From owner-freebsd-current  Mon Apr 10 12:04:44 1995
Return-Path: current-owner
Received: (from majordom@localhost)
          by freefall.cdrom.com (8.6.10/8.6.6) id MAA19027
          for current-outgoing; Mon, 10 Apr 1995 12:04:44 -0700
Received: from uustar.starnet.net (root@uustar.starnet.net [128.252.135.2])
          by freefall.cdrom.com (8.6.10/8.6.6) with SMTP id MAA18978
          ; Mon, 10 Apr 1995 12:04:31 -0700
Received: from mumps.pfcs.com by uustar.starnet.net with UUCP id AA18037
  (5.67b/IDA-1.5); Mon, 10 Apr 1995 13:49:54 -0500
Received: from localhost by mumps.pfcs.com with SMTP id AA18549
  (5.65c/IDA-1.4.4); Mon, 10 Apr 1995 14:39:15 -0400
To: terry@cs.weber.edu (Terry Lambert)
Cc: jkh@freefall.cdrom.com, kuku@gilberto.physik.rwth-aachen.de,
        joerg_wunsch@uriah.heep.sax.de, freebsd-current@freefall.cdrom.com
Subject: Re: should su retain ${DISPLAY} 
In-Reply-To: terry@cs.weber.edu's message
	dated Mon, 10 Apr 1995 11:31:02.  <9504101731.AA24214@cs.weber.edu> 
Date: Mon, 10 Apr 1995 14:39:14 -0300
Message-Id: <18547.797539154@mumps.pfcs.com>
From: Harlan Stenn <Harlan.Stenn@pfcs.com>
Sender: current-owner@FreeBSD.org
Precedence: bulk


Me> The short version of my comment on DISPLAY and "su -" is that I'd
Me> usually prefer that it be there for me.  Since I don't get this
Me> behavior be default, I don't know about any times I'd prefer that it
Me> didn't happen.

Terry> I believe that allowing a root credentialed process to open a
Terry> window on an X termintal without going through the authentication
Terry> protocol once again (this time with the new credentials)
Terry> represents a probable security hole.

Maybe I'm being dense.  Anybody can point the DISPLAY variable wherever
they want.  Where is the connection (no pun intended) between passing
the DISPLAY variable and the authentication protocol?

And while I didn't say it originally, If I'm going to "su -" at all, I
usually do it to a non-root user (like when I run backups as the backup
user).

H