that they can implement job control. Most well-behaved shells
change the pgrp back to its original value before suspending so we
must not try to restore in that case, lest we race with the child
upon resume, potentially stopping sudo with SIGTTOU while the command
continues to run. Some shells, such as pdksh, just suspend the
shell by sending SIGSTOP to themselves without restoring the pgrp.
In this case we need to change the pgrp back for them.
Should fix bug #568
it back to the command. This fixes a problem with BSD-derived
versions of the reboot command which send SIGTERM to all other
processes, including the sudo process. Sudo would then deliver
SIGTERM to reboot which would die before calling the reboot() system
call, effectively leaving the system in single user mode.
shortage. Older Solaris select() may return EIO instead of EBADF
when the tty goes away. If we get an unhandled select() failure,
kill the child and exit cleanly.
dies created a race condition between the monitor exiting and the
status being read. All we really want to do is make sure that
select() notifies us that there is a status change when the monitor
dies unexpectedly so shutdown the socketpair connected to the monitor
for writing when it dies. That way we can still read the status
that is pending on the socket and select() on Linux will tell us
that the fd is ready.
use by sesh.c. This fixes NOEXEC when SELinux is used. Instead
of disabling exec in exec_setup(), disable it immediately before
executing the command. Adapted from a diff by Arno Schuring.
SIGQUIT and SIGHUP when they are user-generated signals. Fixes a
race in the non-I/O logging path where the command may receive two
keyboard-generated signals; one from the kernel and one from the
sudo process.
controlling pgrp if the command is in the foreground. Fixes a race
in the non-I/O logging path where the command may receive two
keyboard-generated signals; one from the kernel and one from the
sudo process.
in BSD vs. Linux. In BSD if one end of the socketpair goes away
select() returns the fd as readable and the read will fail with
ECONNRESET. This doesn't appear to happen on Linux so if we notice
that the monitor process has died when I/O logging is enabled,
behave like the command has exited. This means we log the wait
status of the monitor, not the command, but there is nothing else
we can do at that point. This should only be an issue if SIGKILL
is sent to the monitor process.
instead of exit() to avoid flushing buffers twice.
Improved background mode support. When not allocating a pty, the
command is run in its own process group. This prevents write access
to the tty. When running in a pty, stdin is not hooked up and we
never read from /dev/tty, which results in similar behavior.
