mirror of
https://github.com/sudo-project/sudo.git
synced 2025-08-22 09:57:41 +00:00
Ignore signals sent by the command's process group, not just the
command itself. If we cannot determine the process group ID of the sender (as it may no longer exist), just check the process ID.
This commit is contained in:
Todd C. Miller
parent
b121da2e21
commit
826e190f31
54
src/exec.c
54
src/exec.c
@ -865,13 +865,20 @@ handler(int s, siginfo_t *info, void *context)
|
|||||||
unsigned char signo = (unsigned char)s;
|
unsigned char signo = (unsigned char)s;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* If the signal came from the command we ran, just ignore
|
* Do not forward signals sent by a process in the command's process
|
||||||
* it since we don't want the child to indirectly kill itself.
|
* group, do not forward it as we don't want the child to indirectly
|
||||||
* This can happen with, e.g. BSD-derived versions of reboot
|
* kill itself. For example, this can happen with some versions of
|
||||||
* that call kill(-1, SIGTERM) to kill all other processes.
|
* reboot that call kill(-1, SIGTERM) to kill all other processes.
|
||||||
*/
|
*/
|
||||||
if (info != NULL && info->si_code == SI_USER && info->si_pid == cmnd_pid)
|
if (info != NULL && info->si_code == SI_USER) {
|
||||||
return;
|
pid_t si_pgrp = getpgid(info->si_pid);
|
||||||
|
if (si_pgrp != (pid_t)-1) {
|
||||||
|
if (si_pgrp == ppgrp || si_pgrp == cmnd_pid)
|
||||||
|
return;
|
||||||
|
} else if (info->si_pid == cmnd_pid) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* The pipe is non-blocking, if we overflow the kernel's pipe
|
* The pipe is non-blocking, if we overflow the kernel's pipe
|
||||||
@ -910,22 +917,31 @@ static void
|
|||||||
handler_user_only(int s, siginfo_t *info, void *context)
|
handler_user_only(int s, siginfo_t *info, void *context)
|
||||||
{
|
{
|
||||||
unsigned char signo = (unsigned char)s;
|
unsigned char signo = (unsigned char)s;
|
||||||
|
pid_t si_pgrp;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Only forward user-generated signals not sent by the command.
|
* Only forward user-generated signals not sent by a process in
|
||||||
* Signals sent by the kernel may include SIGTSTP when the user
|
* the command's own process group. Signals sent by the kernel
|
||||||
* presses ^Z. Curses programs often trap ^Z and send SIGTSTP
|
* may include SIGTSTP when the user presses ^Z. Curses programs
|
||||||
* to their pgrp, so we don't want to send an extra SIGTSTP.
|
* often trap ^Z and send SIGTSTP to their own pgrp, so we don't
|
||||||
|
* want to send an extra SIGTSTP.
|
||||||
*/
|
*/
|
||||||
if (info != NULL && info->si_code == SI_USER && info->si_pid != cmnd_pid) {
|
if (info == NULL || info->si_code != SI_USER)
|
||||||
/*
|
return;
|
||||||
* The pipe is non-blocking, if we overflow the kernel's pipe
|
if ((si_pgrp = getpgid(info->si_pid)) != (pid_t)-1) {
|
||||||
* buffer we drop the signal. This is not a problem in practice.
|
if (si_pgrp == ppgrp || si_pgrp == cmnd_pid)
|
||||||
*/
|
return;
|
||||||
while (write(signal_pipe[1], &signo, sizeof(signo)) == -1) {
|
} else if (info->si_pid == cmnd_pid) {
|
||||||
if (errno != EINTR)
|
return;
|
||||||
break;
|
}
|
||||||
}
|
|
||||||
|
/*
|
||||||
|
* The pipe is non-blocking, if we overflow the kernel's pipe
|
||||||
|
* buffer we drop the signal. This is not a problem in practice.
|
||||||
|
*/
|
||||||
|
while (write(signal_pipe[1], &signo, sizeof(signo)) == -1) {
|
||||||
|
if (errno != EINTR)
|
||||||
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
#endif /* SA_SIGINFO */
|
#endif /* SA_SIGINFO */
|
||||||
|
|||||||
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* Copyright (c) 2009-2013 Todd C. Miller <Todd.Miller@courtesan.com>
|
* Copyright (c) 2009-2014 Todd C. Miller <Todd.Miller@courtesan.com>
|
||||||
*
|
*
|
||||||
* Permission to use, copy, modify, and distribute this software for any
|
* Permission to use, copy, modify, and distribute this software for any
|
||||||
* purpose with or without fee is hereby granted, provided that the above
|
* purpose with or without fee is hereby granted, provided that the above
|
||||||
@ -136,13 +136,20 @@ mon_handler(int s, siginfo_t *info, void *context)
|
|||||||
unsigned char signo = (unsigned char)s;
|
unsigned char signo = (unsigned char)s;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* If the signal came from the command we ran, just ignore
|
* If the signal came from the process group of the command we ran,
|
||||||
* it since we don't want the command to indirectly kill itself.
|
* do not forward it as we don't want the child to indirectly kill
|
||||||
* This can happen with, e.g. BSD-derived versions of reboot
|
* itself. This can happen with, e.g., BSD-derived versions of
|
||||||
* that call kill(-1, SIGTERM) to kill all other processes.
|
* reboot that call kill(-1, SIGTERM) to kill all other processes.
|
||||||
*/
|
*/
|
||||||
if (info != NULL && info->si_code == SI_USER && info->si_pid == cmnd_pid)
|
if (info != NULL && info->si_code == SI_USER) {
|
||||||
return;
|
pid_t si_pgrp = getpgid(info->si_pid);
|
||||||
|
if (si_pgrp != (pid_t)-1) {
|
||||||
|
if (si_pgrp == cmnd_pgrp)
|
||||||
|
return;
|
||||||
|
} else if (info->si_pid == cmnd_pid) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* The pipe is non-blocking, if we overflow the kernel's pipe
|
* The pipe is non-blocking, if we overflow the kernel's pipe
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user