From owner-freebsd-current Mon Apr 10 10:35:46 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id KAA12995 for current-outgoing; Mon, 10 Apr 1995 10:35:46 -0700 Received: from cs.weber.edu (cs.weber.edu [137.190.16.16]) by freefall.cdrom.com (8.6.10/8.6.6) with SMTP id KAA12989 for ; Mon, 10 Apr 1995 10:35:44 -0700 Received: by cs.weber.edu (4.1/SMI-4.1.1) id AA24173; Mon, 10 Apr 95 11:28:15 MDT From: terry@cs.weber.edu (Terry Lambert) Message-Id: <9504101728.AA24173@cs.weber.edu> Subject: Re: should su retain ${DISPLAY} To: joerg_wunsch@uriah.heep.sax.de Date: Mon, 10 Apr 95 11:28:15 MDT Cc: freebsd-current@FreeBSD.org In-Reply-To: <199504090719.JAA05076@uriah.heep.sax.de> from "J Wunsch" at Apr 9, 95 09:19:32 am X-Mailer: ELM [version 2.4dev PL52] Sender: current-owner@FreeBSD.org Precedence: bulk [ ... what su should do ... ] > > It is therefore arguable that not preserving DISPLAY in these cases > > is, in fact, the right thing to do. > > Yes and no. (That's why i've been asking it to -hackers.) It does > already preserve TERM. So it's also arguable that DISPLAY is in the > same boat as TERM in a windowing environment and should be retained. The TERM variable designates an output device. The DISPLAY variable designates a resource. The distinction is vague unless you are using xauth or some other display access control mechanism which would allow the user access but not allow root access, even if the root credentials instance derived from an su by an authenticated non-root host/credential set. Becoming root in such a case results in losing access to the resource, unless you are prepared to hack .Xauthority, etc. in the su program. Terry Lambert terry@cs.weber.edu --- Any opinions in this posting are my own and not those of my present or previous employers.