Do not use AX_APPEND_FLAG as it will break static builds by removing
duplicates such as -lz or -latomic which are needed by -lssl and
-lcrypto. This will fix the following build failure with sparc which
needs -latomic:
Checking for X509_STORE_CTX_get0_cert
configure:21215: /home/thomas/autobuild/instance-3/output-1/host/bin/sparc-buildroot-linux-uclibc-gcc -o conftest -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Os -g0 -static -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -DZLIB_CONST -static conftest.c -L/home/thomas/autobuild/instance-3/output-1/host/bin/../sparc-buildroot-linux-uclibc/sysroot/usr/lib -lssl -lz -pthread -latomic -lcrypto >&5
/home/thomas/autobuild/instance-3/output-1/host/lib/gcc/sparc-buildroot-linux-uclibc/10.4.0/../../../../sparc-buildroot-linux-uclibc/bin/ld: /home/thomas/autobuild/instance-3/output-1/host/bin/../sparc-buildroot-linux-uclibc/sysroot/usr/lib/libcrypto.a(x509cset.o): in function `X509_CRL_up_ref':
x509cset.c:(.text+0x108): undefined reference to `__atomic_fetch_add_4'
[...]
In file included from ./hostcheck.c:38:
../../include/sudo_compat.h:342:41: error: conflicting types for 'ASN1_STRING_data'
342 | # define ASN1_STRING_get0_data(x) ASN1_STRING_data(x)
| ^~~~~~~~~~~~~~~~
Fixes:
- http://autobuild.buildroot.org/results/8be59dd94e4916f9457cb435104e36e62a28373b
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
We have to replace argv[0] with the pathname for the policy check
but want to restore it afterwards if the policy has not changed the
command's path name to avoid a mismatch later on.
If the compiler supports [[noreturn]] as a attribute as in C23,
then we define sudo_noreturn to be it. When that's the case, we must place
it at the beginning of the declaration, before any other *extension*
attributes (__attribute(...)).
A bug has been filed with GCC regarding rejecting/accepting mixed
attribute styles.
sudo_dso_public is always an extension attribute, while sudo_noreturn only
might be, so put it first.
This only shows up with GCC 13 so far (see the linked GCC bug for a bit more
exploration). Clang 16 does support the attribute but doesn't let you use it
for earlier language versions (need to pass explicit -std=c2x, unlike with GCC here).
This is essentially a followup to e707ffe58b.
Tested with GCC 13.0.1 20230212 (unreleased), GCC 12.2.1 20230211,
Clang 16.0.0_rc2, and Clang 15.0.7.
Bug: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108796
Closes: https://github.com/sudo-project/sudo/issues/239
Fixes: e707ffe58b
Fixes: 16ae61dcd7
If sudo is not the process group leader and stdin is not a tty, we
may be running as a background job via a shell script. Start the
command in the background to avoid changing the terminal mode from
a background process. GitHub issue #237
When sudo is not the process group leader, we still need to stop
sudo's process group and not just the sudo process itself. If we
only send the signal to sudo itself, the shell will not notice if
it is not in monitor mode. This can happen when sudo is run from
a shell script, for example. In this case we need to signal the
shell itself. If the process group leader is no longer present,
we must kill the command since there will be no one to resume us.
