[Apt-listbugs-commits] [SCM] apt-listbugs development tree branch, master, updated. apt-listbugs/0.1.6-5-g3d5149e
Francesco Poli (wintermute)
invernomuto at paranoici.org
Mon Apr 9 19:13:39 UTC 2012
The following commit has been merged in the master branch:
commit 3d5149e0f449b48c401e465856d52b9d5482cb77
Author: Francesco Poli (wintermute) <invernomuto at paranoici.org>
Date: Mon Apr 9 21:03:57 2012 +0200
work around the su browser issue (Closes: #662865)
Before this change, if apt-listbugs found out that it was (directly or
indirectly) invoked through sudo, it attempted to run the browser
('w' prompt command) as the regular user that gained root privileges
via sudo.
To this aim, apt-listbugs invoked the browser through
su $SUDO_USER -c "browsercommand < /dev/tty".
Unfortunately, this fails with su from package login/1:4.1.5-1, since
browsercommand is prevented from opening /dev/tty (as a fix for
security bug #628843).
In order to work around this issue, we now avoid invoking "su -c",
even when in an sudo environment. This means that the browser will
run as root, even when apt-listbugs is invoked through sudo...
diff --git a/debian/changelog b/debian/changelog
index 2e93b19..2ba5735 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -11,8 +11,11 @@ apt-listbugs (0.1.7) UNRELEASED; urgency=low
explanation fields; such a pinning will be removed by the cron.daily
job, when the package candidate version is no longer affected
by any bug of high severity (Closes: #664496)
+ * worked around "'W: Failed to invoke browser.' when run under sudo":
+ when invoking a browser, do not switch to another user, not even
+ when apt-listbugs is run under sudo (Closes: #662865)
- -- Francesco Poli (wintermute) <invernomuto at paranoici.org> Sun, 18 Mar 2012 18:07:29 +0100
+ -- Francesco Poli (wintermute) <invernomuto at paranoici.org> Mon, 09 Apr 2012 18:03:33 +0200
apt-listbugs (0.1.6) unstable; urgency=low
diff --git a/lib/apt-listbugs/logic.rb b/lib/apt-listbugs/logic.rb
index 5902bab..4dd0e9a 100644
--- a/lib/apt-listbugs/logic.rb
+++ b/lib/apt-listbugs/logic.rb
@@ -2,7 +2,7 @@
#
# Copyright (C) 2002 Masato Taruishi <taru at debian.org>
# Copyright (C) 2006-2008 Junichi Uekawa <dancer at debian.org>
-# Copyright (C) 2008-2011 Francesco Poli <invernomuto at paranoici.org>
+# Copyright (C) 2008-2012 Francesco Poli <invernomuto at paranoici.org>
# Copyright (C) 2009-2010 Ryan Niebur <ryan at debian.org>
#
# This program is free software; you can redistribute it and/or modify
@@ -620,10 +620,7 @@ Pin-Priority: #{pin_pri}
tmp.close
puts "Invoking browser for #{tmp.path}" if $DEBUG
- browsercommandline = ""
- browsercommandline << "su #{ENV["SUDO_USER"]} -c \"" if ENV["SUDO_USER"]
- browsercommandline << "#{@config.browser} #{tmp.path} < /dev/tty"
- browsercommandline << "\"" if ENV["SUDO_USER"]
+ browsercommandline = "#{@config.browser} #{tmp.path} < /dev/tty"
if system(browsercommandline)
puts "successfully invoked browser" if $DEBUG
else
--
apt-listbugs development tree
More information about the Apt-listbugs-commits
mailing list