[Pkg-shadow-devel] gnunet: Please quote the commands given to su

[Nicolas François]

Package: gnunet
Severity: minor
Tags: patch

Hello,

As announced in [0], su behavior will change.
contrib/init_gnunet_ubuntu in the gnunet source package executes commands
with su without quoting them or using su's -c option.
(I don't know if this file is used on Debian)

The patched version should be compatible with the old and future su.

You can find a login package in experimental if you want to test the
patch.

When the new login package will reach unstable, the severity of this bug
will be raised.

[0] http://lists.debian.org/debian-devel-announce/2006/03/msg00003.html

Kind Regards,
-- 
Nekral
-------------- next part --------------
diff -rauN ../orig/gnunet-0.7.0b/contrib/init_gnunet_ubuntu ./gnunet-0.7.0b/contrib/init_gnunet_ubuntu
--- ../orig/gnunet-0.7.0b/contrib/init_gnunet_ubuntu	2005-08-25 07:20:30.000000000 +0200
+++ ./gnunet-0.7.0b/contrib/init_gnunet_ubuntu	2006-03-25 20:37:42.000000000 +0100
@@ -10,7 +10,7 @@
 OPT="--user=gnunet"
 
 # test gnunet user access to binary
-su -p gnunet -- gnunetd --version 1>/dev/null 2>/dev/null
+su -p gnunet -c "gnunetd --version" 1>/dev/null 2>/dev/null
 test $? -eq 0 || exit 0
 
 
@@ -19,7 +19,7 @@
 case "$1" in
 start)	log_begin_msg "Starting GNUnet daemon..."
         #start-stop-daemon --start --quiet --name gnunetd --startas "$EXEC" -- "$OPT"
-	su -p gnunet -- gnunetd "$OPT" 1>/dev/null 2>/dev/null
+	su -p gnunet -c "gnunetd \"$OPT\"" 1>/dev/null 2>/dev/null
         log_end_msg $?
 	;;
 stop)	log_begin_msg "Stopping GNUnet daemon..."
@@ -29,14 +29,14 @@
 restart) log_begin_msg "Restarting GNUnet daemon..."
         start-stop-daemon --user gnunet --stop --retry 5 --quiet --name gnunetd
         #start-stop-daemon --start --quiet --pidfile /var/run/gnunetd.pid --name gnunetd --startas "$EXEC" -- "$OPT"
-	su -p gnunet -- gnunetd "$OPT" 1>/dev/null 2>/dev/null
+	su -p gnunet -c "gnunetd \"$OPT\"" 1>/dev/null 2>/dev/null
 	log_end_msg $?
         ;;
 status) log_begin_msg "GNUnet status..."
         #start-stop-daemon --start --quiet --pidfile /var/run/gnunetd.pid --name gnunetd --startas "$EXEC" -- "$OPT"
-	su -p gnunet -- gnunet-stats --version 1>/dev/null 2>/dev/null
+	su -p gnunet -c "gnunet-stats --version" 1>/dev/null 2>/dev/null
 	if test $? -eq 0 ;then
-    	    su -p gnunet -- gnunet-stats
+    	    su -p gnunet -c gnunet-stats
 	else
     	    log_end_msg $?
 	fi;
@@ -48,7 +48,7 @@
 	# sleep
 	sleep 5
 	# start
-	su -p gnunet -- gnunetd "$OPT" 1>/dev/null 2>/dev/null
+	su -p gnunet -c "gnunetd \"$OPT\"" 1>/dev/null 2>/dev/null
 	# ...or hup if gnunetd supports	
         log_end_msg 0
         ;;