Ignore SIGPIPE for the duration of sudo and not just in a few select

places. We have no control over what nss, PAM modules or sudo plugins might do so ignoring SIGPIPE is safest.
2016-04-22 16:36:36 -06:00
parent 70cf5674b5
commit b4309d4aea
8 changed files with 29 additions and 37 deletions
--- a/src/sudo.c
+++ b/src/sudo.c
@@ -188,10 +188,13 @@ main(int argc, char *argv[], char *envp[])
    /* Make sure we are setuid root. */
    sudo_check_suid(argc > 0 ? argv[0] : "sudo");

-    /* Reset signal mask and save signal state. */
+    /* Save original signal state and setup default signal handlers. */
+    save_signals();
+    init_signals();
+
+    /* Reset signal mask to the default value (unblock). */
    (void) sigemptyset(&mask);
    (void) sigprocmask(SIG_SETMASK, &mask, NULL);
-    save_signals();

    /* Parse the rest of sudo.conf. */
    sudo_conf_read(NULL, SUDO_CONF_ALL & ~SUDO_CONF_DEBUG);
@@ -230,8 +233,6 @@ main(int argc, char *argv[], char *envp[])
 	    sudo_fatalx(U_("unable to initialize policy plugin"));
    }

-    init_signals();
-
    switch (sudo_mode & MODE_MASK) {
 	case MODE_VERSION:
 	    policy_show_version(&policy_plugin, !user_details.uid);