From owner-freebsd-current  Mon Apr 10 10:37:30 1995
Return-Path: current-owner
Received: (from majordom@localhost)
          by freefall.cdrom.com (8.6.10/8.6.6) id KAA13030
          for current-outgoing; Mon, 10 Apr 1995 10:37:30 -0700
Received: from cs.weber.edu (cs.weber.edu [137.190.16.16])
          by freefall.cdrom.com (8.6.10/8.6.6) with SMTP id KAA13024
          ; Mon, 10 Apr 1995 10:37:28 -0700
Received: by cs.weber.edu (4.1/SMI-4.1.1)
	id AA24214; Mon, 10 Apr 95 11:31:02 MDT
From: terry@cs.weber.edu (Terry Lambert)
Message-Id: <9504101731.AA24214@cs.weber.edu>
Subject: Re: should su retain ${DISPLAY}
To: Harlan.Stenn@pfcs.com (Harlan Stenn)
Date: Mon, 10 Apr 95 11:31:02 MDT
Cc: jkh@freefall.cdrom.com, kuku@gilberto.physik.rwth-aachen.de,
        joerg_wunsch@uriah.heep.sax.de, freebsd-current@freefall.cdrom.com
In-Reply-To: <16066.797480012@mumps.pfcs.com> from "Harlan Stenn" at Apr 9, 95 10:13:32 pm
X-Mailer: ELM [version 2.4dev PL52]
Sender: current-owner@FreeBSD.org
Precedence: bulk

> The short version of my comment on DISPLAY and "su -" is that I'd
> usually prefer that it be there for me.  Since I don't get this behavior
> be default, I don't know about any times I'd prefer that it didn't
> happen.

I believe that allowing a root credentialed process to open a window
on an X termintal without going through the authentication protocol
once again (this time with the new credentials) represents a
probable security hole.


					Terry Lambert
					terry@cs.weber.edu
---
Any opinions in this posting are my own and not those of my present
or previous employers.