summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJoey Hess2018-01-17 15:13:35 -0400
committerJoey Hess2018-01-17 15:13:35 -0400
commitb3c795dc4784e64e2756d3736ce953a1e507f509 (patch)
tree068cdcdd5f8f2fca47382b62cf3ed86e2a9520e9
parent7e62d051b41abe9b780cfbb8d37fecf97dce8226 (diff)
Run su with --login
To avoid inheriting some problematic environment variables, such as TMP, from the caller. The only potential breakage from this change would be if something used setEnv before one of the affected properties. Audited propellor's source for that, and nothing does. Anything that did would could fail in a concurrent context anyway.
-rw-r--r--debian/changelog2
-rw-r--r--src/Propellor/Property/Cmd.hs3
-rw-r--r--src/Propellor/Property/Gpg.hs6
3 files changed, 7 insertions, 4 deletions
diff --git a/debian/changelog b/debian/changelog
index 4545bcd1..acfbc895 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -8,6 +8,8 @@ propellor (5.3.0) UNRELEASED; urgency=medium
* Added rawPartition to PartSpec, for specifying partitions with no
filesystem.
* Added BiosGrubFlag to PartFlag.
+ * Run su with --login, to avoid inheriting some problematic environment
+ variables, such as TMP, from the caller.
-- Joey Hess <id@joeyh.name> Tue, 02 Jan 2018 13:06:45 -0400
diff --git a/src/Propellor/Property/Cmd.hs b/src/Propellor/Property/Cmd.hs
index f2de1a27..fbe112cc 100644
--- a/src/Propellor/Property/Cmd.hs
+++ b/src/Propellor/Property/Cmd.hs
@@ -94,6 +94,7 @@ scriptProperty script = cmdProperty "sh" ["-c", shellcmd]
-- | A property that can satisfied by running a script
-- as user (cd'd to their home directory).
userScriptProperty :: User -> Script -> UncheckedProperty UnixLike
-userScriptProperty (User user) script = cmdProperty "su" ["--shell", "/bin/sh", "-c", shellcmd, user]
+userScriptProperty (User user) script = cmdProperty "su"
+ ["--login", "--shell", "/bin/sh", "-c", shellcmd, user]
where
shellcmd = intercalate " ; " ("set -e" : "cd" : script)
diff --git a/src/Propellor/Property/Gpg.hs b/src/Propellor/Property/Gpg.hs
index 27baa4ba..ac057b2e 100644
--- a/src/Propellor/Property/Gpg.hs
+++ b/src/Propellor/Property/Gpg.hs
@@ -33,7 +33,7 @@ keyImported key@(GpgKeyId keyid) user@(User u) = prop
ifM (liftIO $ hasGpgKey (parse keylines))
( return NoChange
, makeChange $ withHandle StdinHandle createProcessSuccess
- (proc "su" ["-c", "gpg --import", u]) $ \h -> do
+ (proc "su" ["--login", "-c", "gpg --import", u]) $ \h -> do
hPutStr h (unlines keylines)
hClose h
)
@@ -49,11 +49,11 @@ keyImported key@(GpgKeyId keyid) user@(User u) = prop
hasPrivKey :: GpgKeyId -> User -> IO Bool
hasPrivKey (GpgKeyId keyid) (User u) = catchBoolIO $
- snd <$> processTranscript "su" ["-c", "gpg --list-secret-keys " ++ shellEscape keyid, u] Nothing
+ snd <$> processTranscript "su" ["--login", "-c", "gpg --list-secret-keys " ++ shellEscape keyid, u] Nothing
hasPubKey :: GpgKeyId -> User -> IO Bool
hasPubKey (GpgKeyId keyid) (User u) = catchBoolIO $
- snd <$> processTranscript "su" ["-c", "gpg --list-public-keys " ++ shellEscape keyid, u] Nothing
+ snd <$> processTranscript "su" ["--login", "-c", "gpg --list-public-keys " ++ shellEscape keyid, u] Nothing
dotDir :: User -> IO FilePath
dotDir (User u) = do