From: Chris Hofstaedtler <zeha@debian.org>
To: Katie May <katie.may@canonical.com>, 1132588@bugs.debian.org
Cc: util-linux@vger.kernel.org, cgoesche <cgoesc2@wgu.edu>
Subject: Re: Bug#1132588: runuser: missing whitelist-environment option
Date: Fri, 3 Apr 2026 13:14:27 +0200 [thread overview]
Message-ID: <ac-hE5WXBkG4pKZa@per.namespace.at> (raw)
In-Reply-To: <CA+499YPv1qATJg3SWqz_UrY77Lksibs5UJAaAhck0Vct3EdSuQ@mail.gmail.com>
[CC'ing upstream]
On Fri, Apr 03, 2026 at 11:57:46AM +0200, Katie May wrote:
> Package: util-linux
> Version: 2.42-1
>
> Dear Maintainer,
>
> runuser no longer accepts the whitelist-environment option (both in long
> and short form) despite it still being listed in the man page.
>
> For example, without specifying whitelist, runuser works
> ```
> # runuser -l test -c id
> uid=12345(test) gid=12345(test) groups=12345(test)
> ```
>
> But if I specify an environment variable to whitelist I get an error
> ```
> # runuser -l test -w MY_VAR -c id
> -sh: 0: Illegal option -w
> ```
It appears to work when placing the options in a different order,
f.e. this works:
# MY_VAR=foo runuser -w MY_VAR -l root -c env
Notably the placement of the -l option and the username seem to be
the problem.
I'll note that `MY_VAR=foo runuser -l root -w MY_VAR -c env` worked in 2.41.
Maybe ac0147fd14b348097c82c1c89a5417b582e26bad broke this?
| commit ac0147fd14b348097c82c1c89a5417b582e26bad
| Author: cgoesche <cgoesc2@wgu.edu>
| AuthorDate: Sun Nov 2 11:55:09 2025 -0500
| Commit: cgoesche <cgoesc2@wgu.edu>
| CommitDate: Mon Nov 3 13:16:19 2025 -0500
|
| su: pass arguments after <user> to shell
|
| The su(1) manpage describes how the arguments after <user>
| are passed to the invoked shell. However this is empirically
| wrong, as option flags after <user> are interpreted by su(1)
| and will eventually never be passed or yield an error that
| terminates the program due to an unrecognized option flag.
|
| To fix this we can change getopt(3)'s scanning mode with a '+'
| prefixed to 'optstring', this will make it so that getopt(3)
| stops processing argv elements on the first occurrence of a
| non-option argument, e.g. '-' or '<user>'.
|
| Additionally, if the argument that directly follows '-' is an
| option flag, su(1) will assume that this argument and the ones
| that follow, are to be passed to a shell invoked by the root user.
|
| Addresses: https://github.com/util-linux/util-linux/pull/1809
| Signed-off-by: cgoesche <cgoesc2@wgu.edu>
Chris
next parent reply other threads:[~2026-04-03 11:14 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <CA+499YPv1qATJg3SWqz_UrY77Lksibs5UJAaAhck0Vct3EdSuQ@mail.gmail.com>
2026-04-03 11:14 ` Chris Hofstaedtler [this message]
2026-04-03 23:23 ` Bug#1132588: runuser: missing whitelist-environment option Christian Albrecht Goeschel Ndjomouo
2026-04-04 11:19 ` Chris Hofstaedtler
2026-04-07 8:27 ` Karel Zak
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ac-hE5WXBkG4pKZa@per.namespace.at \
--to=zeha@debian.org \
--cc=1132588@bugs.debian.org \
--cc=cgoesc2@wgu.edu \
--cc=katie.may@canonical.com \
--cc=util-linux@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox