Debian Bug report logs - #317264
login: Current su breaks pbuilder

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Daniel Schepler <schepler@math.berkeley.edu>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: login: Current su breaks pbuilder

Date: Thu, 07 Jul 2005 01:05:19 -0700

Package: login
Version: 1:4.0.3-36
Severity: important

Whenever I try to use pbuilder to build a package after upgrading the
chroot today, I get:

...
Copying source file
    -> copying [gphoto2_2.1.6-1.dsc]
    -> copying [./gphoto2_2.1.6.orig.tar.gz]
    -> copying [./gphoto2_2.1.6-1.diff.gz]
Extracting source
/usr/bin/dpkg-source: line 3: my: command not found
/usr/bin/dpkg-source: line 4: my: command not found
/usr/bin/dpkg-source: line 6: my: command not found
/usr/bin/dpkg-source: line 7: my: command not found
/usr/bin/dpkg-source: line 8: my: command not found
/usr/bin/dpkg-source: line 9: my: command not found
/usr/bin/dpkg-source: line 11: =: command not found
/usr/bin/dpkg-source: line 13: =: command not found
/usr/bin/dpkg-source: line 14: =: command not found
/usr/bin/dpkg-source: line 15: =: command not found
/usr/bin/dpkg-source: line 16: =: command not found
/usr/bin/dpkg-source: line 18: use: command not found
/usr/bin/dpkg-source: line 19: syntax error near unexpected token `('
/usr/bin/dpkg-source: line 19: `use POSIX qw (:errno_h :signal_h);'

Running the pbuilder-buildpackage backend using sh -x, the command
which is failing is:

+ chroot /var/cache/pbuilder/build//7737 /bin/bash -c '( cd tmp/buildd; chown pbuilder:pbuilder ../buildd *; su -p pbuilder --  /usr/bin/dpkg-source -x gphoto2_2.1.6-1.dsc )'

And in fact, setting up a directory with proper permissions and a test
source package, I can also reproduce this outside pbuilder:

frobnitz:/tmp/kdenetwork# su -p daniel -- dpkg-source -x kdenetwork_3.3.2-6.dsc
/usr/bin/dpkg-source: line 3: my: command not found
/usr/bin/dpkg-source: line 4: my: command not found
...

-- System Information:
Debian Release: testing/unstable
Architecture: amd64 (x86_64)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.11-9-amd64-k8
Locale: LANG=en, LC_CTYPE=en (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8)

Versions of packages login depends on:
ii  libc6                       2.3.2.ds1-22 GNU C Library: Shared libraries an
ii  libpam-modules              0.76-22      Pluggable Authentication Modules f
ii  libpam-runtime              0.76-22      Runtime support for the PAM librar
ii  libpam0g                    0.76-22      Pluggable Authentication Modules l

login recommends no packages.

-- no debconf information

-- 
Daniel Schepler              "Please don't disillusion me.  I
schepler@math.berkeley.edu    haven't had breakfast yet."
                                 -- Orson Scott Card

Message #10 received at 317264@bugs.debian.org (full text, mbox, reply):

From: Nicolas François <nicolas.francois@centraliens.net>

To: Daniel Schepler <schepler@math.berkeley.edu>, 317264@bugs.debian.org

Cc: pbuilder@packages.debian.org

Subject: Re: Bug#317264: login: Current su breaks pbuilder

Date: Thu, 7 Jul 2005 12:37:17 +0200

[Message part 1 (text/plain, inline)]

Hello Daniel,

This was introduced by the patch for #276419, which I still approve.
Here is a fix for pbuilder.
(I'm CCing the pbuilder maintainer to have his opinion, before reassigning
this bug to pbuilder)

Note: This may require a versioned dependancy.

