* Apply a few patches to make su' behave more like the old su' from

coreutils: - Don't remove variables such as $PATH and $SHELL from the calling environment (from upstream). - When su is invoked with command line arguments for the shell (e.g. "su - -c 'cmd'"), set argv[0] in the shell to "-su" or "-<basename>" (as determined by the SU_NAME option in /etc/login.defs). This is necessary to make Bash compiled with the NON_INTERACTIVE_LOGIN_SHELLS option to read startup files. - Don't set $PATH to /bin:/usr/bin but inherit the $PATH of the caller. svn path=/nixpkgs/trunk/; revision=22140
2010-06-04 11:32:42 +00:00 · 2010-06-04 11:32:42 +00:00 · 18f565e290
commit 18f565e290
parent 3c3d5d5184
4 changed files with 60 additions and 0 deletions
--- a/pkgs/os-specific/linux/shadow/default.nix
+++ b/pkgs/os-specific/linux/shadow/default.nix
@ -9,6 +9,8 @@ stdenv.mkDerivation rec {
  };

  buildInputs = [ pam ];
+
+  patches = [ ./no-sanitize-env.patch ./su-name.patch ./keep-path.patch ];
  
  meta = {
    homepage = http://pkg-shadow.alioth.debian.org/;
--- a/pkgs/os-specific/linux/shadow/keep-path.patch
+++ b/pkgs/os-specific/linux/shadow/keep-path.patch
@ -0,0 +1,22 @@
+Don't reset $PATH to /bin:/usr/bin.  This is consistent with `su' in
+coreutils and important on NixOS.
+
+diff -ru -x '*~' shadow-4.1.4.2-orig/src/su.c shadow-4.1.4.2/src/su.c
+--- shadow-4.1.4.2-orig/src/su.c	2009-07-23 22:38:56.000000000 +0200
+++ shadow-4.1.4.2/src/su.c	2010-06-04 13:23:11.000000000 +0200
+@@ -827,6 +827,7 @@
+ 	(void) signal (SIGINT, SIG_DFL);
+ 	(void) signal (SIGQUIT, SIG_DFL);
+ 
+#if 0
+ 	cp = getdef_str ((pwent.pw_uid == 0) ? "ENV_SUPATH" : "ENV_PATH");
+ 	if (NULL == cp) {
+ 		addenv ("PATH=/bin:/usr/bin", NULL);
+@@ -835,6 +836,7 @@
+ 	} else {
+ 		addenv ("PATH", cp);
+ 	}
+#endif
+ 
+ 	if (getenv ("IFS") != NULL) {	/* don't export user IFS ... */
+ 		addenv ("IFS= \t\n", NULL);	/* ... instead, set a safe IFS */
--- a/pkgs/os-specific/linux/shadow/no-sanitize-env.patch
+++ b/pkgs/os-specific/linux/shadow/no-sanitize-env.patch
@ -0,0 +1,16 @@
+Don't remove environment variables such as PATH or SHELL.
+
+http://bugs.gentoo.org/show_bug.cgi?id=301957
+https://alioth.debian.org/scm/browser.php?group_id=30580
+
+--- a/src/su.c
+++ b/src/su.c
+@@ -342,7 +342,7 @@
+ #endif
+ #endif				/* !USE_PAM */
+ 
+-	sanitize_env ();
+	/* sanitize_env (); */
+ 
+ 	(void) setlocale (LC_ALL, "");
+ 	(void) bindtextdomain (PACKAGE, LOCALEDIR);
--- a/pkgs/os-specific/linux/shadow/su-name.patch
+++ b/pkgs/os-specific/linux/shadow/su-name.patch
@ -0,0 +1,20 @@
+When su is invoked with command line arguments for the shell (e.g. "su
+- -c 'cmd'"), set argv[0] in the shell to "-su" or "-<basename>" (as
+determined by the SU_NAME option in /etc/login.defs).  This is
+necessary to make Bash compiled with the NON_INTERACTIVE_LOGIN_SHELLS
+option to read startup files.  It is also consistent with the
+behaviour of `su' in coreutils, and with the case where there are no
+arguments ("su -").
+
+diff -ru -x '*~' shadow-4.1.4.2-orig/src/su.c shadow-4.1.4.2/src/su.c
+--- shadow-4.1.4.2-orig/src/su.c	2009-07-23 22:38:56.000000000 +0200
+++ shadow-4.1.4.2/src/su.c	2010-06-04 13:02:24.000000000 +0200
+@@ -983,7 +983,7 @@
+ 		 * Use the shell and create an argv
+ 		 * with the rest of the command line included.
+ 		 */
+-		argv[-1] = shellstr;
+		argv[-1] = cp;
+ #ifndef USE_PAM
+ 		execve_shell (shellstr, &argv[-1], environ);
+ 		err = errno;