shell/aliases: disallow su as root

author Simon Ruderich <simon@ruderich.org>

Fri, 14 Oct 2016 00:09:02 +0000 (02:09 +0200)

committer Simon Ruderich <simon@ruderich.org>

Fri, 14 Oct 2016 00:09:02 +0000 (02:09 +0200)
author Simon Ruderich <simon@ruderich.org>
Fri, 14 Oct 2016 00:09:02 +0000 (02:09 +0200)
committer Simon Ruderich <simon@ruderich.org>
Fri, 14 Oct 2016 00:09:02 +0000 (02:09 +0200)
diff --git a/shell/aliases.in b/shell/aliases.in

index 2848f737b02f8249c6cffd9e75723a11339d39ab..cb59d9c4fc3953ba3595930c93702099b3be0600 100644 (file)
--- a/shell/aliases.in
+++ b/shell/aliases.in
@@ -120,4 +120,14 @@ info() {
      command info "$@" 2>/dev/null | less
  }
  
+# Using su (or sudo) as root to a less privileged user might allow the other
+# user to run arbitrary commands as root. See also Debian bugs #628843 and
+# #657784.
+if test "`id -u`" -eq 0; then
+    su() {
+        echo 'never su as root' >&2
+        return 1
+    }
+fi
+
  # vim: ft=sh
author	Simon Ruderich <simon@ruderich.org>
	Fri, 14 Oct 2016 00:09:02 +0000 (02:09 +0200)
committer	Simon Ruderich <simon@ruderich.org>
	Fri, 14 Oct 2016 00:09:02 +0000 (02:09 +0200)