isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4,940 Commits 1 Branch 0 Tags
0487aee6b44890ab28830c79103fca8d3a5f0015
Commit Graph

47 Commits

Author SHA1 Message Date
Todd C. Miller
0487aee6b4 Bring back closefrom settings. 2010-05-24 15:40:36 -04:00
Todd C. Miller
16c2769ed9 Close the I/O pipes aftering dup2()ing them to std{in,out,err}. 
Fixes extra fds being present in the command when it is part of a pipeline.
 2010-05-21 14:50:26 -04:00
Todd C. Miller
064cffd575 Cosmetic changes: 
add comments, remove orphaned prototype and make a global static.
 2010-05-21 12:01:11 -04:00
Todd C. Miller
a9a16d7331 Move check for maxfd == -1 to flush_output where it belongs. 2010-05-20 17:34:53 -04:00
Todd C. Miller
d18b458e1f Break out of select loop if all the fds we want to select on are -1. 2010-05-20 17:13:22 -04:00
Todd C. Miller
882fe3ac41 Avoid closing stdin/stdout/stderr when we are piping output. 2010-05-20 17:01:27 -04:00
Todd C. Miller
f8ff268318 When execve() of the command fails, it is possible to receive SIGCHLD 
before we've read the error status from the pipe.  Re-order things
such that we send the final status at the very end and prefer error
status over wait status.
 2010-05-20 07:33:14 -04:00
Todd C. Miller
0eec7335af Additional checks to make sure we don't close /dev/tty by mistake. 
When flushing, sleep in select as long as we have buffers that need
to be written out.
 2010-05-18 18:50:20 -04:00
Todd C. Miller
6a2a182e0f Now that we can use pipes for stdin/stdout/stderr there is no 
longer a need to error out when there is no tty.  We just need
to make sure we don't try to use the tty fd if it is -1.
 2010-05-18 17:43:10 -04:00
Todd C. Miller
396317ffe9 Avoid a potential race condition if SIGCHLD is received immediately 
before we call select().
 2010-05-12 11:13:40 -04:00
Todd C. Miller
cafc6a4f66 Fix SIGPIPE handling. Now that we use may use pipes for stdin/stdout 
we need to pass any SIGPIPE we receive to the running command.
 2010-05-11 08:59:59 -04:00
Todd C. Miller
02f8c187a5 Also start the command in the background if stdin is not a tty. 2010-05-11 08:12:02 -04:00
Todd C. Miller
c2d0888bf9 No need to use pseudo-cbreak mode now that we use pipes when stdout is 
not a tty.  Instead, check whether stdin is a tty and if not, delay
setting the tty to raw mode until the command tries to access it itself
(and receives SIGTTIN or SIGTTOU).
 2010-05-10 17:23:35 -04:00
Todd C. Miller
23a9bf2c07 Flush the iobufs on suspend or child exit using the same logic 
as the main event loop.
 2010-05-07 10:15:25 -04:00
Todd C. Miller
b08a96eea7 Free memory after we are done with it. 2010-05-07 10:14:12 -04:00
Todd C. Miller
3cbbf27e9d Go back to reseting io_buffer offset and length (and now also the 
EOF handling) in the loop we do the FD_SET, not after we drain the
buffer after write() since we don't know what order reads and writes
will occur in.
 2010-05-05 16:11:13 -04:00
Todd C. Miller
b4d16ae1af Add support for logging stdin when it is not a tty. 
There is still a bug where "cat | sudo cat" has problems because
both cat and sudo are trying to read from the tty.
 2010-05-05 09:47:12 -04:00
Todd C. Miller
782f494003 Add separate I/O logging functions for tty in/out and stdin/stdout/stderr. 
NOTE: stdin logging does not currently work and is disabled for now.
 2010-05-05 07:29:28 -04:00
Todd C. Miller
e3f561668f Only set user's tty to blocking mode when doing the final flush. 
Flush pipes as well as pty master when the process is done.
 2010-05-04 09:09:12 -04:00
Todd C. Miller
0eda64b235 Do not need the opost flag to term_copy() now that we use pipes for 
stdout/stderr when they are not a tty.
 2010-05-03 10:41:26 -04:00
Todd C. Miller
dd256f25ca Use pipes to the sudo process if stdout or stderr is not a tty. 
Still needs some polishing and a decision as to whether it is
desirable to add additonal entry points for logging stdout/stderr/stdin
when they are not ttys.  That would allow a replay program to keep
things separate and to know whether the terminal needs to be in raw
mode at replay time.
 2010-05-03 10:12:54 -04:00
Todd C. Miller
8fc1ebd4f4 Print signal info after restoring the tty mode, not before. 2010-04-29 16:52:50 -04:00
Todd C. Miller
f45b1e82ed Defer call to alarm() until after we fork the child. 
Pass correct pid to terminate_child()
If the command exits due to signal, set alive to false like we do when it
    exits normally.
