Hello everybody, this is a sort of call for help. Warning! I am *not* subscribed to the debian-ruby list, hence, please Cc: me on replies. Thanks! As some of you may remember (from a previous thread [1]), I am one of the two co-maintainers of apt-listbugs. Two bugs have been recently reported for apt-listbugs [2], both caused by a recent security fix for su [3] that disabled the possibility to open /dev/tty for the child process of su -c "command" . [1] http://lists.debian.org/debian-ruby/2012/01/msg00025.html [2] if you have time and want to read more details, the two bugs are #662865 and #662983 [3] see #628843 for more details I tried to think of a way to address these issues by only modifying apt-listbugs, but I am in trouble... Hence I am here asking for ideas to people more knowledgeable than me about Ruby. The most general issue is that apt-listbugs needs to perform the following steps (when run in "apt" mode): * first it reads some input through its STDIN, through a pipe * when this input ends (EOF), apt-listbugs needs to be able to become interactive and ask questions to the user, and get answers from STDIN, and possibly also run a web browser (that could be a textual browser, depending on the user preferences) and let the user interact with the browser Currently, apt-listbugs does all this by opening "/dev/tty", after the input ends. This no longer works, when apt-listbugs is invoked inside an su -c "command" , due to the above-cited security fix. So, the main problem seems to be reproducible with the following minimal test (so short and essential, that I don't think it is covered by copyright: hence, please use, copy, modify, and redistribute freely!) $ cat input.txt one two three $ cat test.rb #!/usr/bin/ruby STDIN.each { |line| puts "item: #{line}" # do many other things... } tty = open("/dev/tty", "r") print "Enter something: " ans = tty.gets.chomp puts "You entered \"#{ans}\"" # do many more things... puts "Bye!" $ cat input.txt | ./test.rb item: one item: two item: three Enter something: yeah! You entered "yeah!" Bye! $ su -c "cat input.txt | ./test.rb" Password: item: one item: two item: three ./test.rb:8:in `initialize': No such device or address - /dev/tty (Errno::ENXIO) from ./test.rb:8:in `open' from ./test.rb:8 The question is: is there a way to achieve this result, without being limited by the above-cited security fix, so that the last command may work as well? Any idea or suggestion? Unfortunately, I haven't found much documentation about this kind of tricks in Ruby... I would greatly appreciate your help. Thanks for your time. -- http://www.inventati.org/frx/frx-gpg-key-transition-2010.txt New GnuPG key, see the transition document! ..................................................... Francesco Poli . GnuPG key fpr == CA01 1147 9CD2 EFDF FB82 3925 3E1C 27E1 1F69 BFFE
Attachment:
pgplanWMVEEjT.pgp
Description: PGP signature