From ec32be73edd8b1a143e85c36327705f6db4021e1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Fri, 5 Jul 2019 20:38:04 +0200 Subject: [PATCH] Specify expected shell in su calls When calling su with a specific script, specify /bin/sh shell to be sure to use posix compliant shell. User shell may not be a one (like fish). Fixes QubesOS/qubes-issues#5135 --- qubes-rpc/qubes.InstallUpdatesGUI | 4 ++-- qubes-rpc/qubes.WaitForSession | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/qubes-rpc/qubes.InstallUpdatesGUI b/qubes-rpc/qubes.InstallUpdatesGUI index 9c14e6cc1..e01bace1e 100755 --- a/qubes-rpc/qubes.InstallUpdatesGUI +++ b/qubes-rpc/qubes.InstallUpdatesGUI @@ -17,7 +17,7 @@ elif [ -e /etc/arch-release ]; then else update_cmd='echo Unsupported distribution, install updates manually; bash -i' fi -xterm -title update -e su -l -c "$update_cmd; echo Done.; test -f /var/run/qubes/this-is-templatevm && { echo Press Enter to shutdown the template, or Ctrl-C to just close this window; read x && poweroff; } ;" +xterm -title update -e su -s /bin/sh -l -c "$update_cmd; echo Done.; test -f /var/run/qubes/this-is-templatevm && { echo Press Enter to shutdown the template, or Ctrl-C to just close this window; read x && poweroff; } ;" # Notify dom0 about installed updates -su -c 'service qubes-update-check start' +su -s /bin/sh -c 'service qubes-update-check start' diff --git a/qubes-rpc/qubes.WaitForSession b/qubes-rpc/qubes.WaitForSession index d1a0c2190..ba1fbe2f6 100755 --- a/qubes-rpc/qubes.WaitForSession +++ b/qubes-rpc/qubes.WaitForSession @@ -10,7 +10,7 @@ cmd='echo $$ >> /tmp/qubes-session-waiter; [ ! -f /tmp/qubes-session-env ] && ex if [ "$(id -un)" = "$USERNAME" ]; then sh -c "$cmd" 2>/dev/null else - su -c "$cmd" - "$USERNAME" 2> /dev/null + su -s /bin/sh -c "$cmd" - "$USERNAME" 2> /dev/null fi # the above line is _expected_ to be terminated by a signal, don't treat this as a failure exit 0