Add missing check for errpipe[0] != -1 before using it in FD_ISSET
 2010-04-29 16:47:27 -04:00
Todd C. Miller
ea523b17a4 Use a pipe to pass back errno to the parent if execve() fails. 
If we get an error in script_child(), kill the command and exit.
 2010-04-13 19:40:32 -04:00
Todd C. Miller
40533f381e If execve() fails, leave it to the plugin to print an error string. 2010-04-13 07:39:06 -04:00
Todd C. Miller
e472e4ae01 If execve fails in logging mode, pass the errno directly to the grandparent 
on the backchannel and exit.  The immediate parent will get SIGCHLD and
try to report that status but its parent will no longer be listening.
It would probably be cleaner to pass this over a pipe in script_child().
 2010-04-13 06:31:55 -04:00
Todd C. Miller
711b8d1c04 Only need to take action on SIGCHLD in parent if no I/O logger. 
If there is an I/O logger we will receive ECONNRESET or EPIPE when
we try to read from the socketpair.
 2010-04-10 10:31:47 -04:00
Todd C. Miller
93126eb5ab Don't set SA_RESTART when registering SIGALRM handler. 
Do set SA_RESTART when registering SIGWINCH handler.
 2010-04-08 20:17:26 -04:00
Todd C. Miller
b457f13718 If log_input or log_output returns false, terminate the command. 2010-04-08 09:40:27 -04:00
Todd C. Miller
5b3d150932 Better signal handling. 
Instead of using a single variable to store the received signal, use
an array so we can't lose a signal when multiple are sent.
Fix process termination by SIGALRM in non-I/O logger mode.
Fix relaying terminal signals to the child in non-I/O logger mode.
 2010-04-08 07:40:04 -04:00
Todd C. Miller
a3f4278388 Fix a race between when we get the child pid in the parent and when 
the child process exits.  The problem exhibited as a hang after a
short-lived process, e.g. "sudo id" when no IO logger was enabled.
 2010-04-08 06:12:47 -04:00
Todd C. Miller
2634cf08cc Avoid installing signal handlers that are io-logger specific. Fixes 
job control when no io logger is enabled.
 2010-04-05 16:27:30 -04:00
Todd C. Miller
8c91f0a30c Create our own sys_siglist for systems without it for use by strsignal() 2010-04-02 07:47:19 -04:00
Todd C. Miller
ca2eee07b5 Fix a sizeof(ptr) vs. sizeof(*ptr) 2010-03-31 20:30:34 -04:00
Todd C. Miller
c3e87c2db3 Unlike most operating systems, HP-UX select() is not interrupted 
by SIGCHLD when the signal is registered with SA_RESTART.  If
we clear SA_RESTART when calling sigaction() for SIGCHLD we get
the expected behavior and the code in the select() loops already
handles EINTR correctly.
 2010-03-31 12:43:26 -04:00
Todd C. Miller
f08479f19a Use TIOCGSIZE/TIOCSSIZE instead of TIOCGWINSZ/TIOCSWINSZ 2010-03-17 08:36:17 -04:00
Todd C. Miller
0795ef846c Require either termios or termio, no more sgtty. 2010-03-12 11:45:57 -05:00
Todd C. Miller
c8c4d6a13b Use parent process group id instead of parent process id when checking 
foreground status and suspending parent.  Fixes an issue when running
commands under /usr/bin/time and others.
 2010-03-07 07:45:17 -05:00
Todd C. Miller
4e938c0074 Wire up SIGALRM handler 
Set close on exec flag for child side of the socketpair
Fix signal handling when not doing I/O logging
 2010-03-06 14:34:23 -05:00
Todd C. Miller
19b17c7502 Add fallback to /bin/sh when execve() fails with ENOEXEC. 2010-02-28 15:10:18 -05:00
Todd C. Miller
f145264ee0 Refactor script_execve() a bit so that it can be used in non-script 
mode.  Needs more cleanup.
 2010-02-27 16:53:56 -05:00
Todd C. Miller
ad4a07a44e Handle SIGSTOP in addition to SIGTSTP. Fixes a problem with suspending 
a shell with the "suspend" builtint.
 2010-02-21 10:36:50 -05:00
Todd C. Miller
d73e870e6f In child, handle parent side of the pipe going away. 2010-02-21 10:30:43 -05:00
Todd C. Miller
32ea572f27 No longer need to check for explicit death of the child (process #2) 
since if it dies we will get EPIPE from the socketpair.
Fix a sizeof() that was causing a spurious error.
Convert SCRIPT_DEBUG to sudo_debug.
 2010-02-21 10:26:30 -05:00
Todd C. Miller
afcac08246 Fix uninitialized variable. 2010-02-20 15:13:11 -05:00
Todd C. Miller
b6a4cf7233 Modular sudo front-end which loads policy and I/O plugins that do 
most the actual work.  Currently relies on dynamic loading using
dlopen().  See doc/plugin.pod for the plugin API.
 2010-02-20 09:41:49 -05:00
Todd C. Miller
e90fa482f9 Rework source layout in preparation for modular sudo. 2010-02-20 09:14:01 -05:00