diff --git a/src/conversation.c b/src/conversation.c
index e94005bad..ed717345f 100644
--- a/src/conversation.c
+++ b/src/conversation.c
@@ -53,7 +53,7 @@ sudo_conversation(int num_msgs, const struct sudo_conv_message msgs[],
 
     for (n = 0; n < num_msgs; n++) {
 	const struct sudo_conv_message *msg = &msgs[n];
-	int flags = tgetpass_flags;
+	unsigned int flags = tgetpass_flags;
 	FILE *fp = stdout;
 
 	switch (msg->msg_type & 0xff) {
diff --git a/src/edit_open.c b/src/edit_open.c
index 3e1c0a74c..3745aa7a2 100644
--- a/src/edit_open.c
+++ b/src/edit_open.c
@@ -406,7 +406,7 @@ sudo_edit_open_nonwritable(char *path, int oflags, mode_t mode,
 
 #ifdef O_NOFOLLOW
 int
-sudo_edit_open(char *path, int oflags, mode_t mode, int sflags,
+sudo_edit_open(char *path, int oflags, mode_t mode, unsigned int sflags,
     const struct sudo_cred *user_cred, const struct sudo_cred *cur_cred)
 {
     int fd;
@@ -435,7 +435,7 @@ sudo_edit_open(char *path, int oflags, mode_t mode, int sflags,
 }
 #else
 int
-sudo_edit_open(char *path, int oflags, mode_t mode, int sflags,
+sudo_edit_open(char *path, int oflags, mode_t mode, unsigned int sflags,
     const struct sudo_cred *user_cred, const struct sudo_cred *cur_cred)
 {
     struct stat sb;
@@ -488,7 +488,7 @@ sudo_edit_open(char *path, int oflags, mode_t mode, int sflags,
  * Does not modify the value of errno.
  */
 bool
-sudo_edit_parent_valid(char *path, int sflags,
+sudo_edit_parent_valid(char *path, unsigned int sflags,
     const struct sudo_cred *user_cred, const struct sudo_cred *cur_cred)
 {
     const int serrno = errno;
diff --git a/src/exec_common.c b/src/exec_common.c
index 869078f74..0f05dad87 100644
--- a/src/exec_common.c
+++ b/src/exec_common.c
@@ -95,7 +95,7 @@ enable_intercept(char *envp[], const char *dso, int intercept_fd)
  */
 int
 sudo_execve(int fd, const char *path, char *const argv[], char *envp[],
-    int intercept_fd, int flags)
+    int intercept_fd, unsigned int flags)
 {
     debug_decl(sudo_execve, SUDO_DEBUG_UTIL);
 
diff --git a/src/parse_args.c b/src/parse_args.c
index 46b656a5a..bd6c29ae5 100644
--- a/src/parse_args.c
+++ b/src/parse_args.c
@@ -42,7 +42,7 @@
 #include "sudo.h"
 #include "sudo_lbuf.h"
 
-int tgetpass_flags;
+unsigned int tgetpass_flags;
 
 /*
  * Local functions.
@@ -225,7 +225,7 @@ parse_env_list(struct environment *e, char *list)
  * Sets nargc and nargv which corresponds to the argc/argv we'll use
  * for the command to be run (if we are running one).
  */
-int
+unsigned int
 parse_args(int argc, char **argv, const char *shell, int *old_optind,
     int *nargc, char ***nargv, struct sudo_settings **settingsp,
     char ***env_addp, const char **list_userp)
@@ -234,9 +234,9 @@ parse_args(int argc, char **argv, const char *shell, int *old_optind,
     struct option *long_opts = sudo_long_opts;
     struct environment extra_env;
     const char *list_user = NULL;
-    int mode = 0;		/* what mode is sudo to be run in? */
-    int flags = 0;		/* mode flags */
-    int valid_flags = DEFAULT_VALID_FLAGS;
+    unsigned int mode = 0;	/* what mode is sudo to be run in? */
+    unsigned int flags = 0;	/* mode flags */
+    unsigned int valid_flags = DEFAULT_VALID_FLAGS;
     int ch, i;
     char *cp;
     debug_decl(parse_args, SUDO_DEBUG_ARGS);
@@ -692,7 +692,7 @@ parse_args(int argc, char **argv, const char *shell, int *old_optind,
     *nargc = argc;
     *nargv = argv;
     *list_userp = list_user;
-    debug_return_int(mode | flags);
+    debug_return_uint(mode | flags);
 }
 
