[Pkg-shadow-devel] Bug#276419: Announcing changes in su

Nicolas François nicolas.francois at centraliens.net
Sun Mar 5 01:06:45 UTC 2006 

Hello,

Introduction
============
As reported in #276419, su in the login Debian package doesn't permit to
specify options to the invoked shell and doesn't respect quoted arguments.
We plan to revert this behavior and follow su's documentation and other
implementations.


Short details
=============
Packages passing a command in argument to su must use su's -c option
and must quote the command if it contains a space.
For example:
  su - root -c "ls -l /"

The following commands won't work anymore:
  su - root -c ls -l /
  su - root "ls -l /"
  su - root ls -l /

There will be no problems for backports. -c can be used and arguments
quoted, with the past and future versions.

Needed adaptations
==================
We tried to find the packages that will be affected by this transition.
We did not audit the full archive, but focused on [1]:
 * maintainer scripts [2]
 * packages with an init.d script (based on a sid Contents-i386)
 * packages with an cron script (based on a sid Contents-i386)
 * native packages (on sid i386)
(In general, archives embedded in source packages were not checked)

Package needing changes
-----------------------
Micah Anderson <micah at riseup.net>
        backupninja-0.9.2/handlers/pgsql
        backupninja-0.9.2/handlers/mysql
        backupninja-0.9.2/examples/example.rdiff
Raphael Bossek <bossekr at debian.org>
        python-4suite-0.99cvs20051115/debian/python-4suite-server.init.d
Phil Brooke <pjb at debian.org>
        yiff-2.14.2/build_and_install
Arnaud Kyheng <Arnaud.Kyheng at free.fr>
        gnunet-0.7.0b/contrib/init_gnunet_ubuntu
Brian May <bam at debian.org>
        amavisd-new-2.3.3/debian/amavisd-new.cron.daily
Peter Palfrader <weasel at debian.org>
        echolot-2.1.8/debian/echolot.init
Javier Fernandez-Sanguino Pen~a <jfs at computer.org>
        samhain-2.0.10a/init/samhain.start.in

To be checked
-------------
Roderick Schertler <roderick at argon.org>
        debget-1.5/debget
(It should be OK. According to the code, it works with GNU su)

maybe
-----
Stefan Hornburg (Racke) <racke at linuxia.de>
        courier-0.52.1/courier.lpspec(.in)? (maybe not used on Debian)
        courier-0.52.1/courier.spec(.in)? (maybe not used on Debian)
Kenneth J. Pronovici <pronovic at debian.org>
        cedar-backup2-2.7.2/CedarBackup2/peer.py (depends on executeCommand)
Arnaud Quette <aquette at debian.org>
        nut-2.0.2/scripts/HP-UX/nut-drvctl.sh (maybe not used on Debian)
        nut-2.0.2/scripts/HP-UX/nut-upsd.sh (maybe not used on Debian)
Taku YASUI <tach at debian.or.jp>
        murasaki-0.8.11/scripts/printer (su $USER -c $CMD, $CMD may have a space)
Debian Webmin maintainers <webmin-maintainers at lists.alioth.debian.org>
        usermin-1.160/cron/config-aix (maybe not used on Debian)
        usermin-1.160/web-lib-funcs.pl
        usermin-1.160/shell/index.cgi
        usermin-1.160/fetchmail/check.pl
        usermin-1.160/commands/run.cgi
        usermin-1.160/postgresql/postgresql-lib.pl
        webmin-1.230/web-lib-funcs.pl
        webmin-1.230/cron/config-aix
        webmin-1.230/custom/run.cgi

In comments or documentation
----------------------------
Clint Adams <schizo at debian.org>
        bricolage-1.8.8/bin/bric_ftpd
Joel Aelwyn <fenton at debian.org>
        debpool-0.2.2/debian/README.User
Debian Qt/KDE Maintainers <debian-qt-kde at lists.debian.org>
        kdenetwork-3.5.0/kopete/protocols/meanwhile/README
Henrique de Moraes Holschuh <hmh at debian.org>
        cyrus21-imapd-2.1.18/debian/cyrus21-common.postinst
Robert Jordens <jordens at debian.org>
        remstats-1.0.13a/INSTALL
        remstats-1.0.13a/docs/book.tex (and other formats)
        remstats-1.0.13a/docs/install-user.pod
        remstats-1.0.13a/docs/install.pod
        remstats-1.0.13a/docs/install.txt
Matthias Klose <doko at debian.org>
        sqlrelay-0.36.4/doc/gettingstarted/interbase.html
Guus Sliepen <guus at debian.org>
        dhis-client-5.3/README
Craig Small <csmall at debian.org>
        lprng-3.8.28/DOCS/LPRng-Reference.html
        lprng-3.8.28/DOCS/LPRng-Reference.sgml
        lprng-3.8.28/DOCS/LPRng-Reference-Multipart/x9198.htm
Jonas Smedegaard <dr at jones.dk>
        pop-before-smtp-1.36/contrib/README.rootless-install

Transition plan
===============
A package will be first available for testing on experimental.
If you know that your package uses su, it would be nice if you could test
it with the login package (which will be uploaded) on experimental.

The SU_NO_SHELL_ARGS environment variable will restore the previous
behavior. The support for this variable should be dropped after Etch.

login will conflict with the package of the first category. When fixed,
these packages do not need a versionned dependency on login.


Recommandation
==============
You should follow the following synopsis for your su commands.
(This will give you more chance to be portable and to work on
POSIXLY_CORRECT environments)

    su [options] [-] [username [args]]

[args] are arguments passed to the shell

Specifically:
 * It is preferable to provide -c in [args] rather than in [options].
 * su - root -p doesn't work if the POSIXLY_CORRECT environment
   variable is set.

The following packages don't follow these rules:
Stefan Hornburg (Racke) <racke at linuxia.de>
        interchange-5.3.2/debian/interchange.cron.daily
        interchange-5.3.2/scripts/restart.PL
Michael Biebl <biebl at teco.edu>
        powersave-0.9.25/scripts/wm_shutdown
        powersave-0.9.25/scripts/do_screen_saver
        powersave-0.9.25/scripts/wm_logout
        powersave-0.9.25/scripts/x_helper_functions
Popularity Contest Developers <popcon-developers at lists.alioth.debian.org>
        popularity-contest-1.31/debian/cron.weekly
        popularity-contest-1.31/FAQ
Robert Luberda <robert at debian.org>
        dwww-1.9.26/dwww-format-man
Andreas Metzler <ametzler at debian.org>
        findutils-4.2.26/locate/updatedb.sh
Paul Waite <paul at catalyst.net.nz>
        axyl-2.1.9/db/postgres/install-db.sh
Debian Webmin maintainers <webmin-maintainers at lists.alioth.debian.org>
        usermin-1.160/web-lib-funcs.pl
        usermin-1.160/commands/run.cgi
        webmin: ditto



[1] The rationale is that we consider there is a greater chance to find
    problems on Debian specific packages/scripts since it would have fail
    on other OS (on RedHat, Gentoo, Mandriva, SunOS).
    Probably 10% of the archive was audited.

[2] Thanks to Bill Allombert 
    http://lists.debian.org/debian-devel/2005/11/msg01215.html

Kind Regards,
-- 
Nekral

More information about the Pkg-shadow-devel mailing list