Ignore SIGPIPE for the duration of sudo and not just in a few select

places. We have no control over what nss, PAM modules or sudo plugins might do so ignoring SIGPIPE is safest.
2016-04-22 16:36:36 -06:00
parent 70cf5674b5
commit b4309d4aea
8 changed files with 29 additions and 37 deletions
--- a/src/signal.c
+++ b/src/signal.c
@@ -30,6 +30,7 @@
 #include <signal.h>

 #include "sudo.h"
+#include "sudo_exec.h"

 int signal_pipe[2];

@@ -151,6 +152,13 @@ init_signals(void)
 		break;
 	}
    }
+    /* Ignore SIGPIPE until exec. */
+    if (saved_signals[SAVED_SIGPIPE].sa.sa_handler != SIG_IGN) {
+	sa.sa_handler = SIG_IGN;
+	if (sigaction(SIGPIPE, &sa, NULL) != 0)
+	    sudo_warn(U_("unable to set handler for signal %d"), SIGPIPE);
+    }
+
    debug_return;
 }