 /*
diff --git a/src/selinux.c b/src/selinux.c
index 153bd58d4..fa5d0318a 100644
--- a/src/selinux.c
+++ b/src/selinux.c
@@ -440,7 +440,7 @@ selinux_setexeccon(void)
 
 void
 selinux_execve(int fd, const char *path, char *const argv[], char *envp[],
-    const char *rundir, int flags)
+    const char *rundir, unsigned int flags)
 {
     char **nargv;
     const char *sesh;
diff --git a/src/sesh.c b/src/sesh.c
index 1fea9c70c..34f168083 100644
--- a/src/sesh.c
+++ b/src/sesh.c
@@ -95,7 +95,7 @@ main(int argc, char *argv[], char *envp[])
 {
     enum sesh_mode mode = SESH_RUN_COMMAND;
     const char *errstr, *rundir = NULL;
-    int flags = CD_SUDOEDIT_FOLLOW;
+    unsigned int flags = CD_SUDOEDIT_FOLLOW;
     char *edit_user = NULL;
     int ch, ret, fd = -1;
     debug_decl(main, SUDO_DEBUG_MAIN);
diff --git a/src/sudo.c b/src/sudo.c
index 0e22e084c..0b3945870 100644
--- a/src/sudo.c
+++ b/src/sudo.c
@@ -140,7 +140,8 @@ main(int argc, char *argv[], char *envp[])
 {
     struct command_details command_details;
     struct user_details user_details;
-    int nargc, sudo_mode, status = 0;
+    unsigned int sudo_mode;
+    int nargc, status = 0;
     char **nargv, **env_add;
     char **command_info = NULL, **argv_out = NULL, **run_envp = NULL;
     const char * const allowed_prognames[] = { "sudo", "sudoedit", NULL };
diff --git a/src/sudo.h b/src/sudo.h
index ce7bd7448..3a6fae0d0 100644
--- a/src/sudo.h
+++ b/src/sudo.h
@@ -52,28 +52,28 @@
 /*
  * Various modes sudo can be in (based on arguments) in hex
  */
-#define MODE_RUN		0x00000001
-#define MODE_EDIT		0x00000002
-#define MODE_VALIDATE		0x00000004
-#define MODE_INVALIDATE		0x00000008
-#define MODE_KILL		0x00000010
-#define MODE_VERSION		0x00000020
-#define MODE_HELP		0x00000040
-#define MODE_LIST		0x00000080
-#define MODE_CHECK		0x00000100
-#define MODE_MASK		0x0000ffff
+#define MODE_RUN		0x00000001U
+#define MODE_EDIT		0x00000002U
+#define MODE_VALIDATE		0x00000004U
+#define MODE_INVALIDATE		0x00000008U
+#define MODE_KILL		0x00000010U
+#define MODE_VERSION		0x00000020U
+#define MODE_HELP		0x00000040U
+#define MODE_LIST		0x00000080U
+#define MODE_CHECK		0x00000100U
+#define MODE_MASK		0x0000ffffU
 
 /* Mode flags */
 /* XXX - prune this */
-#define MODE_BACKGROUND		0x00010000
-#define MODE_SHELL		0x00020000
-#define MODE_LOGIN_SHELL	0x00040000
-#define MODE_IMPLIED_SHELL	0x00080000
-#define MODE_RESET_HOME		0x00100000
-#define MODE_PRESERVE_GROUPS	0x00200000
-#define MODE_PRESERVE_ENV	0x00400000
-#define MODE_NONINTERACTIVE	0x00800000
-#define MODE_LONG_LIST		0x01000000
+#define MODE_BACKGROUND		0x00010000U
+#define MODE_SHELL		0x00020000U
+#define MODE_LOGIN_SHELL	0x00040000U
+#define MODE_IMPLIED_SHELL	0x00080000U
+#define MODE_RESET_HOME		0x00100000U
+#define MODE_PRESERVE_GROUPS	0x00200000U
+#define MODE_PRESERVE_ENV	0x00400000U
+#define MODE_NONINTERACTIVE	0x00800000U
+#define MODE_LONG_LIST		0x01000000U
 
