isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Main sudo should not block signals; the plugin should do this in

Browse Source 
check_policy.
This commit is contained in:
Todd C. Miller
2010-04-01 06:35:19 -04:00
parent ca2eee07b5
commit 44341c9c15
3 changed files with 0 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
plugins/sudoers/sudoers.c
View File

@@ -194,7 +194,6 @@ sudoers_policy_open(unsigned int version, sudo_conv_t conversation,
return -1; return -1;
} }
/* XXX - signal setup duplicated in sudo.c */
/* /*
* Signal setup: * Signal setup:
* Ignore keyboard-generated signals so the user cannot interrupt * Ignore keyboard-generated signals so the user cannot interrupt

16
src/sudo.c
View File

@@ -105,12 +105,10 @@ struct user_details user_details;
#if defined(RLIMIT_CORE) && !defined(SUDO_DEVEL) #if defined(RLIMIT_CORE) && !defined(SUDO_DEVEL)
static struct rlimit corelimit; static struct rlimit corelimit;
#endif /* RLIMIT_CORE && !SUDO_DEVEL */ #endif /* RLIMIT_CORE && !SUDO_DEVEL */
sigaction_t saved_sa_int, saved_sa_quit, saved_sa_tstp;
int int
main(int argc, char *argv[], char *envp[]) main(int argc, char *argv[], char *envp[])
{ {
sigaction_t sa;
int nargc, sudo_mode; int nargc, sudo_mode;
char **nargv, **settings, **env_add; char **nargv, **settings, **env_add;
char **user_info, **command_info, **argv_out, **user_env_out; char **user_info, **command_info, **argv_out, **user_env_out;
@@ -134,20 +132,6 @@ main(int argc, char *argv[], char *envp[])
if (geteuid() != 0) if (geteuid() != 0)
errorx(1, "must be setuid root"); errorx(1, "must be setuid root");
/*
* Signal setup:
* Ignore keyboard-generated signals so the user cannot interrupt
* us at some point and avoid the logging.
* XXX - leave this to the plugin?
*/
zero_bytes(&sa, sizeof(sa));
sigemptyset(&sa.sa_mask);
sa.sa_flags = SA_RESTART;
sa.sa_handler = SIG_IGN;
(void) sigaction(SIGINT, &sa, &saved_sa_int);
(void) sigaction(SIGQUIT, &sa, &saved_sa_quit);
(void) sigaction(SIGTSTP, &sa, &saved_sa_tstp);
/* Turn off core dumps and make sure fds 0-2 are open. */ /* Turn off core dumps and make sure fds 0-2 are open. */
disable_coredumps(); disable_coredumps();
fix_fds(); fix_fds();

6
src/sudo_edit.c
View File

@@ -55,7 +55,6 @@
#include "sudo.h" #include "sudo.h"
extern sigaction_t saved_sa_int, saved_sa_quit, saved_sa_tstp;
extern char **environ; extern char **environ;
static char *find_editor(); static char *find_editor();
@@ -211,9 +210,6 @@ sudo_edit(int argc, char **argv, char **envp)
nargv[ac++] = tf[i++].tfile; nargv[ac++] = tf[i++].tfile;
nargv[ac] = NULL; nargv[ac] = NULL;
/* Allow the editor to be suspended. */
(void) sigaction(SIGTSTP, &saved_sa_tstp, NULL);
/* /*
* Fork and exec the editor with the invoking user's creds, * Fork and exec the editor with the invoking user's creds,
* keeping track of the time spent in the editor. * keeping track of the time spent in the editor.
@@ -225,8 +221,6 @@ sudo_edit(int argc, char **argv, char **envp)
goto cleanup; goto cleanup;
} else if (kidpid == 0) { } else if (kidpid == 0) {
/* child */ /* child */
(void) sigaction(SIGINT, &saved_sa_int, NULL);
(void) sigaction(SIGQUIT, &saved_sa_quit, NULL);
set_perms(PERM_FULL_USER); set_perms(PERM_FULL_USER);
closefrom(def_closefrom); closefrom(def_closefrom);
execvp(nargv[0], nargv); execvp(nargv[0], nargv);