1245780 – "runuser" does not sanitize the environment

Bug 1245780 - "runuser" does not sanitize the environment

Summary: "runuser" does not sanitize the environment

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	util-linux
Sub Component:
Version:	21
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Karel Zak
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2015-07-22 18:00 UTC by Piergiorgio Sartor
Modified:	2015-07-24 07:09 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2015-07-23 07:35:16 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Piergiorgio Sartor 2015-07-22 18:00:09 UTC

Description of problem:
It seems that when "runuser" executes something, with user ID, it does not clean up (sanitize) the environment.
This leads to problems whenever some environmental variable is used by the executed process, leading, for example, to permission problems.

Version-Release number of selected component (if applicable):
util-linux-2.25.2-3.fc21.x86_64

How reproducible:
Always

Steps to Reproduce:
1.
As root:
/bin/mkdir -p /tmp/root -m 700
export TMPDIR=/tmp/root
2.
runuser -u someuser somecommand_using $TMPDIR

Actual results:
Usually the "somecommand_using" fails, because it gets $TMPDIR from root environment, with root permissions only (which are not for all, in this example).

Expected results:
Well, likely "runuser" should clean up all environmental variables not strictly needed and / or replace the needed ones ($PATH maybe?) with proper values.

Additional info:
In Ubuntu / Debian there is "runas", which does indeed clean up the environment before running a command as user.

Hope this helps,

bye,

pg

Comment 1 Karel Zak 2015-07-23 07:35:16 UTC

man runuser:

       For  backward  compatibility,  runuser  defaults to not change the current directory and to only set the environment variables HOME and SHELL (plus USER and LOGNAME if the target
       user is not root).  

...

      -, -l, --login
              Start the shell as a login shell with an environment similar to a real login:

                 o      clears all the environment variables except for TERM

                 o      initializes the environment variables HOME, SHELL, USER, LOGNAME, PATH

                 o      changes to the target user's home directory

                 o      sets argv[0] of the shell to '-' in order to make the shell a login shell

Comment 2 Piergiorgio Sartor 2015-07-23 17:39:19 UTC

Hi Karel,

thanks for the information, but that's not really the same, unless I'm missing something.

runuser -u user ls /var/tmp

<content of /var/tmp>

runuser - user ls /var/tmp

/bin/ls: /bin/ls: cannot execute binary file

Of course, it seems to work with something like:

runuser - user -c 'ls /var/tmp'

So, yes, the "-l" option has that feature, but it does not really allow to execute a command. The "-c" I'm not sure it is really correct.

Maybe I forgot to mention, this command should run in a script executed by root, doing something like "rpmbuild" or similar, as a non-root user.

Clearly, if "-c" is the correct way to go, then I can change to that.

Thanks again,

bye,

pg

Comment 3 Karel Zak 2015-07-24 07:09:23 UTC

Yes, "-c" is necessary.

Unfortunately, we cannot change the current behavior (due to backward compatibility) to clear environment for "-u". Maybe introduce a new option for this functionality. Anyway, you need -c for now.

Note You need to log in before you can comment on or make changes to this bug.