A long time ago this was changed from TCSAFLUSH to TCSADRAIN due
to some systems having problems with TCSAFLUSH. That should no
longer be a concern. Using TCSAFLUSH ensures that password input
that has been received by the kernel, but not yet read by sudo,
will be discarded and not echoed.
If the user is not allowed to run a command, we try to give them a
more useful message than "Sorry, user foo may not run sudo on bar."
However, this should only be done when running, not listing, a
command. Otherwise, it would be possible for a user with no sudo
privileges to use "sudo -l /path/to/some/command" to determine
whether an executable exists in a directory that they do not have
search access to.
The intent is to allow the user to run a command or edit a file as
themself without entering a password. It should not apply to listing
a command via "sudo -l command".
The sudo manuals contain conditional to avoid describing system-specific
behavior on systems that don't support it. When we convert from
mdoc to man format we lose those conditionals, these sed scripts
add them back. Changes to the mdoc files can prevent the regexps
from matching so they need to be updated periodically.
The exceptions are command-specific Defaults (which cannot be applied
until the command's path is resolved) and a small number of "early"
defaults that affect other entries.
These are standalone programs that run on the host system
(which may differ from the target system) so we should not
include config.h and sudo_compat.h.
The .Li macro is deprecated and makes no difference on terminal
devices. Also avoid using items greater than 80 characters which
will wrap incorrectly. Bug #1075.
The pty_cleanup() function, which may be called via fatal()/fatalx(),
expects that ec->details is set. If there is a fatal error after
the cleanup hook is registered but before the exec closure it filled
in, pty_cleanup() would dereference a NULL pointer.
Reported by Bjorn Baron.
The return values are used in ways that assume they are positive.
In practice, it is not possible to have a negative return value
other than -1 due to the size of the buffers being read from or
written to. Also add overflow checks when updating the buffer len.
Quiets several coverity warnings.
