From owner-freebsd-current  Mon Apr 10 14:12:48 1995
Return-Path: current-owner
Received: (from majordom@localhost)
          by freefall.cdrom.com (8.6.10/8.6.6) id OAA04046
          for current-outgoing; Mon, 10 Apr 1995 14:12:48 -0700
Received: from cs.weber.edu (cs.weber.edu [137.190.16.16])
          by freefall.cdrom.com (8.6.10/8.6.6) with SMTP id OAA04025
          ; Mon, 10 Apr 1995 14:12:41 -0700
Received: by cs.weber.edu (4.1/SMI-4.1.1)
	id AA25231; Mon, 10 Apr 95 14:41:24 MDT
From: terry@cs.weber.edu (Terry Lambert)
Message-Id: <9504102041.AA25231@cs.weber.edu>
Subject: Re: should su retain ${DISPLAY}
To: Harlan.Stenn@pfcs.com (Harlan Stenn)
Date: Mon, 10 Apr 95 14:41:24 MDT
Cc: jkh@freefall.cdrom.com, kuku@gilberto.physik.rwth-aachen.de,
        joerg_wunsch@uriah.heep.sax.de, freebsd-current@freefall.cdrom.com
In-Reply-To: <18547.797539154@mumps.pfcs.com> from "Harlan Stenn" at Apr 10, 95 02:39:14 pm
X-Mailer: ELM [version 2.4dev PL52]
Sender: current-owner@FreeBSD.org
Precedence: bulk

> Terry> I believe that allowing a root credentialed process to open a
> Terry> window on an X termintal without going through the authentication
> Terry> protocol once again (this time with the new credentials)
> Terry> represents a probable security hole.
> 
> Maybe I'm being dense.  Anybody can point the DISPLAY variable wherever
> they want.  Where is the connection (no pun intended) between passing
> the DISPLAY variable and the authentication protocol?

None.  And that's the point.

In the case where it still won't work, there's no reason to set it to
the invalid value.

In the case that it will work, the value shouldn't be set for security
reasons.

There never a case where it should be set and will work.


					Terry Lambert
					terry@cs.weber.edu
---
Any opinions in this posting are my own and not those of my present
or previous employers.