From owner-freebsd-current Mon Apr 10 14:12:48 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id OAA04046 for current-outgoing; Mon, 10 Apr 1995 14:12:48 -0700 Received: from cs.weber.edu (cs.weber.edu [137.190.16.16]) by freefall.cdrom.com (8.6.10/8.6.6) with SMTP id OAA04025 ; Mon, 10 Apr 1995 14:12:41 -0700 Received: by cs.weber.edu (4.1/SMI-4.1.1) id AA25231; Mon, 10 Apr 95 14:41:24 MDT From: terry@cs.weber.edu (Terry Lambert) Message-Id: <9504102041.AA25231@cs.weber.edu> Subject: Re: should su retain ${DISPLAY} To: Harlan.Stenn@pfcs.com (Harlan Stenn) Date: Mon, 10 Apr 95 14:41:24 MDT Cc: jkh@freefall.cdrom.com, kuku@gilberto.physik.rwth-aachen.de, joerg_wunsch@uriah.heep.sax.de, freebsd-current@freefall.cdrom.com In-Reply-To: <18547.797539154@mumps.pfcs.com> from "Harlan Stenn" at Apr 10, 95 02:39:14 pm X-Mailer: ELM [version 2.4dev PL52] Sender: current-owner@FreeBSD.org Precedence: bulk > Terry> I believe that allowing a root credentialed process to open a > Terry> window on an X termintal without going through the authentication > Terry> protocol once again (this time with the new credentials) > Terry> represents a probable security hole. > > Maybe I'm being dense. Anybody can point the DISPLAY variable wherever > they want. Where is the connection (no pun intended) between passing > the DISPLAY variable and the authentication protocol? None. And that's the point. In the case where it still won't work, there's no reason to set it to the invalid value. In the case that it will work, the value shouldn't be set for security reasons. There never a case where it should be set and will work. Terry Lambert terry@cs.weber.edu --- Any opinions in this posting are my own and not those of my present or previous employers.