 /* Indexes into sudo_settings[] args, must match parse_args.c. */
 #define ARG_BSDAUTH_TYPE	 0
@@ -110,13 +110,13 @@
 /*
  * Flags for tgetpass()
  */
-#define TGP_NOECHO	0x00		/* turn echo off reading pw (default) */
-#define TGP_ECHO	0x01		/* leave echo on when reading passwd */
-#define TGP_STDIN	0x02		/* read from stdin, not /dev/tty */
-#define TGP_ASKPASS	0x04		/* read from askpass helper program */
-#define TGP_MASK	0x08		/* mask user input when reading */
-#define TGP_NOECHO_TRY	0x10		/* turn off echo if possible */
-#define TGP_BELL	0x20		/* bell on password prompt */
+#define TGP_NOECHO	0x00U		/* turn echo off reading pw (default) */
+#define TGP_ECHO	0x01U		/* leave echo on when reading passwd */
+#define TGP_STDIN	0x02U		/* read from stdin, not /dev/tty */
+#define TGP_ASKPASS	0x04U		/* read from askpass helper program */
+#define TGP_MASK	0x08U		/* mask user input when reading */
+#define TGP_NOECHO_TRY	0x10U		/* turn off echo if possible */
+#define TGP_BELL	0x20U		/* bell on password prompt */
 
 /* name/value pairs for command line settings. */
 struct sudo_settings {
@@ -150,33 +150,33 @@ struct user_details {
     int ts_cols;
 };
 
-#define CD_SET_UID		0x00000001
-#define CD_SET_EUID		0x00000002
-#define CD_SET_GID		0x00000004
-#define CD_SET_EGID		0x00000008
-#define CD_PRESERVE_GROUPS	0x00000010
-#define CD_INTERCEPT		0x00000020
-#define CD_NOEXEC		0x00000040
-#define CD_SET_PRIORITY		0x00000080
-#define CD_SET_UMASK		0x00000100
-#define CD_SET_TIMEOUT		0x00000200
-#define CD_SUDOEDIT		0x00000400
-#define CD_BACKGROUND		0x00000800
-#define CD_RBAC_ENABLED		0x00001000
-#define CD_USE_PTY		0x00002000
-#define CD_SET_UTMP		0x00004000
-#define CD_EXEC_BG		0x00008000
-#define CD_SUDOEDIT_FOLLOW	0x00010000
-#define CD_SUDOEDIT_CHECKDIR	0x00020000
-#define CD_SET_GROUPS		0x00040000
-#define CD_LOGIN_SHELL		0x00080000
-#define CD_OVERRIDE_UMASK	0x00100000
-#define CD_LOG_SUBCMDS		0x00200000
-#define CD_USE_PTRACE		0x00400000
-#define CD_FEXECVE		0x00800000
-#define CD_INTERCEPT_VERIFY	0x01000000
-#define CD_RBAC_SET_CWD		0x02000000
-#define CD_CWD_OPTIONAL		0x04000000
+#define CD_SET_UID		0x00000001U
+#define CD_SET_EUID		0x00000002U
+#define CD_SET_GID		0x00000004U
+#define CD_SET_EGID		0x00000008U
+#define CD_PRESERVE_GROUPS	0x00000010U
+#define CD_INTERCEPT		0x00000020U
+#define CD_NOEXEC		0x00000040U
+#define CD_SET_PRIORITY		0x00000080U
+#define CD_SET_UMASK		0x00000100U
+#define CD_SET_TIMEOUT		0x00000200U
+#define CD_SUDOEDIT		0x00000400U
+#define CD_BACKGROUND		0x00000800U
+#define CD_RBAC_ENABLED		0x00001000U
+#define CD_USE_PTY		0x00002000U
+#define CD_SET_UTMP		0x00004000U
+#define CD_EXEC_BG		0x00008000U
+#define CD_SUDOEDIT_FOLLOW	0x00010000U
+#define CD_SUDOEDIT_CHECKDIR	0x00020000U
+#define CD_SET_GROUPS		0x00040000U
+#define CD_LOGIN_SHELL		0x00080000U
+#define CD_OVERRIDE_UMASK	0x00100000U
+#define CD_LOG_SUBCMDS		0x00200000U
+#define CD_USE_PTRACE		0x00400000U
+#define CD_FEXECVE		0x00800000U
+#define CD_INTERCEPT_VERIFY	0x01000000U
+#define CD_RBAC_SET_CWD		0x02000000U
+#define CD_CWD_OPTIONAL		0x04000000U
 
 struct preserved_fd {
     TAILQ_ENTRY(preserved_fd) entries;
@@ -193,7 +193,7 @@ struct command_details {
     int priority;
     unsigned int timeout;
     int closefrom;
-    int flags;
+    unsigned int flags;
     int execfd;
     int nfiles;
     struct preserved_fd_list preserved_fds;
@@ -240,7 +240,7 @@ enum sudo_gc_types {
 void cleanup(int);
 