("su <user> -- arg1 arg2" used to run "<shell> -c arg1 arg2" and it now
launch "<shell> arg1 arg2", so a pbuilder with this patch and an old su
will run "<shell> -c -c arg1 arg2", which is not an issue for bash, but
may be annoying for another shell)

Best Regards,
-- 
Nekral

[pbuilder-buildpackage.diff (text/plain, attachment)]

Message #15 received at 317264@bugs.debian.org (full text, mbox, reply):

From: Aurelien Jarno <aurelien@aurel32.net>

To: Nicolas François <nicolas.francois@centraliens.net>

Cc: Daniel Schepler <schepler@math.berkeley.edu>, 317264@bugs.debian.org, pbuilder@packages.debian.org

Subject: Re: Bug#317264: login: Current su breaks pbuilder

Date: Thu, 7 Jul 2005 17:18:19 +0200

[Message part 1 (text/plain, inline)]

On Thu, Jul 07, 2005 at 12:37:17PM +0200, Nicolas François wrote:
> Hello Daniel,
> 
> This was introduced by the patch for #276419, which I still approve.
> Here is a fix for pbuilder.
It doesn't work.

> (I'm CCing the pbuilder maintainer to have his opinion, before reassigning
> this bug to pbuilder)
> 
> Note: This may require a versioned dependancy.
> 
> ("su <user> -- arg1 arg2" used to run "<shell> -c arg1 arg2" and it now
> launch "<shell> arg1 arg2", so a pbuilder with this patch and an old su
> will run "<shell> -c -c arg1 arg2", which is not an issue for bash, but
> may be annoying for another shell)

Actually 'su <user> -- arg1 arg2' used to run '<shell> -c "arg1 arg2"'
(ie arg1 and arg2 are grouped as one argument) and now it runs '<shell>
arg1 arg2' and '<shell> -c arg1 arg2' with your patch.

That's why your patch doesn't work as arg2 is ignored.

Please find attached a new patch that works with both the old and new
version of su (it is not possible to have a versioned dependency as it
is the su from inside the chroot which is called).

Bye,
Aurelien

-- 
  .''`.  Aurelien Jarno	            | GPG: 1024D/F1BCDB73
 : :' :  Debian GNU/Linux developer | Electrical Engineer
 `. `'   aurel32@debian.org         | aurelien@aurel32.net
   `-    people.debian.org/~aurel32 | www.aurel32.net

[pbuilder-buildpackage.patch (text/plain, attachment)]

Message #20 received at 317264@bugs.debian.org (full text, mbox, reply):

From: Christian Perrier <bubulle@debian.org>

To: Daniel Schepler <schepler@math.berkeley.edu>, 317264@bugs.debian.org

Subject: Re: [Pkg-shadow-devel] Bug#317264: login: Current su breaks pbuilder

Date: Thu, 7 Jul 2005 16:59:45 +0200

Quoting Daniel Schepler (schepler@math.berkeley.edu):
> Package: login
> Version: 1:4.0.3-36
> Severity: important
> 
> Whenever I try to use pbuilder to build a package after upgrading the
> chroot today, I get:

> frobnitz:/tmp/kdenetwork# su -p daniel -- dpkg-source -x kdenetwork_3.3.2-6.dsc
> /usr/bin/dpkg-source: line 3: my: command not found
> /usr/bin/dpkg-source: line 4: my: command not found


This is very likely to be the "fix" for #276419 which is culprit here.

Other team members, who looks more closely at this?

Message #25 received at 317264@bugs.debian.org (full text, mbox, reply):

From: Junichi Uekawa <dancer@netfort.gr.jp>

To: Aurelien Jarno <aurelien@aurel32.net>

Cc: Nicolas François <nicolas.francois@centraliens.net>, Daniel Schepler <schepler@math.berkeley.edu>, 317264@bugs.debian.org, pbuilder@packages.debian.org

Subject: Re: Bug#317264: login: Current su breaks pbuilder

Date: Fri, 08 Jul 2005 06:54:32 +0900

Hi,

> Actually 'su <user> -- arg1 arg2' used to run '<shell> -c "arg1 arg2"'
> (ie arg1 and arg2 are grouped as one argument) and now it runs '<shell>
> arg1 arg2' and '<shell> -c arg1 arg2' with your patch.
> 
> That's why your patch doesn't work as arg2 is ignored.
> 
> Please find attached a new patch that works with both the old and new
> version of su (it is not possible to have a versioned dependency as it
> is the su from inside the chroot which is called).

