ourselves with a pipe if the plugin will actually log the data.
This avoids a problem with non-interactive commands where no tty
is present where sudo will consume stdin even when log_input is not
enabled in sudoers.
a signal. Sudo will terminate itself with the same signal the
command died from. Unfortunately, we lose the "core dumped" bit
since sudo itself will not dump core, but there doesn't appear to
be a way around that.
non-pty code paths into their own event loops. The non-pty exec
code is now contained in exec_nopty.c and the pty exec code is split
between exec_pty.c (parent process) and exec_monitor.c (session leader).
This results in a small bit of duplicated code but improves readability.
Some of the duplicated code will fall out in future changes to the
event subsystem (the signal pipe).
avoid killing pid -1. This makes it a bit more explicit and removes
the need for a separate variable to track the child's status.
Sudo already stops processing signals after it receives SIGCHLD so
it is not vulnerable to CVE-2017-2616.
configurable. File log failures are ignored by default for consistency
with syslog. Audit errors are ignored by default to allow the admin
to fix the issue. I/O log file errors are still fatal by default
since if I/O logging is activated it is usually to have an audit trail.
Bug #751
waitpid() will return 0 when the command is resumed after being
suspended, which we were treating the same as -1. Fixes suspend
and resume on Linux and probably others.
an exec error. We don't want to overwrite the error status but we
do need to indicate that the command is no longer running.
Fixes as hang on execve(2) error when running in a pty.
for this because that corresponds to the value for atomic pipe
writes. The actual pipe buffer is much larger on modern systems
and 64K is what BSD and Linux support for large pipe buffers.
time, only when the user suspends sudo. Fixes a problem where all
buffers might not get flushed at exit when logging I/O. Reproducible
via "sudo tar cf - foo | (cd /tmp && sudo tar xf -)" on OpenBSD.
is no associated reader just return as there is nothing else to be
done. In practice is it not possible for SUDO_EV_READ to be set
if revent is NULL but an early return is harmless and possibly
easier to understand. Coverity CID 104124.
the signal is in a different container since the PID namespaces in
different conatiners are separate. Avoid looking up the process
group by id when si_pid is 0 since getpgid(0) returns the process
group of the current process. Since sudo ignores signals sent
by processes in its own process group, this had the effect of
ignoring signals sent from other containers. From Maarten de Vries
SUDO_EV_READ and SUDO_EV_WRITE are set and read() returns 0 (EOF)
we don't close the fd before the write() is performed.
If the write() returns EPIPE, ENXIO, EIO or EBADF, clear SUDO_EV_READ
before we close the fd to avoid calling read() on a closed fd.
