diff --git a/src/exec.c b/src/exec.c index e49bde202..606a98396 100644 --- a/src/exec.c +++ b/src/exec.c @@ -1,7 +1,7 @@ /* * SPDX-License-Identifier: ISC * - * Copyright (c) 2009-2017 Todd C. Miller + * Copyright (c) 2009-2020 Todd C. Miller * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -333,6 +333,30 @@ sudo_needs_pty(struct command_details *details) return false; } +/* + * If we are not running the command in a pty, we were not invoked as + * sudoedit, there is no command timeout and there is no close function, + * sudo can exec the command directly (and not wait). + */ +static bool +direct_exec_allowed(struct command_details *details) +{ + struct plugin_container *plugin; + debug_decl(direct_exec_allowed, SUDO_DEBUG_EXEC); + + /* Assumes sudo_needs_pty() was already checked. */ + if (ISSET(details->flags, CD_SET_TIMEOUT|CD_SUDOEDIT) || + policy_plugin.u.policy->close != NULL) + debug_return_bool(false); + + TAILQ_FOREACH(plugin, &audit_plugins, entries) { + if (plugin->u.audit->close != NULL) + debug_return_bool(false); + } + + debug_return_bool(true); +} + /* * Execute a command, potentially in a pty with I/O logging, and * wait for it to finish. @@ -380,12 +404,10 @@ sudo_execute(struct command_details *details, struct command_status *cstat) } /* - * If we are not running the command in a pty, we were not invoked - * as sudoedit, there is no command timeout and there is no close - * function, just exec directly. Only returns on error. + * If we are not running the command in a pty, we may be able to + * exec directly, depending on the plugins used. */ - if (!ISSET(details->flags, CD_SET_TIMEOUT|CD_SUDOEDIT) && - policy_plugin.u.policy->close == NULL) { + if (direct_exec_allowed(details)) { if (!sudo_terminated(cstat)) { exec_cmnd(details, -1); cstat->type = CMD_ERRNO;