Ignore SIGPIPE for the duration of sudo and not just in a few select

places.  We have no control over what nss, PAM modules or sudo
plugins might do so ignoring SIGPIPE is safest.

plugins/sudoers/ldap.c

@@ -2975,17 +2975,10 @@ sudo_ldap_open(struct sudo_nss *nss)
 {
     LDAP *ld;
     int rc = -1;
-    sigaction_t sa, saved_sa_pipe;
     bool ldapnoinit = false;
     struct sudo_ldap_handle *handle;
     debug_decl(sudo_ldap_open, SUDOERS_DEBUG_LDAP)
 
-    /* Ignore SIGPIPE if we cannot bind to the server. */
-    memset(&sa, 0, sizeof(sa));
-    sigemptyset(&sa.sa_mask);
-    sa.sa_handler = SIG_IGN;
-    (void) sigaction(SIGPIPE, &sa, &saved_sa_pipe);
-
     if (!sudo_ldap_read_config())
 	goto done;
 
@@ -3071,7 +3064,6 @@ sudo_ldap_open(struct sudo_nss *nss)
     nss->handle = handle;
 
 done:
-    (void) sigaction(SIGPIPE, &saved_sa_pipe, NULL);
     debug_return_int(rc == LDAP_SUCCESS ? 0 : -1);
 }
 

plugins/sudoers/logging.c

@@ -542,7 +542,6 @@ send_mail(const char *fmt, ...)
     const char *timestr;
     int fd, pfd[2], status;
     pid_t pid, rv;
-    sigaction_t sa;
     struct stat sb;
     va_list ap;
 #ifndef NO_ROOT_MAILER
@@ -619,13 +618,6 @@ send_mail(const char *fmt, ...)
     sudo_endgrent();
     closefrom(STDERR_FILENO + 1);
 
-    /* Ignore SIGPIPE in case mailer exits prematurely (or is missing). */
-    memset(&sa, 0, sizeof(sa));
-    sigemptyset(&sa.sa_mask);
-    sa.sa_flags = SA_INTERRUPT;
-    sa.sa_handler = SIG_IGN;
-    (void) sigaction(SIGPIPE, &sa, NULL);
-
     if (pipe(pfd) == -1) {
 	mysyslog(LOG_ERR, _("unable to open pipe: %m"));
 	sudo_debug_printf(SUDO_DEBUG_ERROR, "unable to open pipe: %s",