isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

If any of std{in,out,err} are not hooked up to a tty only interpose

Browse Source 
ourselves with a pipe if the plugin will actually log the data.
This avoids a problem with non-interactive commands where no tty
is present where sudo will consume stdin even when log_input is not
enabled in sudoers.
This commit is contained in:
Todd C. Miller
2017-05-05 14:27:42 -06:00
parent 62730d13da
commit 44dc15d02d
2 changed files with 84 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
src/exec_monitor.c
View File

@@ -390,10 +390,26 @@ exec_cmnd_pty(struct command_details *details, bool foreground, int errfd)
setpgid(0, self);
/* Wire up standard fds, note that stdout/stderr may be pipes. */
if (dup2(io_fds[SFD_STDIN], STDIN_FILENO) == -1 ||
dup2(io_fds[SFD_STDOUT], STDOUT_FILENO) == -1 ||
dup2(io_fds[SFD_STDERR], STDERR_FILENO) == -1)
sudo_fatal("dup2");
if (io_fds[SFD_STDIN] != STDIN_FILENO) {
if (dup2(io_fds[SFD_STDIN], STDIN_FILENO) == -1)
sudo_fatal("dup2");
if (io_fds[SFD_STDIN] != io_fds[SFD_SLAVE])
close(io_fds[SFD_STDIN]);
}
if (io_fds[SFD_STDOUT] != STDOUT_FILENO) {
if (dup2(io_fds[SFD_STDOUT], STDOUT_FILENO) == -1)
sudo_fatal("dup2");
if (io_fds[SFD_STDOUT] != io_fds[SFD_SLAVE])
close(io_fds[SFD_STDOUT]);
}
if (io_fds[SFD_STDERR] != STDERR_FILENO) {
if (dup2(io_fds[SFD_STDERR], STDERR_FILENO) == -1)
sudo_fatal("dup2");
if (io_fds[SFD_STDERR] != io_fds[SFD_SLAVE])
close(io_fds[SFD_STDERR]);
}
if (io_fds[SFD_SLAVE] != -1)
close(io_fds[SFD_SLAVE]);
/* Wait for parent to grant us the tty if we are foreground. */
if (foreground && !ISSET(details->flags, CD_EXEC_BG)) {
@@ -402,16 +418,6 @@ exec_cmnd_pty(struct command_details *details, bool foreground, int errfd)
nanosleep(&ts, NULL);
}
/* We have guaranteed that the slave fd is > 2 */
if (io_fds[SFD_SLAVE] != -1)
close(io_fds[SFD_SLAVE]);
if (io_fds[SFD_STDIN] != io_fds[SFD_SLAVE])
close(io_fds[SFD_STDIN]);
if (io_fds[SFD_STDOUT] != io_fds[SFD_SLAVE])
close(io_fds[SFD_STDOUT]);
if (io_fds[SFD_STDERR] != io_fds[SFD_SLAVE])
close(io_fds[SFD_STDERR]);
/* Execute command; only returns on error. */
exec_cmnd(details, errfd);