Suspend the child process and wait for SIGUSR when using ptrace.

This fixes a race condition in ptrace-based intercept mode when
running the command in a pty.  It was possible for the monitor to
receive SIGCHLD when the command sent itself SIGSTOP before the
main sudo process did.

src/exec_common.c

@@ -89,31 +89,6 @@ enable_intercept(char *envp[], const char *dso, int intercept_fd)
     debug_return_ptr(envp);
 }
 
-/*
- * Called right before execve(2).
- * The tracee will be suspended until the tracer resumes it.
- */
-static void
-enable_ptrace(void)
-{
-#ifdef HAVE_PTRACE_INTERCEPT
-    const pid_t pid = getpid();
-    debug_decl(enable_ptrace, SUDO_DEBUG_UTIL);
-
-    /*
-     * Parent will trace child and intercept execve(2).
-     * We stop the child here so the parent can seize control.
-     */
-    sudo_debug_printf(SUDO_DEBUG_INFO, "%s: suspending child %d",
-        __func__, (int)pid);
-    kill(pid, SIGSTOP);
-    sudo_debug_printf(SUDO_DEBUG_INFO, "%s: resuming child %d",
-        __func__, (int)pid);
-
-    debug_return;
-#endif /* HAVE_PTRACE_INTERCEPT */
-}
-
 /*
  * Like execve(2) but falls back to running through /bin/sh
  * ala execvp(3) if we get ENOEXEC.
@@ -129,10 +104,12 @@ sudo_execve(int fd, const char *path, char *const argv[], char *envp[],
     /* Modify the environment as needed to trap execve(). */
     if (ISSET(flags, CD_NOEXEC))
 	envp = disable_execute(envp, sudo_conf_noexec_path());
-    else if (ISSET(flags, CD_USE_PTRACE))
-	enable_ptrace();
-    else if (ISSET(flags, CD_INTERCEPT|CD_LOG_SUBCMDS))
-	envp = enable_intercept(envp, sudo_conf_intercept_path(), intercept_fd);
+    if (ISSET(flags, CD_INTERCEPT|CD_LOG_SUBCMDS)) {
+	if (!ISSET(flags, CD_USE_PTRACE)) {
+	    envp = enable_intercept(envp, sudo_conf_intercept_path(),
+		intercept_fd);
+	}
+    }
 
 #ifdef HAVE_FEXECVE
     if (fd != -1)