to handle EINTR. We now use SA_RESTART with signals so this is not
needed and is potentially dangerous if it is possible to receive
SIGTTIN or SIGTTOU (which it currently is not).
We can't use a signal event for these since that would restart the
system call after the signal was handled and the callback would not
get a chance to run. Fixes running a command in the background that
write to the tty when the TOSTOP terminal flag is set.
the terminal in most cases. If the background process tries to
modify the terminal flags it will receive SIGTTOU which is relayed
to the sudo front-end. This currently mishandles terminals with
the TOSTOP local flag set.
ourselves with a pipe if the plugin will actually log the data.
This avoids a problem with non-interactive commands where no tty
is present where sudo will consume stdin even when log_input is not
enabled in sudoers.
a signal. Sudo will terminate itself with the same signal the
command died from. Unfortunately, we lose the "core dumped" bit
since sudo itself will not dump core, but there doesn't appear to
be a way around that.
non-pty code paths into their own event loops. The non-pty exec
code is now contained in exec_nopty.c and the pty exec code is split
between exec_pty.c (parent process) and exec_monitor.c (session leader).
This results in a small bit of duplicated code but improves readability.
Some of the duplicated code will fall out in future changes to the
event subsystem (the signal pipe).
avoid killing pid -1. This makes it a bit more explicit and removes
the need for a separate variable to track the child's status.
Sudo already stops processing signals after it receives SIGCHLD so
it is not vulnerable to CVE-2017-2616.
configurable. File log failures are ignored by default for consistency
with syslog. Audit errors are ignored by default to allow the admin
to fix the issue. I/O log file errors are still fatal by default
since if I/O logging is activated it is usually to have an audit trail.
Bug #751
waitpid() will return 0 when the command is resumed after being
suspended, which we were treating the same as -1. Fixes suspend
and resume on Linux and probably others.
an exec error. We don't want to overwrite the error status but we
do need to indicate that the command is no longer running.
Fixes as hang on execve(2) error when running in a pty.
for this because that corresponds to the value for atomic pipe
writes. The actual pipe buffer is much larger on modern systems
and 64K is what BSD and Linux support for large pipe buffers.
time, only when the user suspends sudo. Fixes a problem where all
buffers might not get flushed at exit when logging I/O. Reproducible
via "sudo tar cf - foo | (cd /tmp && sudo tar xf -)" on OpenBSD.
