From: Simon Ruderich Date: Fri, 14 Oct 2016 00:09:02 +0000 (+0200) Subject: shell/aliases: disallow su as root X-Git-Url: https://ruderich.org/simon/gitweb/?a=commitdiff_plain;h=d80ef8ee3f9d24ae0a17ec15eaf6137ab7781b7f;p=config%2Fdotfiles.git shell/aliases: disallow su as root --- diff --git a/shell/aliases.in b/shell/aliases.in index 2848f73..cb59d9c 100644 --- a/shell/aliases.in +++ b/shell/aliases.in @@ -120,4 +120,14 @@ info() { command info "$@" 2>/dev/null | less } +# Using su (or sudo) as root to a less privileged user might allow the other +# user to run arbitrary commands as root. See also Debian bugs #628843 and +# #657784. +if test "`id -u`" -eq 0; then + su() { + echo 'never su as root' >&2 + return 1 + } +fi + # vim: ft=sh