diff --git a/include/sudo_debug.h b/include/sudo_debug.h index a441874d7..b598aefd0 100644 --- a/include/sudo_debug.h +++ b/include/sudo_debug.h @@ -267,6 +267,7 @@ sudo_dso_public int sudo_debug_parse_flags_v1(struct sudo_conf_debug_file_list * sudo_dso_public void sudo_debug_printf2_v1(const char *func, const char *file, int line, int level, const char *fmt, ...) __printf0like(5, 6); sudo_dso_public void sudo_debug_printf_nvm_v1(int pri, const char *fmt, ...) __printf0like(2, 3); sudo_dso_public int sudo_debug_register_v1(const char *program, const char *const subsystems[], unsigned int ids[], struct sudo_conf_debug_file_list *debug_files); +sudo_dso_public int sudo_debug_register_v2(const char *program, const char *const subsystems[], unsigned int ids[], struct sudo_conf_debug_file_list *debug_files, int minfd); sudo_dso_public int sudo_debug_set_active_instance_v1(int inst); sudo_dso_public void sudo_debug_update_fd_v1(int ofd, int nfd); sudo_dso_public void sudo_debug_vprintf2_v1(const char *func, const char *file, int line, int level, const char *fmt, va_list ap) __printf0like(5, 0); @@ -295,7 +296,7 @@ sudo_dso_public bool sudo_debug_needed_v1(int level); #define sudo_debug_parse_flags(_a, _b) sudo_debug_parse_flags_v1((_a), (_b)) #define sudo_debug_printf2 sudo_debug_printf2_v1 #define sudo_debug_printf_nvm sudo_debug_printf_nvm_v1 -#define sudo_debug_register(_a, _b, _c, _d) sudo_debug_register_v1((_a), (_b), (_c), (_d)) +#define sudo_debug_register(_a, _b, _c, _d, _e) sudo_debug_register_v2((_a), (_b), (_c), (_d), (_e)) #define sudo_debug_set_active_instance(_a) sudo_debug_set_active_instance_v1((_a)) #define sudo_debug_update_fd(_a, _b) sudo_debug_update_fd_v1((_a), (_b)) #define sudo_debug_vprintf2(_a, _b, _c, _d, _e, _f) sudo_debug_vprintf2_v1((_a), (_b), (_c), (_d), (_e), (_f)) diff --git a/lib/util/sudo_debug.c b/lib/util/sudo_debug.c index 703fbea3b..464fc299d 100644 --- a/lib/util/sudo_debug.c +++ b/lib/util/sudo_debug.c @@ -142,7 +142,7 @@ sudo_debug_free_output(struct sudo_debug_output *output) */ static struct sudo_debug_output * sudo_debug_new_output(struct sudo_debug_instance *instance, - struct sudo_debug_file *debug_file) + struct sudo_debug_file *debug_file, int minfd) { char *buf, *cp, *last, *subsys, *pri; struct sudo_debug_output *output; @@ -181,6 +181,15 @@ sudo_debug_new_output(struct sudo_debug_instance *instance, } ignore_result(fchown(output->fd, (uid_t)-1, 0)); } + if (output->fd < minfd) { + int newfd = fcntl(output->fd, F_DUPFD, minfd); + if (newfd == -1) { + sudo_warn_nodebug("%s", output->filename); + goto bad; + } + close(output->fd); + output->fd = newfd; + } if (fcntl(output->fd, F_SETFD, FD_CLOEXEC) == -1) { sudo_warn_nodebug("%s", output->filename); goto bad; @@ -259,8 +268,9 @@ bad: * on error. */ int -sudo_debug_register_v1(const char *program, const char *const subsystems[], - unsigned int ids[], struct sudo_conf_debug_file_list *debug_files) +sudo_debug_register_v2(const char *program, const char *const subsystems[], + unsigned int ids[], struct sudo_conf_debug_file_list *debug_files, + int minfd) { struct sudo_debug_instance *instance = NULL; struct sudo_debug_output *output; @@ -346,7 +356,7 @@ sudo_debug_register_v1(const char *program, const char *const subsystems[], } TAILQ_FOREACH(debug_file, debug_files, entries) { - output = sudo_debug_new_output(instance, debug_file); + output = sudo_debug_new_output(instance, debug_file, minfd); if (output != NULL) SLIST_INSERT_HEAD(&instance->outputs, output, entries); } @@ -364,6 +374,13 @@ sudo_debug_register_v1(const char *program, const char *const subsystems[], return idx; } +int +sudo_debug_register_v1(const char *program, const char *const subsystems[], + unsigned int ids[], struct sudo_conf_debug_file_list *debug_files) +{ + return sudo_debug_register_v2(program, subsystems, ids, debug_files, -1); +} + /* * De-register the specified instance from the debug subsystem * and free up any associated data structures. diff --git a/lib/util/util.exp.in b/lib/util/util.exp.in index 96f037f98..5b760fa4f 100644 --- a/lib/util/util.exp.in +++ b/lib/util/util.exp.in @@ -39,6 +39,7 @@ sudo_debug_needed_v1 sudo_debug_parse_flags_v1 sudo_debug_printf2_v1 sudo_debug_register_v1 +sudo_debug_register_v2 sudo_debug_set_active_instance_v1 sudo_debug_update_fd_v1 sudo_debug_vprintf2_v1 diff --git a/logsrvd/logsrvd.c b/logsrvd/logsrvd.c index 19d8b3152..01c12f8bf 100644 --- a/logsrvd/logsrvd.c +++ b/logsrvd/logsrvd.c @@ -1602,7 +1602,7 @@ server_reload(struct sudo_event_base *evbase) logsrvd_debug_instance = SUDO_DEBUG_INSTANCE_INITIALIZER; if (sudo_conf_read(NULL, SUDO_CONF_DEBUG) != -1) { logsrvd_debug_instance = sudo_debug_register(getprogname(), - NULL, NULL, sudo_conf_debug_files(getprogname())); + NULL, NULL, sudo_conf_debug_files(getprogname()), -1); } } @@ -1909,7 +1909,7 @@ main(int argc, char *argv[]) if (sudo_conf_read(NULL, SUDO_CONF_DEBUG) == -1) exit(EXIT_FAILURE); logsrvd_debug_instance = sudo_debug_register(getprogname(), NULL, NULL, - sudo_conf_debug_files(getprogname())); + sudo_conf_debug_files(getprogname()), -1); if (protobuf_c_version_number() < 1003000) sudo_fatalx("%s", U_("Protobuf-C version 1.3 or higher required")); diff --git a/logsrvd/sendlog.c b/logsrvd/sendlog.c index c7cd3b81c..37bbcb354 100644 --- a/logsrvd/sendlog.c +++ b/logsrvd/sendlog.c @@ -1526,7 +1526,7 @@ main(int argc, char *argv[]) if (sudo_conf_read(NULL, SUDO_CONF_DEBUG) == -1) exit(EXIT_FAILURE); sudo_debug_register(getprogname(), NULL, NULL, - sudo_conf_debug_files(getprogname())); + sudo_conf_debug_files(getprogname()), -1); if (protobuf_c_version_number() < 1003000) sudo_fatalx("%s", U_("Protobuf-C version 1.3 or higher required")); diff --git a/plugins/audit_json/audit_json.c b/plugins/audit_json/audit_json.c index a3cbdc4b6..74a2eb926 100644 --- a/plugins/audit_json/audit_json.c +++ b/plugins/audit_json/audit_json.c @@ -122,7 +122,7 @@ audit_json_open(unsigned int version, sudo_conv_t conversation, } if (plugin_path != NULL && !TAILQ_EMPTY(&debug_files)) { audit_debug_instance = - sudo_debug_register(plugin_path, NULL, NULL, &debug_files); + sudo_debug_register(plugin_path, NULL, NULL, &debug_files, -1); if (audit_debug_instance == SUDO_DEBUG_INSTANCE_ERROR) { *errstr = U_("unable to initialize debugging"); goto bad; diff --git a/plugins/python/sudo_python_debug.c b/plugins/python/sudo_python_debug.c index 18cb756e6..83e68456c 100644 --- a/plugins/python/sudo_python_debug.c +++ b/plugins/python/sudo_python_debug.c @@ -84,7 +84,7 @@ python_debug_register(const char *program, if (debug_files != NULL && !TAILQ_EMPTY(debug_files)) { if (program != NULL) { instance = sudo_debug_register(program, python_subsystem_names, - (unsigned int *)python_subsystem_ids, debug_files); + (unsigned int *)python_subsystem_ids, debug_files, -1); } TAILQ_FOREACH_SAFE(debug_file, debug_files, entries, debug_next) { TAILQ_REMOVE(debug_files, debug_file, entries); diff --git a/plugins/sample_approval/sample_approval.c b/plugins/sample_approval/sample_approval.c index c4634c101..cd1a8b268 100644 --- a/plugins/sample_approval/sample_approval.c +++ b/plugins/sample_approval/sample_approval.c @@ -77,7 +77,7 @@ sample_approval_open(unsigned int version, sudo_conv_t conversation, } if (plugin_path != NULL && !TAILQ_EMPTY(&debug_files)) { approval_debug_instance = - sudo_debug_register(plugin_path, NULL, NULL, &debug_files); + sudo_debug_register(plugin_path, NULL, NULL, &debug_files, -1); if (approval_debug_instance == SUDO_DEBUG_INSTANCE_ERROR) { *errstr = U_("unable to initialize debugging"); goto done; diff --git a/plugins/sudoers/sudoers_debug.c b/plugins/sudoers/sudoers_debug.c index 6b03f68a8..471ea8c9b 100644 --- a/plugins/sudoers/sudoers_debug.c +++ b/plugins/sudoers/sudoers_debug.c @@ -90,7 +90,7 @@ sudoers_debug_register(const char *program, if (debug_files != NULL && !TAILQ_EMPTY(debug_files)) { if (program != NULL) { instance = sudo_debug_register(program, sudoers_subsystem_names, - sudoers_subsystem_ids, debug_files); + sudoers_subsystem_ids, debug_files, -1); } TAILQ_FOREACH_SAFE(debug_file, debug_files, entries, debug_next) { TAILQ_REMOVE(debug_files, debug_file, entries); diff --git a/plugins/sudoers/sudoreplay.c b/plugins/sudoers/sudoreplay.c index c99e713f2..f32d44eb5 100644 --- a/plugins/sudoers/sudoreplay.c +++ b/plugins/sudoers/sudoreplay.c @@ -234,7 +234,7 @@ main(int argc, char *argv[]) if (sudo_conf_read(NULL, SUDO_CONF_DEBUG) == -1) exit(EXIT_FAILURE); sudo_debug_register(getprogname(), NULL, NULL, - sudo_conf_debug_files(getprogname())); + sudo_conf_debug_files(getprogname()), -1); while ((ch = getopt_long(argc, argv, short_opts, long_opts, NULL)) != -1) { switch (ch) { diff --git a/src/sesh.c b/src/sesh.c index fc7515099..f05762ffb 100644 --- a/src/sesh.c +++ b/src/sesh.c @@ -75,7 +75,7 @@ main(int argc, char *argv[], char *envp[]) if (sudo_conf_read(NULL, SUDO_CONF_DEBUG) == -1) exit(EXIT_FAILURE); sudo_debug_register(getprogname(), NULL, NULL, - sudo_conf_debug_files(getprogname())); + sudo_conf_debug_files(getprogname()), -1); if (strcmp(argv[1], "-e") == 0) { ret = sesh_sudoedit(argc, argv); diff --git a/src/sudo.c b/src/sudo.c index 2c42b39b5..e24afd50d 100644 --- a/src/sudo.c +++ b/src/sudo.c @@ -175,7 +175,7 @@ main(int argc, char *argv[], char *envp[]) if (sudo_conf_read(NULL, SUDO_CONF_DEBUG) == -1) exit(EXIT_FAILURE); sudo_debug_instance = sudo_debug_register(getprogname(), - NULL, NULL, sudo_conf_debug_files(getprogname())); + NULL, NULL, sudo_conf_debug_files(getprogname()), -1); if (sudo_debug_instance == SUDO_DEBUG_INSTANCE_ERROR) exit(EXIT_FAILURE); diff --git a/src/sudo_intercept_common.c b/src/sudo_intercept_common.c index d8b3e3a3e..8c8ddfad2 100644 --- a/src/sudo_intercept_common.c +++ b/src/sudo_intercept_common.c @@ -198,7 +198,7 @@ sudo_interposer_init(void) /* Read debug section of sudo.conf and init debugging. */ if (sudo_conf_read(NULL, SUDO_CONF_DEBUG) != -1) { sudo_debug_register("sudo_intercept.so", NULL, NULL, - sudo_conf_debug_files("sudo_intercept.so")); + sudo_conf_debug_files("sudo_intercept.so"), INTERCEPT_FD_MIN); } sudo_debug_enter(__func__, __FILE__, __LINE__, sudo_debug_subsys);