Help on /dev/tty and su -c

[Francesco Poli <invernomuto@paranoici.org>]

Hello everybody,
this is a sort of call for help.

Warning! I am *not* subscribed to the debian-ruby list, hence,
please Cc: me on replies. Thanks!


As some of you may remember (from a previous thread [1]), I am one of
the two co-maintainers of apt-listbugs.
Two bugs have been recently reported for apt-listbugs [2], both caused
by a recent security fix for su [3] that disabled the possibility to
open /dev/tty for the child process of  su -c "command" .

[1] http://lists.debian.org/debian-ruby/2012/01/msg00025.html
[2] if you have time and want to read more details, the two bugs
    are #662865 and #662983
[3] see #628843 for more details

I tried to think of a way to address these issues by only modifying
apt-listbugs, but I am in trouble... Hence I am here asking for ideas
to people more knowledgeable than me about Ruby.

The most general issue is that apt-listbugs needs to perform the
following steps (when run in "apt" mode):

  * first it reads some input through its STDIN, through a pipe

  * when this input ends (EOF), apt-listbugs needs to be able to become
interactive and ask questions to the user, and get answers from STDIN,
and possibly also run a web browser (that could be a textual browser,
depending on the user preferences) and let the user interact with the
browser

Currently, apt-listbugs does all this by opening "/dev/tty", after the
input ends.
This no longer works, when apt-listbugs is invoked inside an  su -c
"command" , due to the above-cited security fix.


So, the main problem seems to be reproducible with the following minimal
test (so short and essential, that I don't think it is covered by
copyright: hence, please use, copy, modify, and redistribute freely!)


$ cat input.txt 
one
two
three
$ cat test.rb 
#!/usr/bin/ruby

STDIN.each { |line|
    puts "item: #{line}"
    # do many other things...
}

tty = open("/dev/tty", "r")

print "Enter something: "
ans = tty.gets.chomp
puts "You entered \"#{ans}\""
# do many more things...
puts "Bye!"
$ cat input.txt | ./test.rb
item: one
item: two
item: three
Enter something: yeah!
You entered "yeah!"
Bye!
$ su -c "cat input.txt | ./test.rb"
Password: 
item: one
item: two
item: three
./test.rb:8:in `initialize': No such device or address - /dev/tty (Errno::ENXIO)
        from ./test.rb:8:in `open'
        from ./test.rb:8


The question is: is there a way to achieve this result, without being
limited by the above-cited security fix, so that the last command may
work as well?

Any idea or suggestion?
Unfortunately, I haven't found much documentation about this kind of
tricks in Ruby...
I would greatly appreciate your help.

Thanks for your time.


-- 
 http://www.inventati.org/frx/frx-gpg-key-transition-2010.txt
 New GnuPG key, see the transition document!
..................................................... Francesco Poli .
 GnuPG key fpr == CA01 1147 9CD2 EFDF FB82  3925 3E1C 27E1 1F69 BFFE

Attachment: pgplanWMVEEjT.pgp
Description: PGP signature