Why is su changing behavior?

I have concerns wrt shell quoting, and I'd rather not require this 
patch.


regards,
	junichi
-- 
Junichi Uekawa, Debian Developer   http://www.netfort.gr.jp/~dancer/
183A 70FC 4732 1B87 57A5  CE82 D837 7D4E E81E 55C1 

Message #30 received at 317264@bugs.debian.org (full text, mbox, reply):

From: Christian Perrier <bubulle@debian.org>

To: 317264@bugs.debian.org

Cc: Daniel Schepler <schepler@math.berkeley.edu>

Subject: Re: Bug#317264: [Pkg-shadow-devel] Bug#317264: login: Current su breaks pbuilder

Date: Fri, 8 Jul 2005 07:54:33 +0200

> > Whenever I try to use pbuilder to build a package after upgrading the
> > chroot today, I get:
> 
> > frobnitz:/tmp/kdenetwork# su -p daniel -- dpkg-source -x kdenetwork_3.3.2-6.dsc
> > /usr/bin/dpkg-source: line 3: my: command not found
> > /usr/bin/dpkg-source: line 4: my: command not found
> 
> 
> This is very likely to be the "fix" for #276419 which is culprit here.
> 
> Other team members, who looks more closely at this?

For the record:

From the #shadow IRC channel, here is Nicolas François (nekral)
analysis:
01:06 < nekral> hi
01:09 < nekral> I'm looking at the log and here are clarifications of my thought
01:12 < nekral> in #276419, we were asked not to concatenate all arguments before passing them to the shell (or command if -c)
01:15 < nekral> Another point was asked by 276419-submitter: not to add a -c argument to the executed shell when no command was provided to su (with -c)
01:16 < nekral> regarding the first point:
01:16 < nekral>  * the old behavior was not documented ("Any arguments supplied after the username will be passed to the invoked  shell")
01:18 < nekral>  * the old behavior differ from current upstream (and probably from other distribution, upstream using a patch from redhat)
01:19 < nekral>  * applications requiring that the arguments are concatenated should concatenate themself
01:19 < nekral> Then regarding the second point:
01:21 < nekral>  * the man page does not indicate that -c is inserted in the list of arguments provided to the shell
01:24 < nekral>    (thus "su - $USERNAME -- -x" should work and should execute a shell in debug mode (the arguments should be [<shell>, "-x"] and not [<shell>, "-c", ""-x"])
01:31 < nekral> Then, if too many packages relied on the previous behavior, and if only 276419-submitter push for the applied patch, then a pragmatical approch could be to revert
01:31 < nekral> (We can also only revert one of the above points)
01:33 < nekral> Zugschlus, I don't understand the point about your "clamav-data testing script on debian-volatile"
01:34 < nekral> did it occured with login 4.0.3-36?
01:34 < nekral> "su - $ACCOUNT -c bash" works nicely with login 4.0.3-36
01:37 < nekral> (also, I can't find any reference to su in "clamav-data)
07:42 < Zugschlus> fsck, nekral isn't there
07:43 < Zugschlus> the testing script is not part of the package

Message #35 received at 317264-close@bugs.debian.org (full text, mbox, reply):

