Ignore SIGPIPE for the duration of sudo and not just in a few select

places. We have no control over what nss, PAM modules or sudo plugins might do so ignoring SIGPIPE is safest.
2016-04-22 16:36:36 -06:00
parent 70cf5674b5
commit b4309d4aea
8 changed files with 29 additions and 37 deletions
--- a/doc/sudo_plugin.man.in
+++ b/doc/sudo_plugin.man.in
@@ -1978,6 +1978,9 @@ executed:
 \fRSIGINT\fR
 .TP 4n
 \fB\(bu\fR
+\fRSIGPIPE\fR
+.TP 4n
+\fB\(bu\fR
 \fRSIGQUIT\fR
 .TP 4n
 \fB\(bu\fR
@@ -2003,6 +2006,9 @@ This allows for consistent logging of commands killed by a signal
 for plugins that log such information in their
 \fBclose\fR()
 function.
+An exception to this is
+\fRSIGPIPE\fR,
+which is ignored until the command is executed.
 .PP
 A plugin may temporarily install its own signal handlers but must
 restore the original handler before the plugin function returns.