isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Make the behavior when we cannot write to a log or audit file

Browse Source 
configurable.  File log failures are ignored by default for consistency
with syslog.  Audit errors are ignored by default to allow the admin
to fix the issue.  I/O log file errors are still fatal by default
since if I/O logging is activated it is usually to have an audit trail.
Bug #751
This commit is contained in:
Todd C. Miller
2016-08-17 07:22:51 -06:00
parent 9ccd260842
commit ed18d0d5f8
13 changed files with 203 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
src/exec_pty.c
View File

@@ -89,6 +89,7 @@ static int ttymode = TERM_COOKED;
static pid_t ppgrp, cmnd_pgrp, mon_pgrp;
static sigset_t ttyblock;
static struct io_buffer_list iobufs;
static bool ignore_iolog_errors;
static void del_io_events(bool nonblocking);
static int exec_monitor(struct command_details *details, int backchannel);
@@ -218,7 +219,8 @@ log_ttyin(const char *buf, unsigned int n, struct io_buffer *iob)
/* Error: disable plugin's I/O function. */
plugin->u.io->log_ttyin = NULL;
}
rval = false;
if (!ignore_iolog_errors)
rval = false;
break;
}
}
@@ -250,7 +252,8 @@ log_stdin(const char *buf, unsigned int n, struct io_buffer *iob)
/* Error: disable plugin's I/O function. */
plugin->u.io->log_stdin = NULL;
}
rval = false;
if (!ignore_iolog_errors)
rval = false;
break;
}
}
@@ -282,7 +285,8 @@ log_ttyout(const char *buf, unsigned int n, struct io_buffer *iob)
/* Error: disable plugin's I/O function. */
plugin->u.io->log_ttyout = NULL;
}
rval = false;
if (!ignore_iolog_errors)
rval = false;
break;
}
}
@@ -326,7 +330,8 @@ log_stdout(const char *buf, unsigned int n, struct io_buffer *iob)
/* Error: disable plugin's I/O function. */
plugin->u.io->log_stdout = NULL;
}
rval = false;
if (!ignore_iolog_errors)
rval = false;
break;
}
}
@@ -370,7 +375,8 @@ log_stderr(const char *buf, unsigned int n, struct io_buffer *iob)
/* Error: disable plugin's I/O function. */
plugin->u.io->log_stderr = NULL;
}
rval = false;
if (!ignore_iolog_errors)
rval = false;
break;
}
}
@@ -676,7 +682,8 @@ write_callback(int fd, int what, void *v)
}
static void
io_buf_new(int rfd, int wfd, bool (*action)(const char *, unsigned int, struct io_buffer *),
io_buf_new(int rfd, int wfd,
bool (*action)(const char *, unsigned int, struct io_buffer *),
struct io_buffer_list *head)
{
int n;
@@ -742,6 +749,13 @@ fork_pty(struct command_details *details, int sv[], sigset_t *omask)
sigaddset(&ttyblock, SIGTTIN);
sigaddset(&ttyblock, SIGTTOU);
/*
* The security policy may tell us to ignore errors from the
* I/O log functions.
*/
if (!ISSET(details->flags, CD_IGNORE_IOLOG_ERRS))
ignore_iolog_errors = true;
/*
* Setup stdin/stdout/stderr for child, to be duped after forking.
* In background mode there is no stdin.