From: Christian Perrier <bubulle@debian.org>

To: 317264-close@bugs.debian.org

Subject: Bug#317264: fixed in shadow 1:4.0.3-37

Date: Sun, 10 Jul 2005 15:49:26 -0400

Source: shadow
Source-Version: 1:4.0.3-37

We believe that the bug you reported is fixed in the latest version of
shadow, which is due to be installed in the Debian FTP archive:

login_4.0.3-37_i386.deb
  to pool/main/s/shadow/login_4.0.3-37_i386.deb
passwd_4.0.3-37_i386.deb
  to pool/main/s/shadow/passwd_4.0.3-37_i386.deb
shadow_4.0.3-37.diff.gz
  to pool/main/s/shadow/shadow_4.0.3-37.diff.gz
shadow_4.0.3-37.dsc
  to pool/main/s/shadow/shadow_4.0.3-37.dsc



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 317264@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Christian Perrier <bubulle@debian.org> (supplier of updated shadow package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Wed,  6 Jul 2005 03:13:37 +0300
Source: shadow
Binary: login passwd
Architecture: source i386
Version: 1:4.0.3-37
Distribution: unstable
Urgency: low
Maintainer: Shadow package maintainers <pkg-shadow-devel@lists.alioth.debian.org>
Changed-By: Christian Perrier <bubulle@debian.org>
Description: 
 login      - system login tools
 passwd     - change and administer password and group data
Closes: 304934 317012 317236 317264 317304 317327 317366 317532
Changes: 
 shadow (1:4.0.3-37) unstable; urgency=low
 .
   * The "Camembert" release
   * Upstream bugs not fixed in upstream releases or CVS:
     - 442_useradd.8-O
       Document useradd's "-O" option
       Closes: #304934
   * Debconf translation updates:
     - Indonesian updated (sent by translator to Christian Perrier)
     - Bulgarian updated. Closes: #317327
     - Vietnamese added (sent by translator to Christian Perrier)
     - Wolof added (sent by translator to Christian Perrier)
       Closes: #317532
   * Man pages translation updates:
     - Really remove the too outdated Korean translation of newgrp.1
       which doesn't even mention sg
   * Programs translation updates:
     - debian/patches/117_id:
       - Indonesian translation update (sent by translator to Christian Perrier)
   * Debian packaging fixes:
     - login.defs
       Fix a typo (s/dmesg/mesg/), thanks to Maximilian Attens
       Closes: #317236
     - Fix FTBFS for GNU/Hurd and GNU/kFreeBSD
       - securetty.kfreebsd-gnu renamed to securetty.kfreebsd
       - securetty.netbsd-gnu renamed to securetty.netbsd
       - securetty.gnu renamed to securetty.hurd
       Closes: #317304
   * Upstream bugs not fixed in upstream releases or CVS:
     - 443_chage_exit_values
       chage: change the exit value to 3 when chage fails because the system is
       not shadow enabled.
       Closes: #317012
     - 426_grpck_group-gshadow_members_consistency
       grpck/pwck: fix segmentation faults
       Closes: #317366
     - 423_su_arguments_are_concatenated, 423_su_pass_args_without_concatenation
       revert the patch done for #276419, because it breaks pbuilder and other
       packages.  Also document the Debian su behavior.
       su behave differently from FreeBSD or SUN; this issue will have to be
       handled latter (re-open #276419).
       Closes: #317264
Files: 
 4625b0eaa341493b8f88d5721da4dce0 843 base required shadow_4.0.3-37.dsc
 8bc1fc7aa6002a93594546345e400049 1050215 base required shadow_4.0.3-37.diff.gz
 3448914fba66f39d0bea8719303f7eb3 509780 base required passwd_4.0.3-37_i386.deb
 8212983463f2f759531bd731ab5a9bd9 591338 base required login_4.0.3-37_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFC0XPs1OXtrMAUPS0RApV9AJ9nA5U41d1YPbhP3gYS1ASALl9nWQCffxPl
wl3bGK5TNG8abfS63YmUSkQ=
=77+b
-----END PGP SIGNATURE-----

Message #40 received at 317264@bugs.debian.org (full text, mbox, reply):

