Mention the audit plugin in the "Process model" section.
Remove extraneous information describing how sudo may exec the command directly, this is already included in the non-pty section.
This commit is contained in:
Todd C. Miller
@@ -25,7 +25,7 @@
|
|||||||
.nr BA @BAMAN@
|
.nr BA @BAMAN@
|
||||||
.nr LC @LCMAN@
|
.nr LC @LCMAN@
|
||||||
.nr PS @PSMAN@
|
.nr PS @PSMAN@
|
||||||
.TH "SUDO" "@mansectsu@" "September 13, 2022" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
|
.TH "SUDO" "@mansectsu@" "December 12, 2022" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
|
||||||
.nh
|
.nh
|
||||||
.if n .ad l
|
.if n .ad l
|
||||||
.SH "NAME"
|
.SH "NAME"
|
||||||
@@ -837,8 +837,8 @@ There are two distinct ways
|
|||||||
\fBsudo\fR
|
\fBsudo\fR
|
||||||
can run a command.
|
can run a command.
|
||||||
.PP
|
.PP
|
||||||
If an I/O logging plugin is configured or if the security policy
|
If an I/O logging plugin is configured to log terminal I/O, or if
|
||||||
explicitly requests it, a new pseudo-terminal
|
the security policy explicitly requests it, a new pseudo-terminal
|
||||||
(\(lqpty\(rq)
|
(\(lqpty\(rq)
|
||||||
is allocated and
|
is allocated and
|
||||||
fork(2)
|
fork(2)
|
||||||
@@ -850,16 +850,17 @@ The
|
|||||||
\fImonitor\fR
|
\fImonitor\fR
|
||||||
creates a new terminal session with itself as the leader and the pty as its
|
creates a new terminal session with itself as the leader and the pty as its
|
||||||
controlling terminal, calls
|
controlling terminal, calls
|
||||||
fork(2),
|
fork(2)
|
||||||
sets up the execution environment as described above, and then uses the
|
again, sets up the execution environment as described above, and then uses the
|
||||||
execve(2)
|
execve(2)
|
||||||
system call to run the command in the child process.
|
system call to run the command in the child process.
|
||||||
The
|
The
|
||||||
\fImonitor\fR
|
\fImonitor\fR
|
||||||
exists to relay job control signals between the user's
|
exists to relay job control signals between the user's
|
||||||
existing terminal and the pty the command is being run in.
|
terminal and the pty the command is being run in.
|
||||||
This makes it possible to suspend and resume the command.
|
This makes it possible to suspend and resume the command normally.
|
||||||
Without the monitor, the command would be in what POSIX terms an
|
Without the
|
||||||
|
\fImonitor\fR, \fIthe command would be in what POSIX terms an\fR
|
||||||
\(lqorphaned process group\(rq
|
\(lqorphaned process group\(rq
|
||||||
and it would not receive any job control signals from the kernel.
|
and it would not receive any job control signals from the kernel.
|
||||||
When the command exits or is terminated by a signal, the
|
When the command exits or is terminated by a signal, the
|
||||||
@@ -869,8 +870,9 @@ passes the command's exit status to the main
|
|||||||
process and exits.
|
process and exits.
|
||||||
After receiving the command's exit status, the main
|
After receiving the command's exit status, the main
|
||||||
\fBsudo\fR
|
\fBsudo\fR
|
||||||
passes the command's exit status to the security policy's close function
|
process passes the command's exit status to the security policy's
|
||||||
and exits.
|
close function, as well as the close function of any configured audit
|
||||||
|
plugin, and exits.
|
||||||
.PP
|
.PP
|
||||||
If no pty is used,
|
If no pty is used,
|
||||||
\fBsudo\fR
|
\fBsudo\fR
|
||||||
@@ -882,7 +884,8 @@ system call to run the command in the child process.
|
|||||||
The main
|
The main
|
||||||
\fBsudo\fR
|
\fBsudo\fR
|
||||||
process waits until the command has completed, then passes the
|
process waits until the command has completed, then passes the
|
||||||
command's exit status to the security policy's close function and exits.
|
command's exit status to the security policy's close function, as
|
||||||
|
well as the close function of any configured audit plugins, and exits.
|
||||||
As a special case, if the policy plugin does not define a close
|
As a special case, if the policy plugin does not define a close
|
||||||
function,
|
function,
|
||||||
\fBsudo\fR
|
\fBsudo\fR
|
||||||
@@ -970,14 +973,6 @@ are run using the
|
|||||||
family of functions instead of
|
family of functions instead of
|
||||||
\fBsystem\fR()
|
\fBsystem\fR()
|
||||||
(which interposes a shell between the command and the calling process).
|
(which interposes a shell between the command and the calling process).
|
||||||
.PP
|
|
||||||
If no I/O logging plugins are loaded and the policy plugin has not
|
|
||||||
defined a
|
|
||||||
\fBclose\fR()
|
|
||||||
function, set a command timeout, or required that the command be
|
|
||||||
run in a new pty,
|
|
||||||
\fBsudo\fR
|
|
||||||
may execute the command directly instead of running it as a child process.
