diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-15 13:14:46 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-15 13:14:46 +0000 |
commit | 025c439e829e0db9ac511cd9c1b8d5fd53475ead (patch) | |
tree | fa6986b4690f991613ffb97cea1f6942427baf5d /src/exec_nopty.c | |
parent | Initial commit. (diff) | |
download | sudo-upstream/1.9.15p5.tar.xz sudo-upstream/1.9.15p5.zip |
Adding upstream version 1.9.15p5.upstream/1.9.15p5upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r-- | src/exec_nopty.c | 812 |
1 files changed, 812 insertions, 0 deletions
diff --git a/src/exec_nopty.c b/src/exec_nopty.c new file mode 100644 index 0000000..1b1ae6d --- /dev/null +++ b/src/exec_nopty.c @@ -0,0 +1,812 @@ +/* + * SPDX-License-Identifier: ISC + * + * Copyright (c) 2009-2023 Todd C. Miller <Todd.Miller@sudo.ws> + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * This is an open source non-commercial project. Dear PVS-Studio, please check it. + * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com + */ + +#include <config.h> + +#include <sys/types.h> +#include <sys/socket.h> +#include <sys/wait.h> +#include <sys/ioctl.h> + +#if defined(HAVE_STDINT_H) +# include <stdint.h> +#elif defined(HAVE_INTTYPES_H) +# include <inttypes.h> +#endif +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> +#include <errno.h> +#include <fcntl.h> +#include <signal.h> +#include <termios.h> /* for struct winsize on HP-UX */ + +#include <sudo.h> +#include <sudo_exec.h> +#include <sudo_plugin.h> +#include <sudo_plugin_int.h> + +static void handle_sigchld_nopty(struct exec_closure *ec); + +/* + * Handle window size change events. + */ +static void +handle_sigwinch(struct exec_closure *ec, int fd) +{ + struct winsize wsize; + debug_decl(handle_sigwinch, SUDO_DEBUG_EXEC); + + if (fd != -1 && ioctl(fd, TIOCGWINSZ, &wsize) == 0) { + if (wsize.ws_row != ec->rows || wsize.ws_col != ec->cols) { + /* Log window change event. */ + log_winchange(ec, wsize.ws_row, wsize.ws_col); + + /* Update rows/cols. */ + ec->rows = wsize.ws_row; + ec->cols = wsize.ws_col; + } + } +} + +/* Note: this is basically the same as mon_errpipe_cb() in exec_monitor.c */ +static void +errpipe_cb(int fd, int what, void *v) +{ + struct exec_closure *ec = v; + ssize_t nread; + int errval; + debug_decl(errpipe_cb, SUDO_DEBUG_EXEC); + + /* + * Read errno from child or EOF when command is executed. + * Note that the error pipe is *blocking*. + */ + nread = read(fd, &errval, sizeof(errval)); + switch (nread) { + case -1: + if (errno != EAGAIN && errno != EINTR) { + if (ec->cstat->val == CMD_INVALID) { + /* XXX - need a way to distinguish non-exec error. */ + ec->cstat->type = CMD_ERRNO; + ec->cstat->val = errno; + } + sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO, + "%s: failed to read error pipe", __func__); + sudo_ev_loopbreak(ec->evbase); + } + break; + default: + if (nread == 0) { + /* The error pipe closes when the command is executed. */ + sudo_debug_printf(SUDO_DEBUG_INFO, "EOF on error pipe"); + } else { + /* Errno value when child is unable to execute command. */ + sudo_debug_printf(SUDO_DEBUG_INFO, "errno from child: %s", + strerror(errval)); + ec->cstat->type = CMD_ERRNO; + ec->cstat->val = errval; + } + sudo_ev_del(ec->evbase, ec->backchannel_event); + close(fd); + break; + } + debug_return; +} + +/* Signal callback */ +static void +signal_cb_nopty(int signo, int what, void *v) +{ + struct sudo_ev_siginfo_container *sc = v; + struct exec_closure *ec = sc->closure; + char signame[SIG2STR_MAX]; + pid_t si_pgrp; + debug_decl(signal_cb_nopty, SUDO_DEBUG_EXEC); + + if (ec->cmnd_pid == -1) + debug_return; + + if (sig2str(signo, signame) == -1) + (void)snprintf(signame, sizeof(signame), "%d", signo); + sudo_debug_printf(SUDO_DEBUG_DIAG, + "%s: evbase %p, command: %d, signo %s(%d), cstat %p", + __func__, ec->evbase, (int)ec->cmnd_pid, signame, signo, ec->cstat); + + switch (signo) { + case SIGCHLD: + handle_sigchld_nopty(ec); + if (ec->cmnd_pid == -1) { + /* Command exited or was killed, exit event loop. */ + sudo_ev_loopexit(ec->evbase); + } + debug_return; + case SIGWINCH: + handle_sigwinch(ec, io_fds[SFD_USERTTY]); + FALLTHROUGH; +#ifdef SIGINFO + case SIGINFO: +#endif + case SIGINT: + case SIGQUIT: + case SIGTSTP: + /* + * Only forward user-generated signals not sent by a process other than + * the command itself or a member of the command's process group (but + * only when either sudo or the command is the process group leader). + * Signals sent by the kernel may include SIGTSTP when the user presses + * ^Z. Curses programs often trap ^Z and send SIGTSTP to their own + * process group, so we don't want to send an extra SIGTSTP. + */ + if (!USER_SIGNALED(sc->siginfo)) + debug_return; + if (sc->siginfo->si_pid != 0) { + if (sc->siginfo->si_pid == ec->cmnd_pid) + debug_return; + si_pgrp = getpgid(sc->siginfo->si_pid); + if (si_pgrp != -1) { + if (si_pgrp == ec->cmnd_pid || si_pgrp == ec->sudo_pid) + debug_return; + } + } + break; + default: + /* + * Do not forward signals sent by the command itself or a member of the + * command's process group (but only when either sudo or the command is + * the process group leader). We don't want the command to indirectly + * kill itself. For example, this can happen with some versions of + * reboot that call kill(-1, SIGTERM) to kill all other processes. + */ + if (USER_SIGNALED(sc->siginfo) && sc->siginfo->si_pid != 0) { + if (sc->siginfo->si_pid == ec->cmnd_pid) + debug_return; + si_pgrp = getpgid(sc->siginfo->si_pid); + if (si_pgrp != -1) { + if (si_pgrp == ec->cmnd_pid || si_pgrp == ec->sudo_pid) + debug_return; + } + } + break; + } + + /* Send signal to command. */ + if (signo == SIGALRM) { + terminate_command(ec->cmnd_pid, false); + } else if (kill(ec->cmnd_pid, signo) != 0) { + sudo_warn("kill(%d, SIG%s)", (int)ec->cmnd_pid, signame); + } + + debug_return; +} + + +/* + * Fill in the exec closure and setup initial exec events. + * Allocates events for the signal pipe and error pipe. + */ +static void +fill_exec_closure(struct exec_closure *ec, struct command_status *cstat, + struct command_details *details, const struct user_details *user_details, + struct sudo_event_base *evbase, int errfd) +{ + debug_decl(fill_exec_closure, SUDO_DEBUG_EXEC); + + /* Fill in the non-event part of the closure. */ + ec->sudo_pid = getpid(); + ec->ppgrp = getpgrp(); + ec->cstat = cstat; + ec->details = details; + ec->rows = user_details->ts_rows; + ec->cols = user_details->ts_cols; + + /* Setup event base and events. */ + ec->evbase = evbase; + + /* Event for command status via errfd. */ + ec->backchannel_event = sudo_ev_alloc(errfd, + SUDO_EV_READ|SUDO_EV_PERSIST, errpipe_cb, ec); + if (ec->backchannel_event == NULL) + sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + if (sudo_ev_add(ec->evbase, ec->backchannel_event, NULL, false) == -1) + sudo_fatal("%s", U_("unable to add event to queue")); + sudo_debug_printf(SUDO_DEBUG_INFO, "error pipe fd %d\n", errfd); + + /* Events for local signals. */ + ec->sigint_event = sudo_ev_alloc(SIGINT, + SUDO_EV_SIGINFO, signal_cb_nopty, ec); + if (ec->sigint_event == NULL) + sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + if (sudo_ev_add(ec->evbase, ec->sigint_event, NULL, false) == -1) + sudo_fatal("%s", U_("unable to add event to queue")); + + ec->sigquit_event = sudo_ev_alloc(SIGQUIT, + SUDO_EV_SIGINFO, signal_cb_nopty, ec); + if (ec->sigquit_event == NULL) + sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + if (sudo_ev_add(ec->evbase, ec->sigquit_event, NULL, false) == -1) + sudo_fatal("%s", U_("unable to add event to queue")); + + ec->sigtstp_event = sudo_ev_alloc(SIGTSTP, + SUDO_EV_SIGINFO, signal_cb_nopty, ec); + if (ec->sigtstp_event == NULL) + sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + if (sudo_ev_add(ec->evbase, ec->sigtstp_event, NULL, false) == -1) + sudo_fatal("%s", U_("unable to add event to queue")); + + ec->sigterm_event = sudo_ev_alloc(SIGTERM, + SUDO_EV_SIGINFO, signal_cb_nopty, ec); + if (ec->sigterm_event == NULL) + sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + if (sudo_ev_add(ec->evbase, ec->sigterm_event, NULL, false) == -1) + sudo_fatal("%s", U_("unable to add event to queue")); + + ec->sighup_event = sudo_ev_alloc(SIGHUP, + SUDO_EV_SIGINFO, signal_cb_nopty, ec); + if (ec->sighup_event == NULL) + sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + if (sudo_ev_add(ec->evbase, ec->sighup_event, NULL, false) == -1) + sudo_fatal("%s", U_("unable to add event to queue")); + + ec->sigalrm_event = sudo_ev_alloc(SIGALRM, + SUDO_EV_SIGINFO, signal_cb_nopty, ec); + if (ec->sigalrm_event == NULL) + sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + if (sudo_ev_add(ec->evbase, ec->sigalrm_event, NULL, false) == -1) + sudo_fatal("%s", U_("unable to add event to queue")); + + ec->sigpipe_event = sudo_ev_alloc(SIGPIPE, + SUDO_EV_SIGINFO, signal_cb_nopty, ec); + if (ec->sigpipe_event == NULL) + sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + if (sudo_ev_add(ec->evbase, ec->sigpipe_event, NULL, false) == -1) + sudo_fatal("%s", U_("unable to add event to queue")); + + ec->sigusr1_event = sudo_ev_alloc(SIGUSR1, + SUDO_EV_SIGINFO, signal_cb_nopty, ec); + if (ec->sigusr1_event == NULL) + sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + if (sudo_ev_add(ec->evbase, ec->sigusr1_event, NULL, false) == -1) + sudo_fatal("%s", U_("unable to add event to queue")); + + ec->sigusr2_event = sudo_ev_alloc(SIGUSR2, + SUDO_EV_SIGINFO, signal_cb_nopty, ec); + if (ec->sigusr2_event == NULL) + sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + if (sudo_ev_add(ec->evbase, ec->sigusr2_event, NULL, false) == -1) + sudo_fatal("%s", U_("unable to add event to queue")); + + ec->sigchld_event = sudo_ev_alloc(SIGCHLD, + SUDO_EV_SIGINFO, signal_cb_nopty, ec); + if (ec->sigchld_event == NULL) + sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + if (sudo_ev_add(ec->evbase, ec->sigchld_event, NULL, false) == -1) + sudo_fatal("%s", U_("unable to add event to queue")); + + ec->sigcont_event = sudo_ev_alloc(SIGCONT, + SUDO_EV_SIGINFO, signal_cb_nopty, ec); + if (ec->sigcont_event == NULL) + sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + if (sudo_ev_add(ec->evbase, ec->sigcont_event, NULL, false) == -1) + sudo_fatal("%s", U_("unable to add event to queue")); + +#ifdef SIGINFO + ec->siginfo_event = sudo_ev_alloc(SIGINFO, + SUDO_EV_SIGINFO, signal_cb_nopty, ec); + if (ec->siginfo_event == NULL) + sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + if (sudo_ev_add(ec->evbase, ec->siginfo_event, NULL, false) == -1) + sudo_fatal("%s", U_("unable to add event to queue")); +#endif + + ec->sigwinch_event = sudo_ev_alloc(SIGWINCH, + SUDO_EV_SIGINFO, signal_cb_nopty, ec); + if (ec->sigwinch_event == NULL) + sudo_fatalx(U_("%s: %s"), __func__, U_("unable to allocate memory")); + if (sudo_ev_add(ec->evbase, ec->sigwinch_event, NULL, false) == -1) + sudo_fatal("%s", U_("unable to add event to queue")); + + /* Set the default event base. */ + sudo_ev_base_setdef(ec->evbase); + + debug_return; +} + +/* + * Read an iobuf that is ready. + */ +static void +read_callback(int fd, int what, void *v) +{ + struct io_buffer *iob = v; + struct sudo_event_base *evbase = sudo_ev_get_base(iob->revent); + ssize_t n; + debug_decl(read_callback, SUDO_DEBUG_EXEC); + + n = read(fd, iob->buf + iob->len, sizeof(iob->buf) - iob->len); + switch (n) { + case -1: + if (errno == EAGAIN || errno == EINTR) { + /* Not an error, retry later. */ + break; + } + /* Treat read error as fatal and close the fd. */ + sudo_debug_printf(SUDO_DEBUG_ERROR, + "error reading fd %d: %s", fd, strerror(errno)); + FALLTHROUGH; + case 0: + /* got EOF */ + if (n == 0) { + sudo_debug_printf(SUDO_DEBUG_INFO, + "read EOF from fd %d", fd); + } + safe_close(fd); + ev_free_by_fd(evbase, fd); + /* If writer already consumed the buffer, close it too. */ + if (iob->wevent != NULL && iob->off == iob->len) { + safe_close(sudo_ev_get_fd(iob->wevent)); + ev_free_by_fd(evbase, sudo_ev_get_fd(iob->wevent)); + iob->off = iob->len = 0; + } + break; + default: + sudo_debug_printf(SUDO_DEBUG_INFO, + "read %zd bytes from fd %d", n, fd); + if (!iob->action(iob->buf + iob->len, (unsigned int)n, iob)) { + terminate_command(iob->ec->cmnd_pid, false); + iob->ec->cmnd_pid = -1; + } + iob->len += (unsigned int)n; + /* Disable reader if buffer is full. */ + if (iob->len == sizeof(iob->buf)) + sudo_ev_del(evbase, iob->revent); + /* Enable writer now that there is new data in the buffer. */ + if (iob->wevent != NULL) { + if (sudo_ev_add(evbase, iob->wevent, NULL, false) == -1) + sudo_fatal("%s", U_("unable to add event to queue")); + } + break; + } + + debug_return; +} + +/* + * Write an iobuf that