[Bug 192837] New: [patch] su(1) does not need to fork; it causes terminal problems

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Tue Aug 19 18:28:17 UTC 2014 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=192837

            Bug ID: 192837
           Summary: [patch] su(1) does not need to fork; it causes
                    terminal problems
           Product: Base System
           Version: 10.0-RELEASE
          Hardware: amd64
                OS: Any
            Status: Needs Triage
          Severity: Affects Some People
          Priority: ---
         Component: bin
          Assignee: freebsd-bugs at FreeBSD.org
          Reporter: ta0kira at gmail.com

Created attachment 146044
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=146044&action=edit
patch for the modification suggested above

Problem:

When calling /usr/bin/su, there are several unconditional calls to tcsetpgrp,
which changes control of the terminal. This causes problems when the su call is
a part of a pipeline and other processes in that pipeline require terminal
access. For example, if I run the following:

root at host$ su -m nobody -c 'find /' | less

...less will get stuck in the background. This is a problem when the call to su
is embedded in a script (e.g., root scripts that need to occasionally do
something as a normal user), and that script is a part of a pipeline, because
one can't simply move the rest of the pipeline into the su command.

The calls to tcsetpgrp are only necessary because su forks and creates a new
process group for the child. Because the child potentially needs the terminal
for authentication or executing the command, it needs terminal control, which
takes it away from whatever process group su is a part of, e.g., a pipeline.


Solution:

I don't see a good reason for the fork+setpgid+waitpid code
(https://svnweb.freebsd.org/base/stable/10/usr.bin/su/su.c?revision=256281&view=markup#l445).
Really, the only thing it accomplishes is having the original suid process hang
around until the command finishes, and it prevents the command from being a
part of the pipeline it's embedded in. (e.g., in "su -m nobody -c 'find /' |
less", "find" and "less" will not be in the same process group.) The fork code
causes problems under these limited circumstances, without any apparent
benefit. I therefore suggest that the fork code be removed, providing expected
behavior to su. (Just for comparison, GNU su doesn't fork, and it exhibits the
expected behavior.)

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the freebsd-bugs mailing list