From: "Helmut Waitzmann" (Debian Bug Tracking System) <Helmut.Waitzmann@web.de>

To: Junichi Uekawa <dancer@netfort.gr.jp>

Cc: Aurelien Jarno <aurelien@aurel32.net>, Nicolas François <nicolas.francois@centraliens.net>, Daniel Schepler <schepler@math.berkeley.edu>, 317264@bugs.debian.org, pbuilder@packages.debian.org

Subject: Re: Bug#317264: login: Current su breaks pbuilder

Date: Mon, 11 Jul 2005 17:44:10 +0200

Junichi Uekawa <dancer@netfort.gr.jp> writes:

>Why is su changing behavior?

Old su doesn't meet its specifications (i.e. manual page).  Please see
Bug#276419 for a detailed discussion.

For example, according to the su manual page,

$ su - userid -xs 'startup parameter'

should start an interactive login shell with debug mode switched on and
supply the additional positional argument "startup parameter" to it
rather than starting an noninteractive login shell with the positional
arguments "-c" "-xs startup parameter", i.e. a commandline
"-xs startup parameter" and no additional positional arguments.

With (old) su, you cannot pass additional positional arguments and
options (other than "-c") to the shell.

>I have concerns wrt shell quoting,

Could you please explain more detailed?

Best regards,

Helmut
-- 
Wenn Sie mir E-Mail schreiben, stellen |  When writing me e-mail, please
Sie bitte vor meine E-Mail-Adresse     |  precede my e-mail address with
meinen Vor- und Nachnamen, etwa so:    |  my full name, like
Helmut Waitzmann <xxx@example.net>, (Helmut Waitzmann) xxx@example.net

Message #45 received at 317264@bugs.debian.org (full text, mbox, reply):

From: Junichi Uekawa <dancer@netfort.gr.jp>

To: "Helmut Waitzmann" (Debian Bug Tracking System) <Helmut.Waitzmann@web.de>

Cc: Junichi Uekawa <dancer@netfort.gr.jp>, Aurelien Jarno <aurelien@aurel32.net>, Nicolas François <nicolas.francois@centraliens.net>, Daniel Schepler <schepler@math.berkeley.edu>, 317264@bugs.debian.org, pbuilder@packages.debian.org

Subject: Re: Bug#317264: login: Current su breaks pbuilder

Date: Tue, 12 Jul 2005 05:16:10 +0900

Hi,

Apart from being unhappy about a core component of 
Debian dramatically changing at all; to answer your
question:

> >I have concerns wrt shell quoting,
> 
> Could you please explain more detailed?

The implications of needing quoting means that previous 
quoting conventions will need to change.

Applications which used to pass quoted text to su, and 
needs to quote differently now need to change dramatically.

  su username command A $B "C $D"
used to work, but it will now need to be 
  su username -c "command A \"$B\" \"C $D\""
and specific semantics of how the contents of $B and $D is expanded is 
going to change.


regards,
	junichi

Message #50 received at 317264@bugs.debian.org (full text, mbox, reply):

From: Christian Perrier <bubulle@debian.org>

To: Junichi Uekawa <dancer@netfort.gr.jp>, 317264@bugs.debian.org

Cc: Helmut Waitzmann <Helmut.Waitzmann@web.de>

Subject: Re: [Pkg-shadow-devel] Bug#317264: login: Current su breaks pbuilder

Date: Tue, 12 Jul 2005 10:21:35 +0200

Quoting Junichi Uekawa (dancer@netfort.gr.jp):
> 
> Hi,
> 
> Apart from being unhappy about a core component of 


I would actually appreciate that the "I am unhappy" comments about
this issue are taken away now. We have put a lot of efforts in solving
the thing as quickly as possible, you know..:)

Message #55 received at 317264@bugs.debian.org (full text, mbox, reply):

