mir/sudo
2
0
Fork 0
mirror of https://github.com/sudo-project/sudo.git synced 2025-08-29 05:17:54 +00:00
Code Issues Releases Wiki Activity
8,240 Commits 6 Branches 326 Tags
Commit Graph

129 Commits

Author SHA1 Message Date
Todd C. Miller
c70da6dcdf In dispatch_signal() for stopped processes check for tcgetpgrp() 
returning -1.  Also change checks from "saved_pgrp != -1" to
"fd != -1".  Coverity CID 104098.
 2016-05-04 14:13:44 -06:00
Todd C. Miller
3e9702580e style fix; fork_cmnd should start on a new line 2016-04-25 09:58:32 -06:00
Todd C. Miller
b20977d445 Add support for using fexecve() if supported on commands that are 
checksummed.
 2016-01-04 10:35:18 -07:00
Todd C. Miller
3f6f1cd15c When a terminal device is closed, SIGHUP is sent to the controlling 
process associated with that terminal.  It is not sent to the entire
process group so sudo needs to relay SIGHUP to the command when it
is not being run in a new pty.  Bug #719
 2015-09-15 10:30:36 -06:00
Todd C. Miller
d08faa73a7 Fill in cstat if exec_setup() fails. Previously it was only filled 
in for an execve() failure.  Fixes an unkillable sudo process when
exec_setup() fails and I/O logging is enabled.
 2015-09-09 10:50:21 -06:00
Todd C. Miller
13869d349c Linux sets si_pid in struct siginfo to 0 when the process that sent 
the signal is in a different container since the PID namespaces in
different conatiners are separate.  Avoid looking up the process
group by id when si_pid is 0 since getpgid(0) returns the process
group of the current process.  Since sudo ignores signals sent
by processes in its own process group, this had the effect of
ignoring signals sent from other containers.  From Maarten de Vries
 2015-08-10 15:13:37 -06:00
Todd C. Miller
0b241088b3 There's no need to conditionalize the #include <unistd.h>, we require 
a POSIX system.
 2015-07-02 09:08:28 -06:00
Todd C. Miller
4a07b472f0 Only include stddef.h where it is needed. 2015-06-20 05:34:35 -06:00
Todd C. Miller
c36415417f Add function name to "unable to allocate memory" warnings. 2015-06-19 14:51:17 -06:00
Todd C. Miller
dc883f2454 We require ANSI C so stop using the obsolete STDC_HEADERS. 2015-06-19 14:29:27 -06:00
Todd C. Miller
cb63ca701c Avoid using exiting allocators in the front end. 2015-06-17 17:00:54 -06:00
Todd C. Miller
59ab26dbcc Go back to a 2 args debug_decl and just use the "default" instance, 
now renamed "active".
 2015-02-01 08:24:49 -07:00
Todd C. Miller
29039859b7 Defer registration of the SIGCHLD handler until just before we exec 
the command.  Fixes a problem where pam_gnome_keyring installs its
own SIGCHLD handler and may not restore the original one.  As a
result, we now have to explicitly wait for the askpass helper to
finish.  Bug #657
 2014-11-18 14:05:51 -07:00
Todd C. Miller
21166d4da9 Make sure that SIGCHLD is not treated as a user-generated signal 
in which case it could be ignored.  Bug #676
 2014-11-04 09:24:41 -07:00
Todd C. Miller
17a2a27e46 Use generic bitmap macros instead of select-style fd_set. 2014-10-23 14:37:27 -06:00
Todd C. Miller
866cfc4fc3 Add support for multiple Debug lines per program. Callers may 
register arbitrary debug facilities or use built-in defaults.  We
now use separate Debug statements for plugins and programs.
 2014-10-22 13:23:05 -06:00
Todd C. Miller
328c563791 Check return value of sigaction(), even though it should never fail. 2014-09-04 10:13:26 -06:00
Todd C. Miller
0546f0b6a2 Convert a debug printf to a user-visible warning. 2014-08-31 20:32:18 -06:00
Todd C. Miller
cfa4cebf13 Remove signal_event from evbase before calling sudo_ev_loopexit() 
when the command has exited or been killed.  It is possible that
we could receive another signal on the pipe if they are delivered
out of order.
 2014-08-30 16:24:53 -06:00
Todd C. Miller
ae0014d6f4 Attempt to handle systems with SA_SIGINFO but that lack SI_USER. 2014-07-28 20:25:46 -06:00
Todd C. Miller
36a5767e3e efree -> sudo_efree for consistency 2014-07-10 15:35:04 -06:00
Todd C. Miller
2d61d38c23 Add sudo_ prefix to alloc.c functions and rename alloc.h -> sudo_alloc.h 2014-06-27 10:48:31 -06:00
Todd C. Miller
aecef4aa1d Rename warning/fatal -> sudo_warn/sudo_fatal to avoid namespace 
pollution in libsudo_util.so.
 2014-06-27 09:30:52 -06:00
Todd C. Miller
826e190f31 Ignore signals sent by the command's process group, not just the 
command itself.  If we cannot determine the process group ID of the
sender (as it may no longer exist), just check the process ID.
 2014-05-28 09:50:14 -06:00
Todd C. Miller
b121da2e21 In handler_user_only() only forward the signal if it was not generated 
by the command.  This should fix a problem with programs that catch
SIGTSTP, perform cleanup, and then re-send the signal to their
process group (of which sudo is the leader).
 2014-05-27 10:51:31 -06:00
Todd C. Miller
d628e17ead Handle EINTR from write(2) when writing to pipes and socket pairs. 2014-05-27 10:16:49 -06:00
Todd C. Miller
36b991348c Forward SIGINFO to running command if supported. If the command 
is being run in the background (or exec_background is set in sudoers),
it is the sudo process, not the actual command, that receives the ^T.
