isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Document direct execution of the command if the policy plugin has

Browse Source 
no close function.
This commit is contained in:
Todd C. Miller
2013-03-13 11:32:31 -04:00
parent 1791721ef2
commit 2e84f169cc
3 changed files with 28 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
doc/sudo.cat
View File

@@ -333,13 +333,16 @@ CCOOMMMMAANNDD EEXXEECCUUTTIIOONN
environment as described above, and calls the execve system call in the
child process. The main ssuuddoo process waits until the command has
completed, then passes the command's exit status to the security policy's
close method and exits. If an I/O logging plugin is configured, a new
pseudo-terminal (``pty'') is created and a second ssuuddoo process is used to
relay job control signals between the user's existing pty and the new pty
the command is being run in. This extra process makes it possible to,
for example, suspend and resume the command. Without it, the command
would be in what POSIX terms an ``orphaned process group'' and it would
not receive any job control signals.
close function and exits. If an I/O logging plugin is configured or if
the security policy explicitly requests it, a new pseudo-terminal
(``pty'') is created and a second ssuuddoo process is used to relay job
control signals between the user's existing pty and the new pty the
command is being run in. This extra process makes it possible to, for
example, suspend and resume the command. Without it, the command would
be in what POSIX terms an ``orphaned process group'' and it would not
receive any job control signals. As a special case, if the policy plugin
does not define a close function and no pty is required, ssuuddoo will
execute the command directly instead of calling fork(2) first.
SSiiggnnaall hhaannddlliinngg
Because the command is run as a child of the ssuuddoo process, ssuuddoo will

11
doc/sudo.man.in
View File

@@ -747,8 +747,9 @@ system call in the child process.
The main
\fBsudo\fR
process waits until the command has completed, then passes the
command's exit status to the security policy's close method and exits.
If an I/O logging plugin is configured, a new pseudo-terminal
command's exit status to the security policy's close function and exits.
If an I/O logging plugin is configured or if the security policy
explicitly requests it, a new pseudo-terminal
(``pty'')
is created and a second
\fBsudo\fR
@@ -759,6 +760,12 @@ and resume the command.
Without it, the command would be in what POSIX terms an
``orphaned process group''
and it would not receive any job control signals.
As a special case, if the policy plugin does not define a close
function and no pty is required,
\fBsudo\fR
will execute the command directly instead of calling
fork(2)
first.
.SS "Signal handling"
Because the command is run as a child of the
\fBsudo\fR

11
doc/sudo.mdoc.in
View File

@@ -731,8 +731,9 @@ system call in the child process.
The main
.Nm sudo
process waits until the command has completed, then passes the
command's exit status to the security policy's close method and exits.
If an I/O logging plugin is configured, a new pseudo-terminal
command's exit status to the security policy's close function and exits.
If an I/O logging plugin is configured or if the security policy
explicitly requests it, a new pseudo-terminal
.Pq Dq pty
is created and a second
.Nm sudo
@@ -743,6 +744,12 @@ and resume the command.
Without it, the command would be in what POSIX terms an
.Dq orphaned process group
and it would not receive any job control signals.
As a special case, if the policy plugin does not define a close
function and no pty is required,
.Nm sudo
will execute the command directly instead of calling
.Xr fork 2
first.
.Ss Signal handling
Because the command is run as a child of the
.Nm sudo