View Single Post
Old 8th September 2010
sputnik's Avatar
sputnik sputnik is offline
Port Guard
Join Date: Mar 2009
Posts: 23

Originally Posted by Oko View Post
You got it wrong. Reading .profile IS a security risk. Default behavior when you
log as su - and do NOT read .profile is NOT a security risk. Just think about it for a second.
But 'su -m' doesn't read target user's .profile, it leaves unmodified environment as says man su(1)
Leave the environment unmodified. The invoked shell is your login shell, and no directory changes are made.
Also csh would read root's .cshrc. Does that mean csh is not secure as root shell?
Reply With Quote