This should reduce the amount of time the child has to wait for
the parent to use PTRACE_SEIZE to seize control and then PTRACE_CONT
to continue the child.
The replacement execve() function was passing the global environ
to exec_wrapper() instead of the envp parameter. This caused the
command to be run with the wrong environment on AIX systems, and
possibly others, when intercept or log_subcmds was enabled.
Bug #1030.
It is not possible to change the syscall return value on MIPS
so we cannot support full intercept mode.
Another complication on MIPS is that if a system call is invoked
via syscall(__NR_###), v0 holds __NR_O32_Linux and the real syscall
is in the first arg (a0) and other args are shifted by one.
Define a new sudo setting, `apparmor_profile`, that can be used to pass
in an AppArmor profile that should be used to confine commands. If
apparmor_profile is specified, sudo will execute the command using the
new `apparmor_execve` function, which confines the command under the
provided profile before exec'ing it.
When ptracing a process, we receive the signal-delivery-stop signal
before the group-stop signal. If sudo is running the command in
the same terminal, we need to wait until the stop signal is actually
delivered to the command before we can suspend sudo itself. If we
suspend sudo before receiving the group-stop, the command will be
restarted with PTRACE_LISTEN too late and will miss the SIGCONT
from sudo.
It should also work on s390 but this has not been tested.
I have not added a compat mode to trace 31-bit binaries on s390x
due to the lack of a test system.
Use PTRACE_SETREGSET with NT_ARM_SYSTEM_CALL instead just like we
would for a 64-bit binary. Newer Linux headers don't define
PTRACE_SET_SYSCALL for aarch64.
Mips is a bit different in that most Linux distros appear to use
the n32 ABI on 64-bit CPUs. We don't currently support tracing a
64-bit binary from a 32-bit sudo. We could suport tracing o32
ABI binaries in compat mode, though.
For compat binaries, use the upper 32-bits as the next word instead
of calling ptrace(2) to get it. This reduces the number of ptrace(2)
calls when reading argv and envp for compat binaries.
We align the start of the string table to a word boundary to help
prevent overlap when writing the pointers. However, the actual
strings themselves don't need to be aligned.
In compat mode, if argc is odd, writing the last pointer of argv will
overlap with the address of argv[0], so leave an extra word in between.
Also remove incorrect comments about PTRACE_PEEKDATA unaligned access.
If we try to use the compat word size we can end up in a situation
where a subsequent PTRACE_POKEDATA overwrites part of what we've
already written since it always writes in sizeof(long) units.
