X-Git-Url: https://ruderich.org/simon/gitweb/?a=blobdiff_plain;f=shell%2Faliases.in;h=cb59d9c4fc3953ba3595930c93702099b3be0600;hb=d80ef8ee3f9d24ae0a17ec15eaf6137ab7781b7f;hp=2848f737b02f8249c6cffd9e75723a11339d39ab;hpb=9f7e689c44c7c7c2d0c6953ad23f003b6a55e1a5;p=config%2Fdotfiles.git

diff --git a/shell/aliases.in b/shell/aliases.in
index 2848f73..cb59d9c 100644
--- a/shell/aliases.in
+++ b/shell/aliases.in
@@ -120,4 +120,14 @@ info() {
     command info "$@" 2>/dev/null | less
 }
 
+# Using su (or sudo) as root to a less privileged user might allow the other
+# user to run arbitrary commands as root. See also Debian bugs #628843 and
+# #657784.
+if test "`id -u`" -eq 0; then
+    su() {
+        echo 'never su as root' >&2
+        return 1
+    }
+fi
+
 # vim: ft=sh