[Apt-listbugs-commits] [SCM] apt-listbugs development tree branch, master, updated. apt-listbugs/0.1.6-5-g3d5149e

Francesco Poli (wintermute) invernomuto at paranoici.org
Mon Apr 9 19:13:39 UTC 2012 

The following commit has been merged in the master branch:
commit 3d5149e0f449b48c401e465856d52b9d5482cb77
Author: Francesco Poli (wintermute) <invernomuto at paranoici.org>
Date:   Mon Apr 9 21:03:57 2012 +0200

    work around the su browser issue (Closes: #662865)
    
    Before this change, if apt-listbugs found out that it was (directly or
    indirectly) invoked through sudo, it attempted to run the browser
    ('w' prompt command) as the regular user that gained root privileges
    via sudo.
    To this aim, apt-listbugs invoked the browser through
    su $SUDO_USER -c "browsercommand < /dev/tty".
    Unfortunately, this fails with su from package login/1:4.1.5-1, since
    browsercommand is prevented from opening /dev/tty (as a fix for
    security bug #628843).
    
    In order to work around this issue, we now avoid invoking "su -c",
    even when in an sudo environment.  This means that the browser will
    run as root, even when apt-listbugs is invoked through sudo...

diff --git a/debian/changelog b/debian/changelog
index 2e93b19..2ba5735 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -11,8 +11,11 @@ apt-listbugs (0.1.7) UNRELEASED; urgency=low
     explanation fields; such a pinning will be removed by the cron.daily
     job, when the package candidate version is no longer affected
     by any bug of high severity (Closes: #664496)
+  * worked around "'W: Failed to invoke browser.' when run under sudo":
+    when invoking a browser, do not switch to another user, not even
+    when apt-listbugs is run under sudo (Closes: #662865)
 
- -- Francesco Poli (wintermute) <invernomuto at paranoici.org>  Sun, 18 Mar 2012 18:07:29 +0100
+ -- Francesco Poli (wintermute) <invernomuto at paranoici.org>  Mon, 09 Apr 2012 18:03:33 +0200
 
 apt-listbugs (0.1.6) unstable; urgency=low
 
diff --git a/lib/apt-listbugs/logic.rb b/lib/apt-listbugs/logic.rb
index 5902bab..4dd0e9a 100644
--- a/lib/apt-listbugs/logic.rb
+++ b/lib/apt-listbugs/logic.rb
@@ -2,7 +2,7 @@
 #
 # Copyright (C) 2002  Masato Taruishi <taru at debian.org>
 # Copyright (C) 2006-2008  Junichi Uekawa <dancer at debian.org>
-# Copyright (C) 2008-2011  Francesco Poli <invernomuto at paranoici.org>
+# Copyright (C) 2008-2012  Francesco Poli <invernomuto at paranoici.org>
 # Copyright (C) 2009-2010  Ryan Niebur <ryan at debian.org>
 #
 #  This program is free software; you can redistribute it and/or modify
@@ -620,10 +620,7 @@ Pin-Priority: #{pin_pri}
       tmp.close
 
       puts "Invoking browser for #{tmp.path}" if $DEBUG
-      browsercommandline = ""
-      browsercommandline << "su #{ENV["SUDO_USER"]} -c \"" if ENV["SUDO_USER"]
-      browsercommandline << "#{@config.browser} #{tmp.path} < /dev/tty"
-      browsercommandline << "\"" if ENV["SUDO_USER"]
+      browsercommandline = "#{@config.browser} #{tmp.path} < /dev/tty"
       if system(browsercommandline)
         puts "successfully invoked browser" if $DEBUG
       else

-- 
apt-listbugs development tree

More information about the Apt-listbugs-commits mailing list