[NTLUG:Discuss] Re: SuSE 9 or 9.1 PATH environment changes after su -- is it only for root?

Mon Sep 13 13:46:07 CDT 2004

Bryan J. Smith wrote:
...

> 
> I was just on Solaris 9 Friday, so did they change it in Solaris 10.

Actually much earlier.  SUPATH has been a part of Solaris for a while
if not from day one.

...
> For people that are ignorant of what "-" does, yes.  I do now see it
> that way.  But it kinda erks me that because people don't learn how to
> use commands proper, there are now _new_ issues with compatibility.

Same argument could be made for favoring K&R C over ANSI C.

> 
> So my question is, how do I get the _default_ behavior back?  According
> to Steve's tests, the paths _always_ change.  How do I preserve the
> paths?

sudo can get around it.... arguably opening up similar loopholes.
Depends on how your sudoers file ends up.

> 
> Furthermore, it is _always_ launching a new shell?  Or just modifying
> the paths?  And is this _only_ for root?

Mainly a security problem for root... certainly nothing wrong
with extending it to apply to any user of course.  But mainly a
root thing.

> 
> 
>>For example: ...
> 
> 
> Oh, the second you said it was a security issue, I understood 100% of
> what you mean.  I actually understand your point completely.

Example was for anyone that was curious.

> 
> My complaint is that it is a security issue because people are ignorant
> of the parameters involved.  Which breaks compatibility for those of us
> who "know what we are doing."

Yes... always the case.  The security vs. capability problem.  No
good answer... one shoe can't fit all.  Security almost always
impedes.

> 
>>From Steve's post, it does _not_ look like it's consistent either.
>   su results in a basic root PATH
>   su - results in a root _plus_ user (which? default?) PATH

su results in a safety PATH.
su - results in the login PATH that root has setup for it.

Often times an "su" is used to execute a command (like in my
example).  Perhaps a future enhancement to su would make
command-less "su" default to "su -".  Not sure of the
implications of that though.

> 
> There can still be security issues with "-" setup.  If they wanted
> "true" security, they I now argue they should default su - to be
> _exactly_ what su is -- and _not_ introduce user paths at all!

I prefer the wheel-like solutions in general.  Disallowing users
from using su at all.  But that's if you are REALLY security conscious.

I guess the idea is that "su -" is just as 'safe' as a real root
login.  Something best left restricted to the primary (hopefully physically
secured) console anyhow.

Don't get me wrong,  Certainly my workstation allows me to root-in any
number of ways.  So my workstation doesn't matter so much... but with
machines that matter much, I'd go with something far more secure.