symbols. In disable_execute(), compute the length of the new envp
and allocate it once instead of reallocating on demand. Also append
old value of LD_PRELOAD (if any) to the new value.
so that the monitor process is owned by root and not by the user.
Otherwise, on AIX at least, the monitor process shows up in ps as
belonging to the user (and can be killed by the user).
dies created a race condition between the monitor exiting and the
status being read. All we really want to do is make sure that
select() notifies us that there is a status change when the monitor
dies unexpectedly so shutdown the socketpair connected to the monitor
for writing when it dies. That way we can still read the status
that is pending on the socket and select() on Linux will tell us
that the fd is ready.
use by sesh.c. This fixes NOEXEC when SELinux is used. Instead
of disabling exec in exec_setup(), disable it immediately before
executing the command. Adapted from a diff by Arno Schuring.
SIGQUIT and SIGHUP when they are user-generated signals. Fixes a
race in the non-I/O logging path where the command may receive two
keyboard-generated signals; one from the kernel and one from the
sudo process.
controlling pgrp if the command is in the foreground. Fixes a race
in the non-I/O logging path where the command may receive two
keyboard-generated signals; one from the kernel and one from the
sudo process.
LOGIN_SETENV instead of rolling our own login.conf setenv support
since FreeBSD's login.conf has more than just setenv capabilities.
This requires us to swap the plugin-provided envp for the global
environ before calling setusercontext() and then stash the resulting
environ pointer back into the command details, which is kind of a
hack.
in BSD vs. Linux. In BSD if one end of the socketpair goes away
select() returns the fd as readable and the read will fail with
ECONNRESET. This doesn't appear to happen on Linux so if we notice
that the monitor process has died when I/O logging is enabled,
behave like the command has exited. This means we log the wait
status of the monitor, not the command, but there is nothing else
we can do at that point. This should only be an issue if SIGKILL
is sent to the monitor process.
the command. Fixes a problem when the entire login session is
killed when ssh is disconnected or the terminal window is closed.
Previously, the monitor would exit and plugin's close method would
not be called.
