mir/sudo
2
0
Fork 0
mirror of https://github.com/sudo-project/sudo.git synced 2025-09-03 15:55:40 +00:00
Code Issues Releases Wiki Activity

Don't assume that if std{in,out,err} is a tty, it is the user's tty.

Browse Source 
Previously, sudo only checked that the fd was a terminal, not that
it matched sudo's idea of the user's terminal.  This matters when
input or output is redirected to a different terminal.  In that
case we want to interpose the fd with a pipe even if it refers to
a terminal.  Bug #1056.
This commit is contained in:
Todd C. Miller
2023-07-26 19:43:49 -06:00
parent 14f1a12e2d
commit 760c9c1107
4 changed files with 58 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
src/exec.c
View File

@@ -376,6 +376,28 @@ sudo_needs_pty(const struct command_details *details)
return false;
}
/*
* Check whether the specified fd matches the device file that
* corresponds to tty_sb. If tty_sb is NULL, just check whether
* fd is a tty. Always fills in fd_sb (zeroed on error).
* Returns true on match, else false.
*/
bool
fd_matches_tty(int fd, struct stat *tty_sb, struct stat *fd_sb)
{
bool ret;
debug_decl(fd_is_user_tty, SUDO_DEBUG_EXEC);
if (fstat(fd, fd_sb) == -1 || !S_ISCHR(fd_sb->st_mode)) {
/* Always initialize fd_sb. */
memset(fd_sb, 0, sizeof(*fd_sb));
debug_return_bool(false);
}
/* Compare with tty_sb if available, else just check that fd is a tty. */
debug_return_bool(tty_sb ? tty_sb->st_rdev == fd_sb->st_rdev : isatty(fd));
}
/*
* If we are not running the command in a pty, we were not invoked as
* sudoedit, there is no command timeout and there is no close function,