[Sussex] ps options

Steve Dobson steve at dobson.org
Sun Oct 30 23:52:11 UTC 2005


Thomas

On Sun, Oct 30, 2005 at 10:45:36AM +0000, Thomas Adam wrote:
> On Sat, Oct 22, 2005 at 10:26:29PM +0100, Steve Dobson wrote:
> 
> [ Slightly belated.  My apologies for this. ]

I accept the apology - although I don't think one was necessary.

> > When `su'ing to root one should always use "su -".  The flag causes the
> 
> Ordinarily, I'd agree.  "su -" to force a login shell is generally a
> "better" solution so that you get the (in this case) root's environment.
> There are perfectly valid reasons, though, when "su -m" is preferred
> over that.
> 
> > su(1) command to throw away the current users profile and replace it
> > with the new users (the default being root).  Of course to be really
> > safe you should use "/bin/su -" to make sure your not using a user
> > hacked version of su(1).
> 
> I find it highly unlikely that one would ever have "." in their path, or
> "su" aliased at the shell, but I suppose you never know.

I agree that it is wrong, but the first site I worked at had "." in the
path as standard.  I did too until someone showed me why that was NOT
the way to do it.

If you're "su"ing from root I still say that you need to ALWAYS need to
use the "-" flag to get a new environment.  If you admin a site and are
"su"ing from an account that is not yours than you are trusting that 
that user isn't trying to hack the system.  Is that an assumption you 
want to make?

I know that MY pleb user accounts on MY systems are not doing this, but
I still use it so I NEVER make that assumption.  Yes, that's right - I
don't even trust myself.  :-)

> > If you're going to be using a graphical program then before using "su -"
> > one needs to first run the command "xhost +".  This allows any user to
> > put a graphical window upon the user's display.  If you don't use "su -"
> > but just "su" then the user's environment is still in place and his
> > graphic authority is being used.
> 
> This is where I really have to disagree.  "xhost +" is the WORST thing
> you can do.  People usually come back and whinge saying "But, buutttt I
> I am the the only user on my system".  So?  So what?  That command has
> effectively left your display wide-open to anyone that might feel the
> need to connect to it.  Even:
> 
> xhost localhost+
> 
> ... isn't much better.  Xhost works by hostname connections, which
> represents a huge security risk -- not matter how "one off" such a
> command might be, it's still bad pratice.  (I'm surprised -- you
> mention security further up, regarding /bin/su, yet don't mention it
> here as a flaw in security.)
> 
> The "correct" way to go about such thing is two-fold:
> 
> 1.  Use a MIT-magic-cookie.  Whenever a user initiates a connection to
> the Xserver, they're given an identity (a hash) that's stored in
> ~/.Xauthority.  Now, running programs as root (in any environment, be it
> console or X11) is always an iffy subject.  But the slightly safer way
> of doing that (and NOT xhost) is:
> 
> su -
> xauth merge ~user_running_X11/.Xauthority
> export DISPLAY=:0.0
> myapp &
> 
> Or...
> 2. I'd probably not do that, and allow it to implicitly happen
> via sudo [1] or use gksu{,do} or somesuch...

You are correct, but I would like to point out that opening your display
is a security risk.  Someone could run an XEvent grabber to capture all
your key strokes.  The xauth merge is by far the better way.

I throw myself before the mercy of the court and ask that they over look
this laps.  I didn't for the sake of keeping the e-mail short.

Steve
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://mailman.lug.org.uk/pipermail/sussex/attachments/20051030/905ca347/attachment.pgp 


More information about the Sussex mailing list