From f0b8ec59b1f5a053c126bcdef54e090c84bec5d8 Mon Sep 17 00:00:00 2001 From: Christian Goeschel Ndjomouo Date: Tue, 7 Apr 2026 10:25:17 -0400 Subject: [PATCH] su-common: revert "su: pass arguments after to shell" This reverts commit ac0147fd14b348097c82c1c89a5417b582e26bad. Commit ac0147f added '+' to the getopt(3) option string which allowed the passing of all arguments after a non-option arg to be passed to the invoked shell, in this case after . However, this introduced a regression in runuser(1) and su(1) where options for both utilities are scattered before and after the username. E.g.: "su -c 'echo foo' -s /bin/bash" will pass both -c and -s argument sets to the invoked shell instead of simply passing -c 'echo foo'. Note that this behavior is more common in BSD/macOS-style implementations of su(1), in a future commit this behavior will be added more sensibly and carefully. Addresses: ac0147f Signed-off-by: Christian Goeschel Ndjomouo --- login-utils/su-common.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/login-utils/su-common.c b/login-utils/su-common.c index 6f361e65a..c4b30f39a 100644 --- a/login-utils/su-common.c +++ b/login-utils/su-common.c @@ -1045,7 +1045,7 @@ int su_main(int argc, char **argv, int mode) su->conv.appdata_ptr = (void *) su; while ((optc = - getopt_long(argc, argv, "+c:fg:G:lmpPTs:u:hVw:", longopts, + getopt_long(argc, argv, "c:fg:G:lmpPTs:u:hVw:", longopts, NULL)) != -1) { err_exclusive_options(optc, longopts, excl, excl_st); @@ -1153,7 +1153,7 @@ int su_main(int argc, char **argv, int mode) } FALLTHROUGH; case SU_MODE: - if (optind < argc && *argv[optind] != '-') + if (optind < argc) su->new_user = argv[optind++]; break; } -- 2.53.0