On Sat, 29 Aug 2015 17:45:01 +0200
Tobias Hunger <tobias.hunger@???> wrote:
> Hi Rainer,
>
> On Sat, Aug 29, 2015 at 3:48 PM, Rainer Weikusat
> <rainerweikusat@???> wrote:
> > If not, then not. But
> > the reason why su is only of limited usefulness is not because the
> > hardcoded policy isn't complicated enough to include
> >
> > $random_thing_someone_called_lennart_also_wants
> >
> > for every conceivable value of the variable but because it has a
> > hardcoded policy at all and the solution is not "implement another,
> > random environment munger more to tastes of ..." but split it apart:
>
> That is exactly what systemd implemented: The uid/gid gets changed and
> then you get exactly the same environment that gets set up for you
> during login. Nothing is merged, no munching of anything is happening
> anymore.
[snip]
>
> So you have to worry about users sneaking in a "muncher" (e.g. by
> manipulating PATH, LD_PRELOAD or whatnot) that will be run with the
> new uid/gid and can attack the user and system to its hearts content.
> Very bad idea. Some things are not as dynamic as they could be for a
> reason.
Regardless of all this theoretical stuff, su works beautifully in some
peoples' use cases. If the Redhats want to make a parallel thing, fine.
But don't contaminate su, and don't fix it so programs that used to
work with su now only work with PoetterPermissions or whatever it's
called.
It's called halloween code for a reason.
SteveT
Steve Litt
August 2015 featured book: Troubleshooting: Just the Facts
http://www.troubleshooters.com/tjust