It changes the uid and the
> gids associated with itself to the ones for a certain user and then
> executes a shell. In addition to that, it contains another "random
> environment munger" with features someone happend to consider useful for
> the su use cases he envisioned. If this happens to be what enables
> someone else to achieve something he wanted to achieve, 'su' can
> obviously be used for that. If not, then not. But the reason why su is
> only of limited usefulness is not because the hardcoded policy isn't
> complicated enough to include
>
> $random_thing_someone_called_lennart_also_wants
>
> for every conceivable value of the variable but because it has a
> hardcoded policy at all and the solution is not "implement another,
> random environment munger more to tastes of ..." but split it apart:
> Have a program which changes uids and gids and executes another
> program. Another program for the become root via setuid and execute
> ... part. And a third program (or any number of such programs) to
> perform other modifications of the execution environment.
> _______________________________________________
> Dng mailing list
> Dng@???
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
>