From d80ef8ee3f9d24ae0a17ec15eaf6137ab7781b7f Mon Sep 17 00:00:00 2001
From: Simon Ruderich <simon@ruderich.org>
Date: Fri, 14 Oct 2016 02:09:02 +0200
Subject: [PATCH] shell/aliases: disallow su as root

---
 shell/aliases.in | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/shell/aliases.in b/shell/aliases.in
index 2848f73..cb59d9c 100644
--- a/shell/aliases.in
+++ b/shell/aliases.in
@@ -120,4 +120,14 @@ info() {
     command info "$@" 2>/dev/null | less
 }
 
+# Using su (or sudo) as root to a less privileged user might allow the other
+# user to run arbitrary commands as root. See also Debian bugs #628843 and
+# #657784.
+if test "`id -u`" -eq 0; then
+    su() {
+        echo 'never su as root' >&2
+        return 1
+    }
+fi
+
 # vim: ft=sh
-- 
2.43.2