netbsd-bugs: bin/17340: the meaning of the "-c" option to /usr/bin/su is overloaded

Subject: bin/17340: the meaning of the "-c" option to /usr/bin/su is overloaded
To: None <gnats-bugs@gnats.netbsd.org>
From: None <paul@plectere.com>
List: netbsd-bugs
Date: 06/20/2002 16:48:50

>Number:         17340
>Category:       bin
>Synopsis:       the meaning of the "-c" option to /usr/bin/su is overloaded
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Jun 20 16:49:01 PDT 2002
>Closed-Date:
>Last-Modified:
>Originator:     Paul Shupak
>Release:        NetBSD 1.6B - today
>Organization:
>Environment:
System: NetBSD fsrv 1.6B NetBSD 1.6B (FSRV) #117: Tue Jun 18 00:22:44 PDT 2002 root@fsrv:/usr/src/sys/arch/i386/compile/FSRV i386
Architecture: i386
Machine: i386
>Description:
	The command 'su -c "random command"' no longer functions,
	though 'su root -c "random command"' does act as before.

	A likely mistake was the use of the "-c" argument to reflect
	changes in login class along with its traditional usage as the
	prefix specifier to the command to be executed..

	Quoting the man page:

     -c      Specify a login class.  You may only override the default class
             if you're already root.

	AND ALSO FURTHER DOWN - same current man page:

     To execute arbitrary command with privileges of user username, execute:

           su username -c "command args"

	NOTE the conflict with the statement (also in the current man page):

su requests the Kerberos password for login (or for ``login.root'', if no
     login is provided)

	In other words, if the use actually intends to use the "default root"
properties of "su", the "-c" option fails miserably.


>How-To-Repeat:
	Try something like 'su -c "make install"' and watch the error
	message "su: Only root may use -c" appear:  Unfortunately this
	has been my habit for at least 18 years, and it usage as such
	almost certainly predates even that.
>Fix:
	I would propose that probably a different argument should be
	used for changing the login class;  I would propose "-C" ( i.e.
	capital 'C' instead of a reuse of lowercase 'c' ).

	Usable example code below.

*** su.c        Tue Jun 11 15:42:10 2002
--- /tmp/su.c   Thu Jun 20 16:44:47 2002
***************
*** 147,153 ****
                        break;
  #endif
  #ifdef LOGIN_CAP
!               case 'c':
                        class = optarg;
                        break;
  #endif
--- 147,153 ----
                        break;
  #endif
  #ifdef LOGIN_CAP
!               case 'C':
                        class = optarg;
                        break;
  #endif

>Release-Note:
>Audit-Trail:
>Unformatted: