Bug#836175: [buildd-tools-devel] Bug#836175: libsbuild-perl: Do not use single quotes in embedded perl script

Wed, 12 Oct 2016 06:39:33 -0700 

Hi,

On Thu, 1 Sep 2016 01:00:38 +0200 Samuel Thibault <sthiba...@debian.org> wrote:
> Johannes Schauer, on Wed 31 Aug 2016 19:29:47 +0200, wrote:
> > if your setup deviates from the default, please include in your bugreport 
> > how
> > it does.
> 
> Ok, got to reproduce it easily:
> 
> # sbuild-createchroot sid /var/tmp/foo http://ftp2.fr.debian.org/debian
> # sudo sbuild-adduser samy                                          
> 
> in ~samy/.sbuildrc, just put 
> 
> $chroot_mode='sudo';
> 
> and then
> 
> sbuild -d sid foo_1.1-1
> 
> gets the issue.

sorry for the long wait. Indeed the problem is with the sudo chroot mode. The
problem should also occur with the plain chroot mode. As I pointed out in
earlier messages, the solution should not be to just replace all single quotes
by double quotes. Instead, we can apply a smarter fix by properly escaping the
command string. Here is a patch:


--- a/lib/Sbuild/ChrootSudo.pm
+++ b/lib/Sbuild/ChrootSudo.pm
@@ -25,6 +25,7 @@ package Sbuild::ChrootSudo;
 use strict;
 use warnings;
 
+use Sbuild qw(shellescape);
 use Sbuild::Sysconfig;
 
 BEGIN {
@@ -111,14 +112,10 @@ sub get_command_internal {
         my $shellcommand;
         foreach (@$command) {
             my $tmp = $_;
-            $tmp =~ s/'//g; # Strip any single quotes for security
-            if ($_ ne $tmp) {
-                $self->log_warning("Stripped single quote from command for 
security: $_\n");
-            }
             if ($shellcommand) {
-                $shellcommand .= " '$tmp'";
+                $shellcommand .= " " . shellescape $tmp;
             } else {
-                $shellcommand = "'$tmp'";
+                $shellcommand = shellescape $tmp;
             }
         }
         push(@cmdline, '/bin/sh', '-c', "cd '$dir' && $shellcommand");



When I try this out, then many commands seem to be executed correctly. My build
fails as soon as sbuild attempts to execute something inside the chroot not as
the root user but as the user running sbuild. So I end up getting:

User Environment
----------------

sudo: no tty present and no askpass program specified
E: read_command failed to execute env
E: unable to open pipe


So this seems to be some problem with sudo. How can I fix it? Do you run into
the same problem?  You can easily run sbuild from git using:

PERL5LIB=$SBUILDGITPATH/lib $SBUILDGITPATH/bin/sbuild --chroot-mode=sudo

Thanks!

cheers, josch

Attachment: signature.asc
Description: signature

Reply via email to