Specify expected shell in su calls

When calling su with a specific script, specify /bin/sh shell to be sure to use posix compliant shell. User shell may not be a one (like fish). Fixes QubesOS/qubes-issues#5135
2019-07-05 20:38:04 +02:00 · 2019-07-05 20:38:04 +02:00 · ec32be73ed
commit ec32be73ed
parent d2c28d12a2
2 changed files with 3 additions and 3 deletions
--- a/qubes-rpc/qubes.InstallUpdatesGUI
+++ b/qubes-rpc/qubes.InstallUpdatesGUI
@ -17,7 +17,7 @@ elif [ -e /etc/arch-release ]; then
 else
    update_cmd='echo Unsupported distribution, install updates manually; bash -i'
 fi
-xterm -title update -e su -l -c "$update_cmd; echo Done.; test -f /var/run/qubes/this-is-templatevm && { echo Press Enter to shutdown the template, or Ctrl-C to just close this window; read x && poweroff; } ;"
+xterm -title update -e su -s /bin/sh -l -c "$update_cmd; echo Done.; test -f /var/run/qubes/this-is-templatevm && { echo Press Enter to shutdown the template, or Ctrl-C to just close this window; read x && poweroff; } ;"

 # Notify dom0 about installed updates
-su -c 'service qubes-update-check start'
+su -s /bin/sh -c 'service qubes-update-check start'
--- a/qubes-rpc/qubes.WaitForSession
+++ b/qubes-rpc/qubes.WaitForSession
@ -10,7 +10,7 @@ cmd='echo $$ >> /tmp/qubes-session-waiter; [ ! -f /tmp/qubes-session-env ] && ex
 if [ "$(id -un)" = "$USERNAME" ]; then
    sh -c "$cmd" 2>/dev/null
 else
-    su -c "$cmd" - "$USERNAME" 2> /dev/null
+    su -s /bin/sh -c "$cmd" - "$USERNAME" 2> /dev/null
 fi
 # the above line is _expected_ to be terminated by a signal, don't treat this as a failure
 exit 0