[Pkg-shadow-devel] [pkg-shadow-Bugs][312287] su: does not handle SHELL env variable
pkg-shadow-bugs at alioth.debian.org
pkg-shadow-bugs at alioth.debian.org
Sat Jan 23 17:21:54 UTC 2010
Bugs item #312287, was changed at 23.01.2010 14:53 by Peter Volkov
You can respond by visiting:
https://alioth.debian.org/tracker/?func=detail&atid=411478&aid=312287&group_id=30580
Status: Open
Priority: 3
Submitted By: Peter Volkov (pva-guest)
Assigned to: Nobody (None)
Summary: su: does not handle SHELL env variable
Category: None
Group: None
Resolution: None
Initial Comment:
su man page states:
-s, --shell SHELL
The shell that will be invoked.
The invoked shell is chosen from (highest priority first):
? The shell specified with --shell.
? If --preserve-environment is used, the shell specified by the $SHELL environment variable.
? The shell indicated in the /etc/passwd entry for the target user.
? /bin/sh if a shell could not be found by any above method.
But since libmisc/env.c:sanitize_env (); is called at the very beginning of su, SHELL env gets stripped out and its value will never be used.
----------------------------------------------------------------------
Comment By: Peter Volkov (pva-guest)
Date: 23.01.2010 20:21
Message:
the patch indeed fixes this issue.
----------------------------------------------------------------------
Comment By: Peter Volkov (pva-guest)
Date: 23.01.2010 19:25
Message:
Just found patch in Debian:
http://patch-tracker.debian.org/patch/series/view/shadow/1:4.1.4.2-1/008_su_no_sanitize_env
--- a/src/su.c
+++ b/src/su.c
@@ -342,7 +342,7 @@
#endif
#endif /* !USE_PAM */
- sanitize_env ();
+ /* sanitize_env (); */
(void) setlocale (LC_ALL, "");
(void) bindtextdomain (PACKAGE, LOCALEDIR);
It should fix this issue.
----------------------------------------------------------------------
You can respond by visiting:
https://alioth.debian.org/tracker/?func=detail&atid=411478&aid=312287&group_id=30580
More information about the Pkg-shadow-devel
mailing list