Specify expected shell in su calls

When calling su with a specific script, specify /bin/sh shell to be sure to use posix compliant shell. User shell may not be a one (like fish). Fixes QubesOS/qubes-issues#5135 (cherry picked from commit ec32be7)
QubesOS · Sep 7, 2019 · 7de3c52 · 7de3c52
1 parent 1f8cba9
commit 7de3c52
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 3 deletions.
diff --git a/qubes-rpc/qubes.InstallUpdatesGUI b/qubes-rpc/qubes.InstallUpdatesGUI
@@ -17,7 +17,7 @@ elif [ -e /etc/arch-release ]; then
 else
     update_cmd='echo Unsupported distribution, install updates manually; bash -i'
 fi
-xterm -title update -e su -l -c "$update_cmd; echo Done.; test -f /var/run/qubes/this-is-templatevm && { echo Press Enter to shutdown the template, or Ctrl-C to just close this window; read x && poweroff; } ;"
+xterm -title update -e su -s /bin/sh -l -c "$update_cmd; echo Done.; test -f /var/run/qubes/this-is-templatevm && { echo Press Enter to shutdown the template, or Ctrl-C to just close this window; read x && poweroff; } ;"
 
 # Notify dom0 about installed updates
-su -c 'service qubes-update-check start'
+su -s /bin/sh -c 'service qubes-update-check start'
diff --git a/qubes-rpc/qubes.WaitForSession b/qubes-rpc/qubes.WaitForSession
@@ -10,7 +10,7 @@ cmd='echo $$ >> /tmp/qubes-session-waiter; [ ! -f /tmp/qubes-session-env ] && ex
 if [ "$(id -un)" = "$USERNAME" ]; then
     sh -c "$cmd" 2>/dev/null
 else
-    su -c "$cmd" - "$USERNAME" 2> /dev/null
+    su -s /bin/sh -c "$cmd" - "$USERNAME" 2> /dev/null
 fi
 # the above line is _expected_ to be terminated by a signal, don't treat this as a failure
 exit 0