Control: found -1 1:1.22.0-19+b3 Control: severity -1 serious Dear maintainers, I just ran into this bug as well and just like for Bernhard, it had me pulling my hair for a couple of hours before I realized what was wrong: root@shepard:~# apt install busybox-static Reading package lists... Done Building dependency tree Reading state information... Done The following packages will be REMOVED: busybox* The following NEW packages will be installed: busybox-static 0 upgraded, 1 newly installed, 1 to remove and 0 not upgraded. Need to get 855 kB of archives. After this operation, 1,186 kB of additional disk space will be used. Do you want to continue? [Y/n] y Get:1 http://cdn-fastly.deb.debian.org/debian buster/main amd64 busybox-static amd64 1:1.22.0-19+b3 [855 kB] Fetched 855 kB in 1s (571 kB/s) (Reading database ... 332551 files and directories currently installed.) Removing busybox (1:1.22.0-19+b3) ... Selecting previously unselected package busybox-static. (Reading database ... 332542 files and directories currently installed.) Preparing to unpack .../busybox-static_1%3a1.22.0-19+b3_amd64.deb ... Unpacking busybox-static (1:1.22.0-19+b3) ... Processing triggers for man-db (2.7.6.1-2) ... Setting up busybox-static (1:1.22.0-19+b3) ... root@shepard:~# /bin/busybox chroot / id --version id: unrecognized option '--version' BusyBox v1.22.1 (Debian 1:1.22.0-19+b3) multi-call binary. Usage: id [OPTIONS] [USER] Print information about USER or the current user -u User ID -g Group ID -G Supplementary group IDs -n Print names instead of numbers -r Print real ID instead of effective ID root@shepard:~# /bin/busybox chroot / /usr/bin/id --version id (GNU coreutils) 8.26 Copyright (C) 2016 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Written by Arnold Robbins and David MacKenzie. root@shepard:~# As you can see, chroot will run the applet rather than the binary unless the full path is given. While this *may* be useful in some situations, it can also lead to *really* subtle failures in others, so I'm raising the severity of this bug. Please consider applying Bernhard's patch if possible or at least documenting this behaviour! Best regards Alexander Kurtz
Attachment:
signature.asc
Description: This is a digitally signed message part