https://bugzilla.novell.com/show_bug.cgi?id=331043#c6 Christian Boltz <suse-beta@cboltz.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|INVALID | --- Comment #6 from Christian Boltz <suse-beta@cboltz.de> 2007-10-09 05:49:44 MST --- I'd like to highlight the usage of "echo |" and "expect" a bit (at least the usage I expect). The fact that "expect" can still feed the password to su it isn't really relevant IMHO because: - "expect" is usually not used by newbies, and experts hopefully know what they are risking - you can call any password prompt (root password? encrypted partition? SSH key passphrase? GPG key passphrase?) useless when arguing with expect. - you can even consider passwords useless at all if people have physical access to the machine (hint: init=/bin/bash) OTOH, "echo password | su" can be easily run by newbies. - It's the next "logical" step after learning what the pipe does - I don't think everybody who can use the pipe knows about the security risks when passing along the password this way - "echo password | su" might even end up in the bash history Summary: If su wouldn't read STDIN, 90% of the people [cw]ouldn't use this insecure way. Only the remaining 10% (or even less) know about expect. Additionally, most of these 10% won't take the risk and/or know better solutions (like allowing a specific command to run passwordless with sudo). So there will be a risk reduction of >90% with this change. We all know that it's nearly impossible to have a 100% secure system, so let's at least have a 90% secure one ;-) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.