From owner-freebsd-current Mon Apr 10 10:37:30 1995 Return-Path: current-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id KAA13030 for current-outgoing; Mon, 10 Apr 1995 10:37:30 -0700 Received: from cs.weber.edu (cs.weber.edu [137.190.16.16]) by freefall.cdrom.com (8.6.10/8.6.6) with SMTP id KAA13024 ; Mon, 10 Apr 1995 10:37:28 -0700 Received: by cs.weber.edu (4.1/SMI-4.1.1) id AA24214; Mon, 10 Apr 95 11:31:02 MDT From: terry@cs.weber.edu (Terry Lambert) Message-Id: <9504101731.AA24214@cs.weber.edu> Subject: Re: should su retain ${DISPLAY} To: Harlan.Stenn@pfcs.com (Harlan Stenn) Date: Mon, 10 Apr 95 11:31:02 MDT Cc: jkh@freefall.cdrom.com, kuku@gilberto.physik.rwth-aachen.de, joerg_wunsch@uriah.heep.sax.de, freebsd-current@freefall.cdrom.com In-Reply-To: <16066.797480012@mumps.pfcs.com> from "Harlan Stenn" at Apr 9, 95 10:13:32 pm X-Mailer: ELM [version 2.4dev PL52] Sender: current-owner@FreeBSD.org Precedence: bulk > The short version of my comment on DISPLAY and "su -" is that I'd > usually prefer that it be there for me. Since I don't get this behavior > be default, I don't know about any times I'd prefer that it didn't > happen. I believe that allowing a root credentialed process to open a window on an X termintal without going through the authentication protocol once again (this time with the new credentials) represents a probable security hole. Terry Lambert terry@cs.weber.edu --- Any opinions in this posting are my own and not those of my present or previous employers.