is ready. + */ +static void +write_callback(int fd, int what, void *v) +{ + struct io_buffer *iob = v; + struct sudo_event_base *evbase = sudo_ev_get_base(iob->wevent); + ssize_t n; + debug_decl(write_callback, SUDO_DEBUG_EXEC); + + n = write(fd, iob->buf + iob->off, iob->len - iob->off); + if (n == -1) { + switch (errno) { + case EPIPE: + case EBADF: + /* other end of pipe closed */ + sudo_debug_printf(SUDO_DEBUG_INFO, + "unable to write %u bytes to fd %d", + iob->len - iob->off, fd); + /* Close reader if there is one. */ + if (iob->revent != NULL) { + safe_close(sudo_ev_get_fd(iob->revent)); + ev_free_by_fd(evbase, sudo_ev_get_fd(iob->revent)); + } + safe_close(fd); + ev_free_by_fd(evbase, fd); + break; + case EINTR: + case EAGAIN: + /* Not an error, retry later. */ + break; + default: + /* XXX - need a way to distinguish non-exec error. */ + iob->ec->cstat->type = CMD_ERRNO; + iob->ec->cstat->val = errno; + sudo_debug_printf(SUDO_DEBUG_ERROR, + "error writing fd %d: %s", fd, strerror(errno)); + sudo_ev_loopbreak(evbase); + break; + } + } else { + sudo_debug_printf(SUDO_DEBUG_INFO, + "wrote %zd bytes to fd %d", n, fd); + iob->off += (unsigned int)n; + /* Disable writer and reset the buffer if fully consumed. */ + if (iob->off == iob->len) { + iob->off = iob->len = 0; + sudo_ev_del(evbase, iob->wevent); + /* Forward the EOF from reader to writer. */ + if (iob->revent == NULL) { + safe_close(fd); + ev_free_by_fd(evbase, fd); + } + } + /* + * Enable reader if buffer is not full but avoid reading + * /dev/tty if the command is no longer running. + */ + if (iob->revent != NULL && iob->len != sizeof(iob->buf)) { + if (!USERTTY_EVENT(iob->revent) || iob->ec->cmnd_pid != -1) { + if (sudo_ev_add(evbase, iob->revent, NULL, false) == -1) + sudo_fatal("%s", U_("unable to add event to queue")); + } + } + } + + debug_return; +} + +/* + * If std{in,out,err} are not connected to a terminal, interpose + * ourselves using a pipe. Fills in io_pipe[][]. + */ +static void +interpose_pipes(struct exec_closure *ec, const char *tty, int io_pipe[3][2]) +{ + bool interpose[3] = { false, false, false }; + struct stat sb, tty_sbuf, *tty_sb = NULL; + struct plugin_container *plugin; + bool want_winch = false; + debug_decl(interpose_pipes, SUDO_DEBUG_EXEC); + + /* + * Determine whether any of std{in,out,err} or window size changes + * should be logged. + */ + TAILQ_FOREACH(plugin, &io_plugins, entries) { + if (plugin->u.io->log_stdin) + interpose[STDIN_FILENO] = true; + if (plugin->u.io->log_stdout) + interpose[STDOUT_FILENO] = true; + if (plugin->u.io->log_stderr) + interpose[STDERR_FILENO] = true; + if (plugin->u.io->version >= SUDO_API_MKVERSION(1, 12)) { + if (plugin->u.io->change_winsize) + want_winch = true; + } + } + + /* + * If stdin, stdout or stderr is not the user's tty and logging is + * enabled, use a pipe to interpose ourselves. + */ + if (tty != NULL && stat(tty, &tty_sbuf) != -1) + tty_sb = &tty_sbuf; + + if (interpose[STDIN_FILENO]) { + if (!fd_matches_tty(STDIN_FILENO, tty_sb, &sb)) { + sudo_debug_printf(SUDO_DEBUG_INFO, + "stdin not user's tty, creating a pipe"); + if (pipe2(io_pipe[STDIN_FILENO], O_CLOEXEC) != 0) + sudo_fatal("%s", U_("unable