Attachment #28021 for bug #57238

View | Details | Raw Unified | Return to bug 57238
Collapse All | Expand All




unless the user running @command{su} is not the superuser and @var{user}'s
shell is restricted (see @option{-m} just above).

@item -X
@itemx --enable-x
@opindex -X
@opindex --enable-x
Preserve the X Windows environment settings.  (@env{DISPLAY} and
@env{XAUTHORITY}) Depending on the system configuration, this may allow
the new user to contact the running X session. [Enabled by
default]

@item -x
@itemx --disable-x
@opindex -x
@opindex --disable-x
Remove the X Windows environment settings.  (@env{DISPLAY} and
@env{XAUTHORITY}) This stops the new user from contacting the X server
and may be more secure.

@end table

@cindex exit status of @command{su}

Lines 65-70 Link Here

(-)coreutils-5.2.1/src/su.c (-2 / +44 lines)
65	-s, --shell=shell Run SHELL instead of USER's shell from /etc/passwd	65	-s, --shell=shell Run SHELL instead of USER's shell from /etc/passwd
66	unless not the superuser and USER's shell is	66	unless not the superuser and USER's shell is
67	restricted.	67	restricted.
		68	-x, --disable-x Removes the DISPLAY environment variable, useful when
		69	changing to a user you don't trust completely.
		70	-X, --enable-x Preserves the DISPLAY environment variable which may
		71	allow the new user to start X applications. [DEFAULT]
68		72
69	Compile-time options:	73	Compile-time options:
70	-DSYSLOG_SUCCESS Log successful su's (by default, to root) with syslog.	74	-DSYSLOG_SUCCESS Log successful su's (by default, to root) with syslog.
Lines 173-178 Link Here
173	/* If nonzero, simulate a login instead of just starting a shell. */	177	/* If nonzero, simulate a login instead of just starting a shell. */
174	static int simulate_login;	178	static int simulate_login;
175		179
		180	/* If nonzero, remove the DISPLAY environment variable */
		181	static int remove_display;
		182
176	/* If nonzero, change some environment vars to indicate the user su'd to. */	183	/* If nonzero, change some environment vars to indicate the user su'd to. */
177	static int change_environment;	184	static int change_environment;
178		185
Lines 183-188 Link Here
183	{"login", no_argument, NULL, 'l'},	190	{"login", no_argument, NULL, 'l'},
184	{"preserve-environment", no_argument, &change_environment, 0},	191	{"preserve-environment", no_argument, &change_environment, 0},
185	{"shell", required_argument, 0, 's'},	192	{"shell", required_argument, 0, 's'},
		193	{"disable-x", no_argument, NULL, 'x'},
		194	{"enable-x", no_argument, NULL, 'X'},
186	{GETOPT_HELP_OPTION_DECL},	195	{GETOPT_HELP_OPTION_DECL},
187	{GETOPT_VERSION_OPTION_DECL},	196	{GETOPT_VERSION_OPTION_DECL},
188	{0, 0, 0, 0}	197	{0, 0, 0, 0}
Lines 532-537 Link Here
532	#endif /* !USE_PAM */	541	#endif /* !USE_PAM */
533	}	542	}
534		543
		544	/* Check to see if the DISPLAY environment variable needs to be
		545	cleared */
		546	static void
		547	modify_display ()
		548	{
		549	if (remove_display)
		550	unsetenv ("DISPLAY");
		551	}
		552
535	/* Update `environ' for the new shell based on PW, with SHELL being	553	/* Update `environ' for the new shell based on PW, with SHELL being
536	the value for the SHELL environment variable. */	554	the value for the SHELL environment variable. */
537		555
Lines 539-544 Link Here
539	modify_environment (const struct passwd pw, const char shell)	557	modify_environment (const struct passwd pw, const char shell)
540	{	558	{
541	char *term;	559	char *term;
		560	char *display;
		561	char *xauthority;
542		562
543	#ifdef USE_PAM	563	#ifdef USE_PAM
544	/* Export env variables declared by PAM modules */	564	/* Export env variables declared by PAM modules */
Lines 556-568 Link Here
556		576
557	if (simulate_login)	577	if (simulate_login)
558	{	578	{
559	/* Leave TERM unchanged. Set HOME, SHELL, USER, LOGNAME, PATH.	579	/* Leave TERM, DISPLAY, XAUTHORITY unchanged. Set HOME, SHELL, USER, LOGNAME, PATH.
560	Unset all other environment variables. */	580	Unset all other environment variables. */
