Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 301957

Summary: sys-apps/shadow: su drops SHELL, HOME and other env with no apparent reason
Product: Gentoo Linux Reporter: Peter Volkov (RETIRED) <pva>
Component: Current packagesAssignee: Gentoo's Team for Core System packages <base-system>
Status: RESOLVED FIXED    
Severity: normal Keywords: InOverlay
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 281366    

Description Peter Volkov (RETIRED) gentoo-dev 2010-01-23 17:29:55 UTC 
For some reason su in shadow package strips useful environment varialbes in sanitize_env() (e.g. HOME, SHELL). This breaks documented behavior of su itself: man su states:

  -s, --shell SHELL
     The shell that will be invoked.

     The invoked shell is chosen from (highest priority first):
     
     ?   The shell specified with --shell.
     ?   If --preserve-environment is used, the shell specified by the $SHELL environment variable.
     ?   The shell indicated in the /etc/passwd entry for the target user.
     ?    /bin/sh if a shell could not be found by any above method.

But since libmisc/env.c:sanitize_env (); is called at the very beginning of su, SHELL env gets stripped out and its value will never be used.

This was reported upstream here:
https://alioth.debian.org/tracker/index.php?func=detail&aid=312287&group_id=30580&atid=411478 )

Also by dropping HOME it impossible to use ejabberdctl (part of ejabberdctl). ejabberdctl does:

EXEC="su - jabber -p -c"
$EXEC some command

and some command is erlang runtime which abort in case HOME is not set. Actuall error I see is:

"erlexec: HOME must be set"

The following patch in debian fixes both issue:
http://patch-tracker.debian.org/patch/series/view/shadow/1:4.1.4.2-1/008_su_no_sanitize_env

Please commit or give me ok to commit and I'll do together with ejabberd version bump. Just for recored fixed ebuild was pushed into my overlay here:

http://overlays.gentoo.org/svn/dev/pva/sys-apps/shadow
Comment 1 Peter Volkov (RETIRED) gentoo-dev 2010-01-24 18:13:51 UTC 
And now patch was applied upstream:
https://alioth.debian.org/scm/browser.php?group_id=30580
Comment 2 SpanKY gentoo-dev 2010-01-24 20:25:02 UTC 
feel free to add the upstream commits
Comment 3 Peter Volkov (RETIRED) gentoo-dev 2010-01-27 10:34:31 UTC 
Thanks. Added to the tree. Upstream's patch is a bit different: the remove code instead of commented it out. But since this is one-liner and all references are in place I don't think this makes any difference.