From: Junichi Uekawa <dancer@netfort.gr.jp>

To: Christian Perrier <bubulle@debian.org>

Cc: Junichi Uekawa <dancer@netfort.gr.jp>, 317264@bugs.debian.org, Helmut Waitzmann <Helmut.Waitzmann@web.de>

Subject: Re: [Pkg-shadow-devel] Bug#317264: login: Current su breaks pbuilder

Date: Wed, 13 Jul 2005 00:33:10 +0900

> > Apart from being unhappy about a core component of 
> 
> 
> I would actually appreciate that the "I am unhappy" comments about
> this issue are taken away now. We have put a lot of efforts in solving
> the thing as quickly as possible, you know..:)

Okay; I'll just express that I forsee a bit more trouble 
while this transition takes place in sid.



regards,
	junichi.

Message #60 received at 317264@bugs.debian.org (full text, mbox, reply):

From: "Helmut Waitzmann" (Debian Bug Tracking System) <Helmut.Waitzmann@web.de>

To: Junichi Uekawa <dancer@netfort.gr.jp>

Cc: Aurelien Jarno <aurelien@aurel32.net>, Nicolas François <nicolas.francois@centraliens.net>, Daniel Schepler <schepler@math.berkeley.edu>, 317264@bugs.debian.org, pbuilder@packages.debian.org

Subject: Re: Bug#317264: login: Current su breaks pbuilder

Date: Wed, 13 Jul 2005 08:22:25 +0200

Junichi Uekawa <dancer@netfort.gr.jp> writes:

>Apart from being unhappy about a core component of 
>Debian dramatically changing at all; to answer your
>question:
>
>> >I have concerns wrt shell quoting,
>> 
>> Could you please explain more detailed?
>
>The implications of needing quoting means that previous 
>quoting conventions will need to change.
>
>Applications which used to pass quoted text to su, and 
>needs to quote differently now need to change dramatically.

That would be intolerable, indeed.  But see below.

>  su username command A $B "C $D"
>used to work, but it will now need to be 
>  su username -c "command A \"$B\" \"C $D\""

No.  With Debian's new su one would have to do (suppose one is using
a bourne shell or compatible) to achieve the same result:

$ (set x command A $B "C $D" && shift && exec su username -c "$*")

>and specific semantics of how the contents of $B and $D is expanded is 
>going to change.

No.  $B and $D are expanded by the shell invoking su, not by the shell
invoked by su.  So there will be no change w.r.t. to $B and $D.

There will be a change in concatenating:  Debian's new su will not
concatenate the parameters to make up a command string.  So you have to
do it yourself.  That's what the 'set' command in conjunction with the
special parameter "$*" does.

But this feature of Debian's old su (i.e. concatenating the command
arguments), is an undocumented feature:  It is not documented in Debian's
old su's manual page.  So every invocation of su that adheres to the
specification of Debian's old su won't use it anyway but concatenate all
command string components by itself.

The feature of Debian's old su to implicit pass a "-c" parameter to the
shell if there are any arguments following the username, is undocumented,
too.  So every conforming invocation of su would supply "-c" by itself
and not relay on su doing it implicitly.

And what about quoting?  No.  There will be no change in quoting, because
old su (like every su) does no quoting by itself, it simply concatenates
the arguments.

You may call this a bug of su, but it is not:  Su does not know anything
about quoting for username's shell it is going to start.  As there are
different shells (sh, bash, csh, tcsh, ksh, ash, some people use even
emacs, ...)  with different ways to quote, su cannot know how to quote
the parameters before constructing a command to be executed by username's
shell.

So what does Debian's old su do, when it constructs the command to be
executed by the username's shell?

It does'nt do any quoting.  It simply concatenates all the arguments into
one string with spaces in between and supplies that string as the command
string to the shell to be called.

An example may illustrate this.  In the following, I assume, that the
shell to enter this commands into is a bash and that the username's shell
(that will be invoked by su) is a bash, too:

Don't do this at home!

