Hello, Here is a proposal for the transition announcement.
We need to find if the transitionned login must conflict with all the packages which are not following the new synopsis. (There was a discussion about it on debian-devel, but IIRC no strong point) I will make a patch to enable swicthing to the old behavior with an environment variable (SU_NO_SHELL_ARGS). ========================================================================== Introduction ============ As reported in #276419, shadow's su [1] doesn't permit to specify options to the invoked shell and doesn't respect quoted arguments. We plan to revert this behavior and follow su's documentation and other implementations. Short details ============= Packages passing a command in argument to su must use su's -c option and must quote the command if it contains a space. For example: su - root -c "ls -l /" The following commands won't work anymore: su - root -c ls -l / su - root "ls -l /" su - root ls -l / There will be no problems for backports. -c can be used and arguments quoted, with the past and future versions. Needed adaptations ================== We tried to find the packages that will be affected by this transition. We did not audit the full archive, but focused on [2]: * maintainer scripts * packages with an init.d script (based on a sid Contents-i386) * packages with an cron script (based on a sid Contents-i386) * native packages (on sid i386) (In general, archives embedded in source packages were not chacked) Package needing changes ----------------------- amavisd-new-2.3.3/debian/amavisd-new.cron.daily backupninja-0.9.2/handlers/pgsql backupninja-0.9.2/handlers/mysql backupninja-0.9.2/examples/example.rdiff echolot-2.1.8/debian/echolot.init gnunet-0.7.0b/contrib/init_gnunet_ubuntu yiff-2.14.2/build_and_install python-4suite-0.99cvs20051115/debian/python-4suite-server.init.d samhain-2.0.10a/init/samhain.start.in To be checked ------------- debget-1.5/debget maybe ----- cedar-backup2-2.7.2/CedarBackup2/peer.py (depends on executeCommand) nut-2.0.2/scripts/HP-UX/nut-drvctl.sh (maybe not used on Debian) usermin-1.160/cron/config-aix (maybe not used on Debian) courier-0.52.1/courier.lpspec(.in)? (maybe not used on Debian) courier-0.52.1/courier.spec(.in)? (maybe not used on Debian) murasaki-0.8.11/scripts/printer (su $USER -c $CMD, $CMD may have a space) nut-2.0.2/scripts/HP-UX/nut-drvctl.sh (maybe not used on Debian) nut-2.0.2/scripts/HP-UX/nut-upsd.sh (maybe not used on Debian) usermin-1.160/web-lib-funcs.pl usermin-1.160/shell/index.cgi usermin-1.160/fetchmail/check.pl usermin-1.160/commands/run.cgi usermin-1.160/postgresql/postgresql-lib.pl webmin-1.230/web-lib-funcs.pl webmin-1.230/cron/config-aix webmin-1.230/custom/run.cgi In comments or documentation ---------------------------- cyrus21-imapd-2.1.18/debian/cyrus21-common.postinst lprng-3.8.28/DOCS/LPRng-Reference.html lprng-3.8.28/DOCS/LPRng-Reference.sgml lprng-3.8.28/DOCS/LPRng-Reference-Multipart/x9198.htm remstats-1.0.13a/INSTALL remstats-1.0.13a/docs/book.tex (and other formats) remstats-1.0.13a/docs/install-user.pod remstats-1.0.13a/docs/install.pod remstats-1.0.13a/docs/install.txt bricolage-1.8.8/bin/bric_ftpd dhis-client-5.3/README kdenetwork-3.5.0/kopete/protocols/meanwhile/README pop-before-smtp-1.36/contrib/README.rootless-install sqlrelay-0.36.4/doc/gettingstarted/interbase.html debpool-0.2.2/debian/README.User Transition plan =============== Date? environment variable to restore the previous behavior conflict with the above packages? Other recommandation ==================== You should follow the following synopsis for your su commands. (This will give you more chance to be portable and to work on POSIXLY_CORRECT environments) su [options] [-] [username [args]] [args] are arguments passed to the shell Specifically: * It is preferable to provide -c in [args] rather than in [options]. * su - root -p doesn't work on if the POSIXLY_CORRECT environment variable is set. axyl-2.1.9/db/postgres/install-db.sh dwww-1.9.26/dwww-format-man findutils-4.2.26/locate/updatedb.sh interchange-5.3.2/debian/interchange.cron.daily interchange-5.3.2/scripts/restart.PL popularity-contest-1.31/debian/cron.weekly popularity-contest-1.31/FAQ powersave-0.9.25/scripts/wm_shutdown powersave-0.9.25/scripts/do_screen_saver powersave-0.9.25/scripts/wm_logout powersave-0.9.25/scripts/x_helper_functions usermin-1.160/web-lib-funcs.pl usermin-1.160/commands/run.cgi webmin: ditto [1] The su used on Debian, unless for The Hurd (which uses coreutils's su). [2] The rational is that we consider there is a greater chance to find problems on debian specific packages/scripts since it would have fail on other OS (on RedHat, Gentoo, Mandriva, SunOS). Probably 10% of the archive was audited. [3] Thanks to Bill Allombert http://lists.debian.org/debian-devel/2005/11/msg01215.html ========================================================================== We can make it smaller by removing the "Other recommandation" and "In comments or documentation" sections. The "To be checked" and "maybe" sections need to be checked (or maybe we can keep them like that and let the maintainers check). Kind Regards, -- Nekral -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]