This makes it easier to detect a plaintext client sending to a
TLS port. Without this, the TLS server will be silent as it
waits for the client to initiate the TLS connection.
For TLS connections we now do the TLS handshake immediately before
the ServerHello message. This lets the client recieve an alert
from the server is there is a handshake error after the TLS connect
has succeeded. It also means that the contents of the ServerHello
are protected from a man-in-the-middle attack.
On some systems, poll() and select() can return EAGAIN instead
of ENOMEM if there is a kernel resource shortage. In this case
we just re-enter the event loop and retry.
Newer versions of python3-config only include libpython in the
output when the --embed is used. Otherwise, "python3-config --libs"
and "python3-config --ldflags" only list the libraries python is
dependent on and not the python library itself.
Both poll(2) and ppoll(2) will return EINVAL if the nfds function
argument is larger than the max files per process resource limit.
Prevent this by limiting the max number entries in the pfds[] array
to the RLIMIT_NOFILE soft limit.
It is only effective to set pp_macos_default_service_id_prefix in
the indivisual %service sections (and not %set) so we may was well
use pp_macos_service_id which includes the service name.
We can't use run_command() to run sesh, that will use the sudo event
loop (and might run it in a pty!).
There's no need to relabel the tty when copying files.
Get the path to sesh from sudo.conf.
Currently, for SELinux RBAC, the editor runs with the target user's
security context. This defeats the purpose of sudoedit. Fixing
that requires passing file descriptors between the main sudo process
(running with the invoking user's security context) and sesh (runnning
with the target user's security context).
Instead of opening the original file for writing w/ tuncation, we
first extend the file with zeroes (by writing, not seeking), then
overwrite it. This should allow sudo to fail early if the disk is
out of space before it overwrites the original file.
The Signals enum was added in Python 3.5. If it is not present we
need to iterate over the dictionary items, looking for signal name
to number mappings. Fixes the signal tests with Python 3.4.
When converting sudo options from a dictionary to a tuple we need
to track the current index into the tuple separately from the
position of the dictionary entry.
For rpm and deb we include the file directly and mark it volatile.
For all others we copy it in the postinstall script from the example
dir if the file doesn't already exist.
