[Pkg-shadow-commits] r847 - trunk

Nicolas FRANCOIS nekral-guest at costa.debian.org
Wed Feb 8 18:51:54 UTC 2006 

Author: nekral-guest
Date: 2006-02-08 18:51:54 +0000 (Wed, 08 Feb 2006)
New Revision: 847

Added:
   trunk/276419
Log:
Add the summary for #276419 (su appends the positional args to the command line).


Added: trunk/276419
===================================================================
--- trunk/276419	2006-02-08 18:48:47 UTC (rev 846)
+++ trunk/276419	2006-02-08 18:51:54 UTC (rev 847)
@@ -0,0 +1,136 @@
+Introduction
+============
+As reported in #276419, shadow's su [1] doesn't permit to specify options
+to the invoked shell and doesn't respect quoted arguments.
+We plan to revert this behavior and follow su's documentation and other
+implementations.
+
+
+Short details
+=============
+Packages passing a command in argument to su must use su's -c option
+and must quote the command if it contains a space.
+For example:
+  su - root -c "ls -l /"
+
+The following commands won't work anymore:
+  su - root -c ls -l /
+  su - root "ls -l /"
+  su - root ls -l /
+
+There will be no problems for backports. -c can be used and arguments
+quoted, with the past and future versions.
+
+Needed adaptations
+==================
+We tried to find the packages that will be affected by this transition.
+We did not audit the full archive, but focused on [2]:
+ * maintainer scripts
+ * packages with an init.d script (based on a sid Contents-i386)
+ * packages with an cron script (based on a sid Contents-i386)
+ * native packages (on sid i386)
+(In general, archives embedded in source packages were not chacked)
+
+Package needing changes
+-----------------------
+amavisd-new-2.3.3/debian/amavisd-new.cron.daily
+backupninja-0.9.2/handlers/pgsql
+backupninja-0.9.2/handlers/mysql
+backupninja-0.9.2/examples/example.rdiff
+echolot-2.1.8/debian/echolot.init
+gnunet-0.7.0b/contrib/init_gnunet_ubuntu
+yiff-2.14.2/build_and_install
+python-4suite-0.99cvs20051115/debian/python-4suite-server.init.d
+samhain-2.0.10a/init/samhain.start.in
+
+To be checked
+-------------
+debget-1.5/debget
+
+maybe
+-----
+cedar-backup2-2.7.2/CedarBackup2/peer.py (depends on executeCommand)
+nut-2.0.2/scripts/HP-UX/nut-drvctl.sh (maybe not used on Debian)
+usermin-1.160/cron/config-aix (maybe not used on Debian)
+courier-0.52.1/courier.lpspec(.in)? (maybe not used on Debian)
+courier-0.52.1/courier.spec(.in)? (maybe not used on Debian)
+murasaki-0.8.11/scripts/printer (su $USER -c $CMD, $CMD may have a space)
+nut-2.0.2/scripts/HP-UX/nut-drvctl.sh (maybe not used on Debian)
+nut-2.0.2/scripts/HP-UX/nut-upsd.sh (maybe not used on Debian)
+usermin-1.160/web-lib-funcs.pl
+usermin-1.160/shell/index.cgi
+usermin-1.160/fetchmail/check.pl
+usermin-1.160/commands/run.cgi
+usermin-1.160/postgresql/postgresql-lib.pl
+webmin-1.230/web-lib-funcs.pl
+webmin-1.230/cron/config-aix
+webmin-1.230/custom/run.cgi
+
+In comments or documentation
+----------------------------
+cyrus21-imapd-2.1.18/debian/cyrus21-common.postinst
+lprng-3.8.28/DOCS/LPRng-Reference.html
+lprng-3.8.28/DOCS/LPRng-Reference.sgml
+lprng-3.8.28/DOCS/LPRng-Reference-Multipart/x9198.htm
+remstats-1.0.13a/INSTALL
+remstats-1.0.13a/docs/book.tex (and other formats)
+remstats-1.0.13a/docs/install-user.pod
+remstats-1.0.13a/docs/install.pod
+remstats-1.0.13a/docs/install.txt
+bricolage-1.8.8/bin/bric_ftpd
+dhis-client-5.3/README
+kdenetwork-3.5.0/kopete/protocols/meanwhile/README
+pop-before-smtp-1.36/contrib/README.rootless-install
+sqlrelay-0.36.4/doc/gettingstarted/interbase.html
+debpool-0.2.2/debian/README.User
+
+Transition plan
+===============
+Date?
+
+environment variable to restore the previous behavior
+
+conflict with the above packages?
+
+
+Other recommandation
+====================
+You should follow the following synopsis for your su commands.
+(This will give you more chance to be portable and to work on
+POSIXLY_CORRECT environments)
+
+    su [options] [-] [username [args]]
+
+[args] are arguments passed to the shell
+
+Specifically:
+ * It is preferable to provide -c in [args] rather than in [options].
+ * su - root -p doesn't work on if the POSIXLY_CORRECT environment
+   variable is set.
+
+axyl-2.1.9/db/postgres/install-db.sh
+dwww-1.9.26/dwww-format-man
+findutils-4.2.26/locate/updatedb.sh
+interchange-5.3.2/debian/interchange.cron.daily
+interchange-5.3.2/scripts/restart.PL
+popularity-contest-1.31/debian/cron.weekly
+popularity-contest-1.31/FAQ
+powersave-0.9.25/scripts/wm_shutdown
+powersave-0.9.25/scripts/do_screen_saver
+powersave-0.9.25/scripts/wm_logout
+powersave-0.9.25/scripts/x_helper_functions
+usermin-1.160/web-lib-funcs.pl
+usermin-1.160/commands/run.cgi
+webmin: ditto
+
+
+
+[1] The su used on Debian, unless for The Hurd (which uses coreutils's su).
+
+[2] The rational is that we consider there is a greater chance to find
+    problems on debian specific packages/scripts since it would have fail
+    on other OS (on RedHat, Gentoo, Mandriva, SunOS).
+    Probably 10% of the archive was audited.
+
+[3] Thanks to Bill Allombert 
+    http://lists.debian.org/debian-devel/2005/11/msg01215.html

More information about the Pkg-shadow-commits mailing list