$ su -- username 'ls' '--' 'white     space' 'a fancy name; rm -rf ~'

Here, su is called with 6 parameters: '--', 'username', 'ls', '--',
'white     space' and 'a fancy name; rm -rf ~'.

Note, that the single quotes are not part of the parameters, as seen by
su.  I write them in this text to indicate the start and the end of each
of the parameters (which may contain white space).  Su will get the 6
parameters without the quotes as positional parameters.  The single
quotes in the command line are necessary, to indicate to the bash
invoking su what the parameters to pass to su are to be.

Debian's old su will notice, that the first parameter after the username
(i.e. 'ls') is not a su option (see manual page su), so it assumes, that
it is one of the words to be concatenated to make up the command string
to pass to username's shell to be invoked.

Therfore, Debian's old su will invoke the username's bash as follows
(note, that the parameters to su are simply concatenated with spaces in
between, no additional level of quoting is done by su):

$ bash -c 'ls -- white     space a fancy name; rm -rf ~'

What will that bash, that is invoked by su, do?  To understand, what will
happen, take a look at the manual page bash(1):

   BASH(1)

   NAME
          bash - GNU Bourne-Again SHell

   SYNOPSIS
          bash [options] [file]

[...]

   OPTIONS
          In addition to the single-character shell options documented in
          the description of the set builtin command, bash interprets the
          following options when it is invoked:

          -c string If the -c option is present, then commands are read
                    from string.  If there are arguments after the
                    string, they are assigned to the positional
                    parameters, starting with $0.

So, username's bash will execute the following two commands (note the
semicolon!):

$ ls -- white     space a fancy name; rm -rf ~

Do I have to comment, what will happen?

To achieve the same (bad) result using Debian's both old or new su, Linux
Standard Base's su, etc, one could enter the following command,
i.e. construct the parameters that su will use to invoke username's bash
by oneself and pass them to su.

W.r.t. to the command string, that would be: concatenate the arguments by
yourself and pass the resulting command string to su:

$ su -- username -c 'ls -- white     space a fancy name; rm -rf ~'

Here, Debian's new su, Linux Standard Base's su, etc, would just pass the
remaining (here: two) parameters (if any) following the username to
username's shell.

Debian's old su would notice, that there are parameters following the
username.  It assumes, that they should make up a command to be passed to
username's shell.  As the first parameter is '-c', it takes this as the
parameter '-c' to be passed to username's shell, indicating to it, that a
command string will follow.  Therefore, Debian's old su concatenates all
the parameters following the '-c' with spaces in between (here is nothing
to concatenate: only one parameter is remaining).

Let me summarize:

If you construct the command line by yourself and pass to Debian's old su
only 2 command parameters: '-c', and the command line, then it will behave
like Debian's new su, Linux Standard Base's su, etc.

If you pass more than 1 command line fragment, then Debian's old su will
concatenate the command line fragments with spaces in
between (but without quoting!) to make up the command line.

This "concatenating a command to be executed by username's shell" is a
misleading feature of Debian's old su:  It pretends to do proper command
construction (including quoting) whereas it simply concatenates the
parameters.

Now, what could one do to avoid that mess?  (1) Either construct a
command string by yourself with proper quoting or (2) use username's
shell (here: bash) to handle the unquoted arguments to ls by itself.

To do (1), there is AFAIK no utility that does that in an easy way.  One
could operate with the 'printf' bash-builtin command using the format
string '%q', but that's not easy (and would only work, if username's shell
is one that accepts bash's way of quoting).

To do (2), one can use the shell's "positional parameters".

How to use the positional parameters?  Again, bash(1) helps:

   PARAMETERS
          A parameter is an entity that stores values.  It can be a name,
          a number, or one of the special characters listed below under
          Special Parameters.

[...]

      Positional Parameters
          A positional parameter is a parameter denoted by one or more
          digits, other than the single digit 0.  Positional parameters
          are assigned from the shell’s arguments when it is invoked, and
          may be reassigned using the set builtin command.

