[Pkg-privacy-maintainers] Bug#911907: Bug#911907: monkeysphere: Install fails on systems with PAM login restrictions

Fri Oct 26 13:41:39 BST 2018

Control: tags 911907 + confirmed

Hi Sunil--

thanks for catching this, and for proposing a fix.

On Thu 2018-10-25 18:20:11 -0700, Sunil Mohan Adapa wrote:
> We faced a similar issue with quassel-core package recently and the
> maintainer fixed it by using runuser instead of su. From what I gather
> from man pages, it should do the job here as expected. A patch is
> attached. runuser is part of util-linux and is an essential package on
> Debian.

Thanks!  I agree that we should be moving from su to runuser here.  Good
call!

>              # requote arguments using bash builtin feature (see "help printf"):
> -	    su "$MONKEYSPHERE_USER" -s "$(which bash)" -c "$(printf "%q " "$@")"
> +	    runuser -u "$MONKEYSPHERE_USER" -- "$@"
>             ;;

This makes several different changes besides just moving to runuser.  in
particular, it drops the -s "$(which bash)" (and therefore i think
relies on the monkeysphere user's chosen shell in /etc/passwd --
hopefully that's correct, but it might have changed somehow).  Would you
be ok with reinstating the -s "$(which bash)" arguments?

And, it changes how the invocation is passed through -- rather than
using -c (which can pass shell-specific data) it passes the arguments
directly to runuser.  This is fine for most cases, but it might fail if
invoked as something like:

   su_monkeysphere_user echo test '>' /tmp/foo

this could do two different things:

 a) echo "test", the literal ">" symbol,  and the string "/tmp/foo"
 b) echo "test" into the file "/tmp/foo" as the monkeysphere user.

The current code seems to assume that the you might want to pass shell
metacharacters through to be executed that way, and that (b) should be
the correct result.  I think it's a bad idea to do that, though, and i
prefer your simpler formulation.

I'm concerned about the complex constructions (sigh, shell is such a
mess) passed to su_monkeysphere_user in update_users and add_certifier
(for monkeysphere-authentication), and add_revoker (for
monkeysphere-host), though.  Have you tested those subcommands on a live
system as the superuser?

If we can go with your proposed simpler argument passing, we definitely
should!

> While all the tests pass, I am unable to ascertain the full impact of
> the change.

hm, the test suite is designed to run as a non-priv user, so you're
right that the test suite passing doesn't give us enough information at
this point.

     --dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-privacy-maintainers/attachments/20181026/04988090/attachment.sig>