On Mon, Jan 31, 2011 at 10:16 PM, Mike Frysinger <vap...@gentoo.org> wrote: > suing to root and claiming security issues makes no sense. think > about it for all of three seconds.
I have. If you do "su -" instead of "su" you expect that to isolate you from (for instance) hostile clients on the same X session. I realize there are ways a determined attacker can get past anything su can do (by attacking the unprivileged terminal you're typing at, for instance), but that's not an excuse for su not even *trying*. > as for the env vars you quoted, try reading the man page yet again: > If --login is used, the $TERM, $COLORTERM, $DISPLAY, and > $XAUTHORITY environment variables are copied if they were set. That it is documented does not make it not a bug. zw -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