|
|
||||||
.SS "Plugins"
|
.SS "Plugins"
|
||||||
Plugins may be specified via
|
Plugins may be specified via
|
||||||
\fIPlugin\fR
|
\fIPlugin\fR
|
||||||
|
|||||||
@@ -24,7 +24,7 @@
|
|||||||
.nr BA @BAMAN@
|
.nr BA @BAMAN@
|
||||||
.nr LC @LCMAN@
|
.nr LC @LCMAN@
|
||||||
.nr PS @PSMAN@
|
.nr PS @PSMAN@
|
||||||
.Dd September 13, 2022
|
.Dd December 12, 2022
|
||||||
.Dt SUDO @mansectsu@
|
.Dt SUDO @mansectsu@
|
||||||
.Os Sudo @PACKAGE_VERSION@
|
.Os Sudo @PACKAGE_VERSION@
|
||||||
.Sh NAME
|
.Sh NAME
|
||||||
@@ -773,8 +773,8 @@ There are two distinct ways
|
|||||||
.Nm
|
.Nm
|
||||||
can run a command.
|
can run a command.
|
||||||
.Pp
|
.Pp
|
||||||
If an I/O logging plugin is configured or if the security policy
|
If an I/O logging plugin is configured to log terminal I/O, or if
|
||||||
explicitly requests it, a new pseudo-terminal
|
the security policy explicitly requests it, a new pseudo-terminal
|
||||||
.Pq Dq pty
|
.Pq Dq pty
|
||||||
is allocated and
|
is allocated and
|
||||||
.Xr fork 2
|
.Xr fork 2
|
||||||
@@ -786,16 +786,17 @@ The
|
|||||||
.Em monitor
|
.Em monitor
|
||||||
creates a new terminal session with itself as the leader and the pty as its
|
creates a new terminal session with itself as the leader and the pty as its
|
||||||
controlling terminal, calls
|
controlling terminal, calls
|
||||||
.Xr fork 2 ,
|
.Xr fork 2
|
||||||
sets up the execution environment as described above, and then uses the
|
again, sets up the execution environment as described above, and then uses the
|
||||||
.Xr execve 2
|
.Xr execve 2
|
||||||
system call to run the command in the child process.
|
system call to run the command in the child process.
|
||||||
The
|
The
|
||||||
.Em monitor
|
.Em monitor
|
||||||
exists to relay job control signals between the user's
|
exists to relay job control signals between the user's
|
||||||
existing terminal and the pty the command is being run in.
|
terminal and the pty the command is being run in.
|
||||||
This makes it possible to suspend and resume the command.
|
This makes it possible to suspend and resume the command normally.
|
||||||
Without the monitor, the command would be in what POSIX terms an
|
Without the
|
||||||
|
.Em monitor , the command would be in what POSIX terms an
|
||||||
.Dq orphaned process group
|
.Dq orphaned process group
|
||||||
and it would not receive any job control signals from the kernel.
|
and it would not receive any job control signals from the kernel.
|
||||||
When the command exits or is terminated by a signal, the
|
When the command exits or is terminated by a signal, the
|
||||||
@@ -805,8 +806,9 @@ passes the command's exit status to the main
|
|||||||
process and exits.
|
process and exits.
|
||||||
After receiving the command's exit status, the main
|
After receiving the command's exit status, the main
|
||||||
.Nm
|
.Nm
|
||||||
passes the command's exit status to the security policy's close function
|
process passes the command's exit status to the security policy's
|
||||||
and exits.
|
close function, as well as the close function of any configured audit
|
||||||
|
plugin, and exits.
|
||||||
.Pp
|
.Pp
|
||||||
If no pty is used,
|
If no pty is used,
|
||||||
.Nm
|
.Nm
|
||||||
@@ -818,7 +820,8 @@ system call to run the command in the child process.
|
|||||||
The main
|
The main
|
||||||
.Nm
|
.Nm
|
||||||
process waits until the command has completed, then passes the
|
process waits until the command has completed, then passes the
|
||||||
command's exit status to the security policy's close function and exits.
|
command's exit status to the security policy's close function, as
|
||||||
|
well as the close function of any configured audit plugins, and exits.
|
||||||
As a special case, if the policy plugin does not define a close
|
As a special case, if the policy plugin does not define a close
|
||||||
function,
|
function,
|
||||||
.Nm
|
.Nm
|
||||||
@@ -906,14 +909,6 @@ are run using the
|
|||||||
family of functions instead of
|
family of functions instead of
|
||||||
.Fn system
|
.Fn system
|
||||||
(which interposes a shell between the command and the calling process).
|
(which interposes a shell between the command and the calling process).
|
||||||
.Pp
|
|
||||||
If no I/O logging plugins are loaded and the policy plugin has not
|
|
||||||
defined a
|
|
||||||
.Fn close
|
|
||||||
function, set a command timeout, or required that the command be
|
|
||||||
run in a new pty,
|
|
||||||
.Nm
|
|
||||||
may execute the command directly instead of running it as a child process.
|
|
||||||
.Ss Plugins
|
.Ss Plugins
|
||||||
Plugins may be specified via
|
Plugins may be specified via
|
||||||
.Em Plugin
|
.Em Plugin
|
||||||
|
|||||||
Reference in New Issue
Block a user