 /* tgetpass.c */
-char *tgetpass(const char *prompt, int timeout, int flags,
+char *tgetpass(const char *prompt, int timeout, unsigned int flags,
     struct sudo_conv_callback *callback);
 const struct sudo_cred *sudo_askpass_cred(const struct sudo_cred *cred);
 
@@ -248,10 +248,10 @@ const struct sudo_cred *sudo_askpass_cred(const struct sudo_cred *cred);
 int sudo_execute(struct command_details *details, const struct user_details *ud, struct sudo_event_base *evbase, struct command_status *cstat);
 
 /* parse_args.c */
-int parse_args(int argc, char **argv, const char *shell, int *old_optind,
-    int *nargc, char ***nargv, struct sudo_settings **settingsp,
-    char ***env_addp, const char **list_user);
-extern int tgetpass_flags;
+unsigned int parse_args(int argc, char **argv, const char *shell,
+    int *old_optind, int *nargc, char ***nargv,
+    struct sudo_settings **settingsp, char ***env_addp, const char **list_user);
+extern unsigned int tgetpass_flags;
 
 /* get_pty.c */
 char *get_pty(int *leader, int *follower, uid_t uid);
@@ -290,7 +290,7 @@ int selinux_relabel_tty(const char *ttyn, int ttyfd);
 int selinux_restore_tty(void);
 int selinux_setexeccon(void);
 void selinux_execve(int fd, const char *path, char *const argv[],
-    char *envp[], const char *rundir, int flags);
+    char *envp[], const char *rundir, unsigned int flags);
 
 /* apparmor.c */
 int apparmor_is_enabled(void);
diff --git a/src/sudo_edit.h b/src/sudo_edit.h
index 61b02ebf8..3209b9f5d 100644
--- a/src/sudo_edit.h
+++ b/src/sudo_edit.h
@@ -48,8 +48,8 @@ bool sudo_check_temp_file(int tfd, const char *tname, uid_t uid, struct stat *sb
 /* edit_open.c */
 struct sudo_cred;
 void switch_user(uid_t euid, gid_t egid, int ngroups, GETGROUPS_T *groups);
-int sudo_edit_open(char *path, int oflags, mode_t mode, int sflags, const struct sudo_cred *user_cred, const struct sudo_cred *cur_cred);
+int sudo_edit_open(char *path, int oflags, mode_t mode, unsigned int sflags, const struct sudo_cred *user_cred, const struct sudo_cred *cur_cred);
 int dir_is_writable(int dfd, const struct sudo_cred *user_cred, const struct sudo_cred *cur_cred);
-bool sudo_edit_parent_valid(char *path, int sflags, const struct sudo_cred *user_cred, const struct sudo_cred *cur_cred);
+bool sudo_edit_parent_valid(char *path, unsigned int sflags, const struct sudo_cred *user_cred, const struct sudo_cred *cur_cred);
 
 #endif /* SUDO_EDIT_H */
diff --git a/src/sudo_exec.h b/src/sudo_exec.h
index 6405ee666..61b852bfb 100644
--- a/src/sudo_exec.h
+++ b/src/sudo_exec.h
@@ -180,7 +180,7 @@ bool sudo_terminated(struct command_status *cstat);
 void free_exec_closure(struct exec_closure *ec);
 
 /* exec_common.c */
-int sudo_execve(int fd, const char *path, char *const argv[], char *envp[], int intercept_fd, int flags);
+int sudo_execve(int fd, const char *path, char *const argv[], char *envp[], int intercept_fd, unsigned int flags);
 char **disable_execute(char *envp[], const char *dso);
 char **enable_monitor(char *envp[], const char *dso);
 
diff --git a/src/tgetpass.c b/src/tgetpass.c
index 481256e6f..151cc18a2 100644
--- a/src/tgetpass.c
+++ b/src/tgetpass.c
@@ -108,7 +108,7 @@ tgetpass_display_error(enum tgetpass_errval errval)
  * Like getpass(3) but with timeout and echo flags.
  */
 char *
-tgetpass(const char *prompt, int timeout, int flags,
+tgetpass(const char *prompt, int timeout, unsigned int flags,
     struct sudo_conv_callback *callback)
 {
     struct sigaction sa, savealrm, saveint, savehup, savequit, saveterm;