The sudo.conf file is considered a trusted source of information
and these checks suffer from TOCTOU issues anyway. The checks
complicate loading of shared objects since we need to perform
fallback processing twice.
If the .so file is missing but the .a file exists, try to dlopen()
the AIX .a file using the .so name as the member. We need to avoid
breaking existing configurations if the type of AIX shared library
changes when sudo is upgraded.
This removes the need to use the -brtl linker flag which can cause
problems when there are both a .so and .a version of the same library
but with different versions. This was particularly problematic
when using the AIX freeware version of OpenSSL. The --with-aix-soname=svr4
option can be used to build SVR4-style shared libs instead.
If sudo is not the process group leader we must only send the suspend
signal to sudo itself. When sudo is run via a shell script, it
usually has the same process group as the shell script interpreter.
We do not want to suspend the script itself when the command run
by sudo is suspended.
When sudo runs a command in the user's existing terminal the command
is run in the same process group as sudo itself. The proper way
to terminate it is to use kill(2), not killpg(3)
Fixes a problem for intercept_method=trace when running a relative
command from a different directory than what sudo ws started from.
GitHub issue #194
If output is being written to a terminal in "raw" mode, we need to
add a carriage return after the newline to avoid "stair-step" output.
However, we should not write the carriage return if the terminal
is in "cooked" mode, output to a pipe, or output redirected to a file.
Bug #1042.
If we are logging I/O but not terminal input/output (either because
no terminal is present or because that is what the plugin requested),
the non-pty exec path is now taken.
This will be shared with exec_nopty.c in the future to log
stdin/stdout/stderr without running the command in a pty.
Both exec_pty.c and exec_nopty.c now use the same closure.
Renamed __malloc -> sudo_malloclike, __printflike -> sudo_printflike,
__printf0like -> sudo_printf0like.
Add sudo_noreturn instead of __attribute__((__noreturn__)).
We do not use stdnoreturn.h since it has been deprecated in C23
in favor of the [[noreturn]] attribute.
We now store the vector immediately after the string table.
It is possible for argv and its contents to be invalidated
by realloc() when reading envp so we store the pointers as
offsets until we are done allocating.
