isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Don't assume that if std{in,out,err} is a tty, it is the user's tty.

Browse Source 
Previously, sudo only checked that the fd was a terminal, not that
it matched sudo's idea of the user's terminal.  This matters when
input or output is redirected to a different terminal.  In that
case we want to interpose the fd with a pipe even if it refers to
a terminal.  Bug #1056.
This commit is contained in:
Todd C. Miller
2023-07-26 19:43:49 -06:00
parent 14f1a12e2d
commit 760c9c1107
4 changed files with 58 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/sudo_exec.h
View File

@@ -174,10 +174,12 @@ union sudo_token_un {
#endif /* _PATH_SUDO_INTERCEPT && __linux__ */
/* exec.c */
struct stat;
void exec_cmnd(struct command_details *details, sigset_t *mask, int intercept_fd, int errfd);
void terminate_command(pid_t pid, bool use_pgrp);
bool sudo_terminated(struct command_status *cstat);
void free_exec_closure(struct exec_closure *ec);
bool fd_matches_tty(int fd, struct stat *tty_sb, struct stat *fd_sb);
/* exec_common.c */
int sudo_execve(int fd, const char *path, char *const argv[], char *envp[], int intercept_fd, unsigned int flags);