      Special Parameters
          The shell treats several parameters specially.

[...]

          @      Expands to the positional parameters, starting from one.
                 When the expansion occurs within double quotes, each
                 parameter expands to a separate word.  That is, "$@" is
                 equivalent to "$1" "$2" ...  When there are no
                 positional parameters, "$@" and $@ expand to nothing
                 (i.e., they are removed).


Now, we can use the shell invocation parameters '-c' 'string':

The command

$ bash -c 'ls -- "$@"' 'bash' 'white     space' 'a fancy name; rm -rf ~'

invokes a bash, giving it 5 parameters: '-c', 'ls -- "$@"' 'bash',
'white     space' and 'a fancy name; rm -rf ~'.

The first parameter, '-c', indicates to bash (see manual page above),
that bash should execute a command string (the second parameter
'ls -- "$@"') rather than be an interactive shell.

The 3 remaining parameters after the string following '-c', i.e. the
parameters 'bash', 'white     space' and 'a fancy name; rm -rf ~', are
assigned to the bash's positional parameters $0, $1 and $2, i.e. in that
bash, executing the commands

$ test "$0" = bash
$ test "$1" = 'white     space'
$ test "$2" = 'a fancy name; rm -rf ~'

would yield the exit code zero.

When executing the command

$ ls -- "$@"

in that bash, bash expands the expression "$@" to the positional
parameters no. 1 and 2:  The program ls gets called with the three
parameters '--', 'white     space' and 'a fancy name; rm -rf ~':

$ ls -- 'white     space' 'a fancy name; rm -rf ~'


To make a long story short:  To achieve proper parameter propagation
through su, there are two ways to go:  Either quote all arguments by
yourself (that's not easy!) when constructing the command string or pass
all arguments as separate parameters to username's shell and let that
shell construct the command by itself.

So, clearly the second way is the preferable way to do it.

Debian's new su, Linux Standard Base's su, etc, would just pass the
parameters given to it unchanged (i.e. not concatenated) to the
username's shell it invokes, thus let the user of su pass positional
parameters to the shell to be expanded using '"$@"'.

With Debian's old su, it is impossible to pass positional parameters to a
shell following the parameters '-c' 'ls -- "$@"', because it concatenates
all remaining parameters to the command string.  Therefore, Debian's old
su thwarts the second way to achieve proper parameter passing!

That's one of the reasons why I want Debian's su behavior to change to
Debian's old su's specification (i.e. manual page) and Linux Standard
Base', Fedora's, HPUX's and Solaris' su's semantics and specification.

Let me drop some words about (using Debian's old su)

>  su username command A $B "C $D"

and (using Debian's new su)

>  su username -c "command A \"$B\" \"C $D\""

.  As Debian's both old an new su don't do any quoting, there is no way
to construct an invocation of su without using the positional parameters
or explicit quoting (e.g. using printf ' %q') by simply inserting
quotation marks into the command string:

For example:

$ A="\"':; cd; rm -r .;'; cd; rm -r .;\":; cd; rm -r .;:"

With Debian's old su, all four commands

$ su username ls "\"$A\""
$ su username ls "'$A'"
$ su username ls "$A"
$ su username -c "ls \"\$@\"" bash "$A"

would empty username's home directory, whereas Debian's new su, Linux
Standard Base's su, etc, when invoked by

$ su username -c "ls \"\$@\"" bash "$A"

would do what it is told to do.

Best regards,

Helmut
-- 
Wenn Sie mir E-Mail schreiben, stellen |  When writing me e-mail, please
Sie bitte vor meine E-Mail-Adresse     |  precede my e-mail address with
meinen Vor- und Nachnamen, etwa so:    |  my full name, like
Helmut Waitzmann <xxx@example.net>, (Helmut Waitzmann) xxx@example.net

Send a report that this bug log contains spam.