how a user's groups are looked up. Legal values are static (just
the kernel list from getgroups), dynamic (whatever the group database
includes) and adaptive (only use group db if kernel group list is
full).
wrapper that has an extra flag to check the saved_signals list to
only install the handler if the signal is not already ignored.
Bump plugin API version for the new front-end signal behavior.
the command. If we get SIGINT or SIGQUIT, call the plugin close()
functions as if the command was interrupted. If we get SIGTSTP,
uninstall the handler and deliver SIGTSTP to ourselves.
option to match. When set, commands are started in the background
and automatically foregrounded as needed. There are issues with
some ill-mannered programs (like Linux su) so this is not the
default.
MAXHOSTNAMELEN and the MIN/MAX macros. We now use PATH_MAX and
HOST_NAME_MAX throughout without falling back on MAXPATHLEN or
MAXHOSTNAMELEN and define our own MIN/MAX macros as needed.
This causes problems when setting RLIMIT_NPROC to RLIM_INFINITY due
to a bug in bash where bash tries to honor the value of _SC_CHILD_MAX
but treats a value of -1 as an error, and uses a default value of
32 instead.
Previously, we just checked RLIMIT_NPROC and, if it was unlimited,
restored the previous value of RLIMIT_NPROC. However, that makes
it impossible to set nproc to unlimited. We now only restore the
nproc resource limit if sysconf(_SC_CHILD_MAX) is negative. In
most cases, pam_limits will set RLIMIT_NPROC for us.
function so session setup can modify the user environment as needed.
For PAM authentication, merge the PAM environment with the user
environment at init_session time. We no longer need to swap in the
user_env for environ during session init, nor do we need to disable
the env hooks at init_session time.
hooks for getenv, putenv, setenv and unsetenv. This makes it
possible for the plugin to trap changes to the environment made by
authentication methods such as PAM or BSD auth so that such changes
are reflected in the environment passed back to sudo for execve().
Bump the minor number accordingly and update the documentation. A
plugin must check the sudo front end's version before using the
plugin_args parameter since it is only supported for API version
1.2 and higher.
so that the monitor process is owned by root and not by the user.
Otherwise, on AIX at least, the monitor process shows up in ps as
belonging to the user (and can be killed by the user).
dies created a race condition between the monitor exiting and the
status being read. All we really want to do is make sure that
select() notifies us that there is a status change when the monitor
dies unexpectedly so shutdown the socketpair connected to the monitor
for writing when it dies. That way we can still read the status
that is pending on the socket and select() on Linux will tell us
that the fd is ready.
use by sesh.c. This fixes NOEXEC when SELinux is used. Instead
of disabling exec in exec_setup(), disable it immediately before
executing the command. Adapted from a diff by Arno Schuring.
