fwrite is not the same as write; you have to explicitly compare against the length to detect errors, and sometimes number of items is mistaken for length.
A long time ago this was changed from TCSAFLUSH to TCSADRAIN due
to some systems having problems with TCSAFLUSH. That should no
longer be a concern. Using TCSAFLUSH ensures that password input
that has been received by the kernel, but not yet read by sudo,
will be discarded and not echoed.
These are standalone programs that run on the host system
(which may differ from the target system) so we should not
include config.h and sudo_compat.h.
The return values are used in ways that assume they are positive.
In practice, it is not possible to have a negative return value
other than -1 due to the size of the buffers being read from or
written to. Also add overflow checks when updating the buffer len.
Quiets several coverity warnings.
If one of std{in,out,err} matches the specified device, try to
resolve it to a path by using /proc/self/fd/{0,1,2}. This avoids
searching all of /dev and works in a chroot where /proc is mounted
but /dev/pts is not. GitHub issue #421.
The change to always get the current time when building a struct
evlog in sudoers broke the data and time written for exit records.
This only affected file-based logs, not syslog. GitHub issue #405.
Currently, we generate the signal list and names by running cpp on our
header, and piping the result into sed.
However, when cpp fails [0], we do not catch that failure, as the error
code of the LHS of a pipe is lost, with the pipe returning the RHS-most
return code.
Fix that by introducing two new intermediate rules, each to generate the
preprocessed .i files, and use those as dependencies and input to the
rule that generates the headers. Those two .i files will be cleaned up
by the existing *.i glob.
[0] a failure happens on recent hosts, due to inconsistency with
time64_t and large-file support (lines elided and wrapped for
readability):
/usr/bin/cpp [...] ./sys_signame.h \
| /usr/bin/sed -e '1,/^int sudo_end_of_headers;/d' -e '/^#/d' > mksigname.h
In file included from /usr/include/features.h:394,
from /usr/include/sys/types.h:25,
from ./sys_signame.h:4:
/usr/include/features-time64.h:26:5: error: #error "_TIME_BITS=64 is allowed only with _FILE_OFFSET_BITS=64"
26 | # error "_TIME_BITS=64 is allowed only with _FILE_OFFSET_BITS=64"
| ^~~~~
/usr/bin/gcc [...] ./mksigname.c -o mksigname
In file included from /usr/include/features.h:394,
from /usr/include/bits/libc-header-start.h:33,
from /usr/include/stdlib.h:26,
from ./mksigname.c:27:
/usr/include/features-time64.h:26:5: error: #error "_TIME_BITS=64 is allowed only with _FILE_OFFSET_BITS=64"
26 | # error "_TIME_BITS=64 is allowed only with _FILE_OFFSET_BITS=64"
| ^~~~~
make[2]: *** [Makefile:263: mksigname] Error 1
In that case, we were lucky that the subsequent gcc call also failed,
and for the same reason. That time64_t and lfs issue should be fixed (at
least investigated), but that does not mean we should not be more robust
when parsing the header either.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
If TCSASOFT is present, tcsetattr() will ignore c_cflag.
Fixes a bug where sudo_term_restore() would refuse to change
the terminal settings back if the PARENB control flag was set.
GitHub issue #326.
When matching debug files for AIX-style DSOs like sudoers.a(sudoers.so)
we want to match on the full name, the name without the member and
on the member itself. This makes it possible to use the existing
examples in the sudo.conf fiile on AIX.
