run "make tsdump" in the plugins/sudoers directory (it is not built
by default). In order to map the tty device number to a name,
sudo_ttyname_dev() has been moved into libsudo_util.
group before informing the main sudo process of the command's exit
status. This will prevent processes started by the command (which
runs in a different process group) from receiving SIGHUP since the
kernel sends SIGHUP to the foreground process group associated with
the terminal session. The monitor has a SIGHUP handler installed
so the signal is effectively ignored.
to handle EINTR. We now use SA_RESTART with signals so this is not
needed and is potentially dangerous if it is possible to receive
SIGTTIN or SIGTTOU (which it currently is not).
We can't use a signal event for these since that would restart the
system call after the signal was handled and the callback would not
get a chance to run. Fixes running a command in the background that
write to the tty when the TOSTOP terminal flag is set.
the terminal in most cases. If the background process tries to
modify the terminal flags it will receive SIGTTOU which is relayed
to the sudo front-end. This currently mishandles terminals with
the TOSTOP local flag set.
useful to know when the command continued but we don't want to
inform the parent or store the wait status in this case. Fixes a
hang after multiple suspends on Linux.
even if no changes were made to the file, it was returning 1 instead
which would be interpreted as the command having received SIGHUP.
Use the W_EXITCODE() to construct a proper wait status in the error
case too.
/proc/self/stat on Linux. It is an unsigned int value that
is printed as a signed int but dev_t is unsigned long long.
We need to cast to unsigned int before assigning to a dev_t.
/proc/self/stat until EOF. It is not legal for /proc/self/stat to
contain embedded NUL bytes so treat the file as corrupt if we see
any. With help from Qualys.
This is not exploitable due to the /dev traversal changes in sudo
1.8.20p1 (thanks Solar!).
the process name contains spaces. Since the user has control over
the command name this could be used by a user with sudo access to
overwrite an arbitrary file.
Thanks to Qualys for investigating and reporting this bug.
Also stop performing a breadth-first traversal of /dev when looking
for the device. Only the directories specified in search_devs[]
are checked.
Otherwise, it is possible for the command to exit before the SIGCHLD
handler is installed. POSIX says that signals that are ignored by
default are still ignored even if the signal mask would block them.
We need to have a handler installed for SIGCHLD before the fork().
