Quote:
Originally Posted by Oko
You got it wrong. Reading .profile IS a security risk. Default behavior when you
log as su - and do NOT read .profile is NOT a security risk. Just think about it for a second.
|
But 'su -m' doesn't read target user's .profile, it leaves unmodified environment as says man su(1)
Quote:
Leave the environment unmodified. The invoked shell is your login shell, and no directory changes are made.
|
Also csh would read root's .cshrc. Does that mean csh is not secure as root shell?