From owner-freebsd-current Mon Apr 10 12:04:44 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id MAA19027 for current-outgoing; Mon, 10 Apr 1995 12:04:44 -0700 Received: from uustar.starnet.net (root@uustar.starnet.net [128.252.135.2]) by freefall.cdrom.com (8.6.10/8.6.6) with SMTP id MAA18978 ; Mon, 10 Apr 1995 12:04:31 -0700 Received: from mumps.pfcs.com by uustar.starnet.net with UUCP id AA18037 (5.67b/IDA-1.5); Mon, 10 Apr 1995 13:49:54 -0500 Received: from localhost by mumps.pfcs.com with SMTP id AA18549 (5.65c/IDA-1.4.4); Mon, 10 Apr 1995 14:39:15 -0400 To: terry@cs.weber.edu (Terry Lambert) Cc: jkh@freefall.cdrom.com, kuku@gilberto.physik.rwth-aachen.de, joerg_wunsch@uriah.heep.sax.de, freebsd-current@freefall.cdrom.com Subject: Re: should su retain ${DISPLAY} In-Reply-To: terry@cs.weber.edu's message dated Mon, 10 Apr 1995 11:31:02. <9504101731.AA24214@cs.weber.edu> Date: Mon, 10 Apr 1995 14:39:14 -0300 Message-Id: <18547.797539154@mumps.pfcs.com> From: Harlan Stenn Sender: current-owner@FreeBSD.org Precedence: bulk Me> The short version of my comment on DISPLAY and "su -" is that I'd Me> usually prefer that it be there for me. Since I don't get this Me> behavior be default, I don't know about any times I'd prefer that it Me> didn't happen. Terry> I believe that allowing a root credentialed process to open a Terry> window on an X termintal without going through the authentication Terry> protocol once again (this time with the new credentials) Terry> represents a probable security hole. Maybe I'm being dense. Anybody can point the DISPLAY variable wherever they want. Where is the connection (no pun intended) between passing the DISPLAY variable and the authentication protocol? And while I didn't say it originally, If I'm going to "su -" at all, I usually do it to a non-root user (like when I run backups as the backup user). H