The sudo manuals contain conditional to avoid describing system-specific
behavior on systems that don't support it. When we convert from
mdoc to man format we lose those conditionals, these sed scripts
add them back. Changes to the mdoc files can prevent the regexps
from matching so they need to be updated periodically.
The exceptions are command-specific Defaults (which cannot be applied
until the command's path is resolved) and a small number of "early"
defaults that affect other entries.
These are standalone programs that run on the host system
(which may differ from the target system) so we should not
include config.h and sudo_compat.h.
The .Li macro is deprecated and makes no difference on terminal
devices. Also avoid using items greater than 80 characters which
will wrap incorrectly. Bug #1075.
The pty_cleanup() function, which may be called via fatal()/fatalx(),
expects that ec->details is set. If there is a fatal error after
the cleanup hook is registered but before the exec closure it filled
in, pty_cleanup() would dereference a NULL pointer.
Reported by Bjorn Baron.
The return values are used in ways that assume they are positive.
In practice, it is not possible to have a negative return value
other than -1 due to the size of the buffers being read from or
written to. Also add overflow checks when updating the buffer len.
Quiets several coverity warnings.
Previously, we compared the terminal device number returned by
get_process_ttyname() with that of stdin, stdout and stderr. This
causes problems on Linux if the user is logged in on the console,
which is a virtual device that may correspond to one of several
different terminal devices. In this specific case, there is a
mismatch between the controlling terminal listed in /proc/self/stat
(which corresponds to the underlying terminal device) and the device
number of stdin, stdout and stderr (which is that of /dev/console).
Instead of modifying the len parameter and using it for bounds
checking, compute the end of the source string and bound check on
that instead. Also simplify the code slightly and enable debugging.
The ppid field in /proc/self/stat is the fourth and not the third.
The latter is the process state (S, R, etc.).
Signed-off-by: Ignacy Gawędzki <ignacy.gawedzki@green-communications.fr>
This fixes the display of the timeout values in the "sudo -V" output
on systems without a C99-compliant snprintf(). The snprintf()
replacement sudo ships with does not support floating point.
The current warning message mentions using sudo's -S option but
this will cause the password to be echoed without a terminal.
In most cases, the user just needs to run ssh with the -t option.
Command tags are inherited from previous Cmnds in a Cmnd_Spec_List.
There is a special case of the SETENV tag for the "ALL" command,
where SETENV is implied if no explicit SETENV or NOSETENV tag is
specified. The code to inherit the SETENV tag didn't take into
account that an implied value for SETENV should also be overridden
by an explicit SETENV or NOSETENV tag in the previous Cmnd in the
Cmnd_Spec_List.
