group before informing the main sudo process of the command's exit
status. This will prevent processes started by the command (which
runs in a different process group) from receiving SIGHUP since the
kernel sends SIGHUP to the foreground process group associated with
the terminal session. The monitor has a SIGHUP handler installed
so the signal is effectively ignored.
to handle EINTR. We now use SA_RESTART with signals so this is not
needed and is potentially dangerous if it is possible to receive
SIGTTIN or SIGTTOU (which it currently is not).
We can't use a signal event for these since that would restart the
system call after the signal was handled and the callback would not
get a chance to run. Fixes running a command in the background that
write to the tty when the TOSTOP terminal flag is set.
the terminal in most cases. If the background process tries to
modify the terminal flags it will receive SIGTTOU which is relayed
to the sudo front-end. This currently mishandles terminals with
the TOSTOP local flag set.
is an unqualified host name. From Daniel Kopecek.
Also move the "unable to allocate memory" warning into get_ipa_hostname()
itself to make it easier to see where the allocation failed in the
debug log.
is required, clear FLAG_NOPASSWD so that when listpw/verifypw is
set to "all" and there are multiple sudoers sources a password will
be required unless none of the entries in all sources require
authentication. From Radovan Sroka of RedHat
false (since the user didn't authenticate). The normal reason for
this is an authentication error but in this case no authentication
was tries so no warning message has been displayed to the user. If
the user wasn't given a chance to authenticate, set inform_user to
true when calling log_denial() from sudoers_policy_main().
An alternate approach would be for check_user() to return true
in this case but seems more confusing.
was incomplete. If no -g option was specified on the command line
but sudoRunAsGroup is present in a sudoRole, we need to treat the
group match as failed instead of missing.
results in "sudo -U otheruser -l" exiting with a status of 0 even
when otheruser is not allowed to run commands. This is appropriate
since the "sudo -l" command was successful. This does not change
the exit value when otheruser runs "sudo -l" themselves, the exit
status will be 1 since that user is not allowed to run commands.
Requested by Radovan Sroka.