 2014-04-04 15:30:15 -06:00
Todd C. Miller
640a5ddb48 If the event loop exits due to an error and we are not logging I/O, 
kill the command if still running.  Fixes a bug where sudo could
exit while the command was still running.
 2014-01-14 20:34:20 -07:00
Todd C. Miller
d7277fc96e If not logging I/O we may get EOF when the command is executed and 
the other end of the backchannel is closed.  Just remove the
backchannel event in this case or we will continue to receive
the event.  Bug #631
 2014-01-14 10:54:56 -07:00
Todd C. Miller
27598bc0ab Update copyright year. 2014-01-07 10:43:31 -07:00
Todd C. Miller
d013b23ce3 If invoked as sudoedit we can't just exec the command directly since 
the temporary files need to be updated before sudo exits.
 2014-01-03 16:41:25 -07:00
Todd C. Miller
1adeda54ef Add support for preventing fds from getting clobbered by closefrom(). 2013-12-20 11:14:32 -07:00
Todd C. Miller
96eb2c4f8f Add warning_gettext() wrapper function that changes to the user locale, 
then calls gettext().
Add U_ macro that calls warning_gettext() instead of gettext().
Rename warning2()/error2() back to warning_nodebug()/error_nodebug().
 2013-11-18 08:59:57 -07:00
Todd C. Miller
99b7351de0 Fix some #if vs. #ifdef and remove an extraneous semicolon. 
Bug #624; from Daniel Richard G.
 2013-11-17 16:15:36 -07:00
Todd C. Miller
fd88ed42c8 Use MSG_WAITALL when receiving struct command_status over the Unix 
domain socket since we no longer use datagrams.  This should avoid
the need to handle incomplete reads, though in theory it is still
possible.
 2013-10-29 15:26:32 -06:00
Todd C. Miller
8861e01d16 Add support for libevent-style timed events. Adding a timed event 
is currently O(n).  The only consumer of timed events is sudoreplay
which only used a singled one so O(n) == O(1) for now.  This also
allows us to remove the nanosleep compat function as we now use a
timeout event instead.
 2013-10-28 10:00:09 -06:00
Todd C. Miller
d8b368b503 Now that sudo_ev_base_free() removes all events before freeing we 
don't need to do this by hand.
 2013-10-26 07:52:59 -06:00
Todd C. Miller
e8ce021e7d Quiet some llvm check false positives. The common idiom of using 
TAILQ_FIRST, TAILQ_REMOVE and free in a loop to free each entry in
a TAILQ confuses llvm.  Use TAILQ_FOREACH_SAFE instead (which is
probably faster anyway).
 2013-10-22 14:58:00 -06:00
Todd C. Miller
923edabe6c Convert sudo to use BSD TAILQ macros instead of home ground tail 
queue functions.  This includes a private queue.h header derived
from FreeBSD.  It is simpler to just use our own header rather than
try to deal with macros that may or may not be present in various
queue.h incarnations.
 2013-10-22 09:00:37 -06:00
Todd C. Miller
83d2d25c4c Convert the main sudo event loop to use the event subsystem. 
Read events for I/O buffers are added before the loop starts.
Write events are added on demand as the buffers are filled.
 2013-10-12 05:53:52 -06:00
Todd C. Miller
ff18c65862 Use SOCK_STREAM for socketpair, not SOCK_DGRAM so we get consistent 
semantics when the other end closes.  This should make the conversion
to poll() less problematic.
 2013-10-12 05:39:02 -06:00
Todd C. Miller
299a881fe2 If not using a pty and the child process gets SIGTTOU or SIGTTIN 
and sudo is the foreground process, make the child the foreground
process and continue it.
 2013-08-14 16:36:41 -06:00
Todd C. Miller
d6282d154a Update copyright years. 2013-04-24 09:35:02 -04:00
Todd C. Miller
39acd2fcba Rename error/errorx -> fatal/fatalx and remove the exit value as 
it was always 1.
 2013-04-18 14:07:59 -04:00
Todd C. Miller
eb2259bc12 Move exec_cmnd to exec.c to fix a compilation issue with sesh.c 2013-03-14 19:59:07 -04:00
Todd C. Miller
5cb928c512 If the policy plugin does not provide a close function, there is 
no command timeout and no pty is required, skip the event loop and
just exec the command directly.
 2013-02-23 14:19:07 -05:00
Todd C. Miller
e764604485 Remove extra flag to sudo_sigaction(). We want to trap the signal 
regardless of whether or not it is ignored by the underlying command
since there's no way to know what signal handlers the command will
install.  Now we just use sudo_sigaction() to set a flag in
saved_signals[] to indicate whether a signal needs to be restored
before exec.
 2013-01-19 15:10:01 -05:00
Todd C. Miller
855a11af2b Move signal code into its own source file and add sudo_sigaction() 
wrapper that has an extra flag to check the saved_signals list to
only install the handler if the signal is not already ignored.
Bump plugin API version for the new front-end signal behavior.
 2013-01-17 13:29:46 -05:00
Todd C. Miller
99704cc101 Catch SIGINT, SIGQUIT and SIGTSTP in the front end before we execute 
the command.  If we get SIGINT or SIGQUIT, call the plugin close()
functions as if the command was interrupted.  If we get SIGTSTP,
uninstall the handler and deliver SIGTSTP to ourselves.
 2013-01-17 09:20:45 -05:00
Todd C. Miller
541315212e Rename handle_signals() to dispatch_signals(). 
Block other signals in handler() so we don't have to worry about
the write() being interrupted.
 2013-01-17 09:17:54 -05:00