561	term = getenv ("TERM");	581	term = getenv ("TERM");
		582	display = getenv ("DISPLAY");
		583	xauthority = getenv ("XAUTHORITY");
562	environ = xmalloc (2 * sizeof (char *));	584	environ = xmalloc (2 * sizeof (char *));
563	environ[0] = 0;	585	environ[0] = 0;
564	if (term)	586	if (term)
565	xputenv (concat ("TERM", "=", term));	587	xputenv (concat ("TERM", "=", term));
		588	if (display)
		589	xputenv (concat ("DISPLAY", "=", display));
		590	if (xauthority)
		591	xputenv (concat ("XAUTHORITY", "=", xauthority));
566	xputenv (concat ("HOME", "=", pw->pw_dir));	592	xputenv (concat ("HOME", "=", pw->pw_dir));
567	xputenv (concat ("SHELL", "=", shell));	593	xputenv (concat ("SHELL", "=", shell));
568	xputenv (concat ("USER", "=", pw->pw_name));	594	xputenv (concat ("USER", "=", pw->pw_name));
Lines 805-810 Link Here
805	-m, --preserve-environment do not reset environment variables\n\	831	-m, --preserve-environment do not reset environment variables\n\
806	-p same as -m\n\	832	-p same as -m\n\
807	-s, --shell=SHELL run SHELL if /etc/shells allows it\n\	833	-s, --shell=SHELL run SHELL if /etc/shells allows it\n\
		834	-x, --disable-x remove the DISPLAY environment variable\n\
		835	-X, --enable-x keep the DISPLAY environment variable [DEFAULT]\n\
808	"), stdout);	836	"), stdout);
809	fputs (HELP_OPTION_DESCRIPTION, stdout);	837	fputs (HELP_OPTION_DESCRIPTION, stdout);
810	fputs (VERSION_OPTION_DESCRIPTION, stdout);	838	fputs (VERSION_OPTION_DESCRIPTION, stdout);
Lines 840-847 Link Here
840	fast_startup = 0;	868	fast_startup = 0;
841	simulate_login = 0;	869	simulate_login = 0;
842	change_environment = 1;	870	change_environment = 1;
		871	remove_display = 0;
843		872
844	while ((optc = getopt_long (argc, argv, "c:flmps:", longopts, NULL)) != -1)	873	while ((optc = getopt_long (argc, argv, "c:flmps:xX", longopts, NULL)) != -1)
845	{	874	{
846	switch (optc)	875	switch (optc)
847	{	876	{
Lines 869-874 Link Here
869	shell = optarg;	898	shell = optarg;
870	break;	899	break;
871		900
		901	case 'x':
		902	remove_display = 1;
		903	break;
		904
		905	case 'X':
		906	remove_display = 0;
		907	break;
		908
872	case_GETOPT_HELP_CHAR;	909	case_GETOPT_HELP_CHAR;
873		910
874	case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS);	911	case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS);
Lines 908-913 Link Here
908	pw->pw_dir = xstrdup (pw->pw_dir);	945	pw->pw_dir = xstrdup (pw->pw_dir);
909	pw->pw_shell = xstrdup (pw->pw_shell);	946	pw->pw_shell = xstrdup (pw->pw_shell);
910		947
		948	/* If we need to remove DISPLAY environment variables, need to do
		949	it before checking the password. PAM, for example, may use the
		950	DISPLAY environment variable to forward X permissions. */
		951	modify_display ();
		952
911	if (!correct_password (pw))	953	if (!correct_password (pw))
912	{	954	{
913	#ifdef SYSLOG_FAILURE	955	#ifdef SYSLOG_FAILURE

Return to bug 57238

Lines 11881-11886 Link Here

(-)coreutils-5.2.1/doc/coreutils.texi (+17 lines)
11881	unless the user running @command{su} is not the superuser and @var{user}'s	11881	unless the user running @command{su} is not the superuser and @var{user}'s
11882	shell is restricted (see @option{-m} just above).	11882	shell is restricted (see @option{-m} just above).
11883		11883
		11884	@item -X
		11885	@itemx --enable-x
		11886	@opindex -X
		11887	@opindex --enable-x
		11888	Preserve the X Windows environment settings. (@env{DISPLAY} and
		11889	@env{XAUTHORITY}) Depending on the system configuration, this may allow
		11890	the new user to contact the running X session. [Enabled by
		11891	default]
		11892
		11893	@item -x
		11894	@itemx --disable-x
		11895	@opindex -x
		11896	@opindex --disable-x
		11897	Remove the X Windows environment settings. (@env{DISPLAY} and
		11898	@env{XAUTHORITY}) This stops the new user from contacting the X server
		11899	and may be more secure.
		11900
11884	@end table	11901	@end table
11885		11902
11886	@cindex exit status of @command{su}	11903	@cindex exit status of @command{su}