to create pipe")); + io_buf_new(STDIN_FILENO, io_pipe[STDIN_FILENO][1], + log_stdin, read_callback, write_callback, ec); + } + } + if (interpose[STDOUT_FILENO]) { + if (!fd_matches_tty(STDOUT_FILENO, tty_sb, &sb)) { + sudo_debug_printf(SUDO_DEBUG_INFO, + "stdout not user's tty, creating a pipe"); + if (pipe2(io_pipe[STDOUT_FILENO], O_CLOEXEC) != 0) + sudo_fatal("%s", U_("unable to create pipe")); + io_buf_new(io_pipe[STDOUT_FILENO][0], STDOUT_FILENO, + log_stdout, read_callback, write_callback, ec); + } + } + if (interpose[STDERR_FILENO]) { + if (!fd_matches_tty(STDERR_FILENO, tty_sb, &sb)) { + sudo_debug_printf(SUDO_DEBUG_INFO, + "stderr not user's tty, creating a pipe"); + if (pipe2(io_pipe[STDERR_FILENO], O_CLOEXEC) != 0) + sudo_fatal("%s", U_("unable to create pipe")); + io_buf_new(io_pipe[STDERR_FILENO][0], STDERR_FILENO, + log_stderr, read_callback, write_callback, ec); + } + } + if (want_winch) { + /* Need /dev/tty for SIGWINCH handling. */ + io_fds[SFD_USERTTY] = open(_PATH_TTY, O_RDWR); + } +} + +/* + * Execute a command and wait for it to finish. + */ +void +exec_nopty(struct command_details *details, + const struct user_details *user_details, + struct sudo_event_base *evbase, struct command_status *cstat) +{ + int io_pipe[3][2] = { { -1, -1 }, { -1, -1 }, { -1, -1 } }; + int errpipe[2], intercept_sv[2] = { -1, -1 }; + struct exec_closure ec = { 0 }; + sigset_t set, oset; + debug_decl(exec_nopty, SUDO_DEBUG_EXEC); + + /* + * The policy plugin's session init must be run before we fork + * or certain pam modules won't be able to track their state. + */ + if (policy_init_session(details) != true) + sudo_fatalx("%s", U_("policy plugin failed session initialization")); + + /* + * We use a pipe to get errno if execve(2) fails in the child. + */ + if (pipe2(errpipe, O_CLOEXEC) != 0) + sudo_fatal("%s", U_("unable to create pipe")); + + if (ISSET(details->flags, CD_INTERCEPT|CD_LOG_SUBCMDS)) { + if (!ISSET(details->flags, CD_USE_PTRACE)) { + /* + * Allocate a socketpair for communicating with sudo_intercept.so. + * This must be inherited across exec, hence no FD_CLOEXEC. + */ + if (socketpair(PF_UNIX, SOCK_STREAM, 0, intercept_sv) == -1) + sudo_fatal("%s", U_("unable to create sockets")); + } + } + + /* Interpose std{in,out,err} with pipes if logging I/O. */ + interpose_pipes(&ec, user_details->tty, io_pipe); + + /* + * Block signals until we have our handlers setup in the parent so + * we don't miss SIGCHLD if the command exits immediately. + */ + sigfillset(&set); + sigprocmask(SIG_BLOCK, &set, &oset); + + /* Check for early termination or suspend signals before we fork. */ + if (sudo_terminated(cstat)) { + sigprocmask(SIG_SETMASK, &oset, NULL); + debug_return; + } + +#ifdef HAVE_SELINUX + if (ISSET(details->flags, CD_RBAC_ENABLED)) { + if (selinux_relabel_tty(details->tty, -1) == -1) { + cstat->type = CMD_ERRNO; + cstat->val = errno; + debug_return; + } + selinux_audit_role_change(); + } +#endif + + ec.cmnd_pid = sudo_debug_fork(); + switch (ec.cmnd_pid) { + case -1: + sudo_fatal("%s", U_("unable to fork")); + break; + case 0: + /* child */ + close(errpipe[0]); + if (intercept_sv[0] != -1) + close(intercept_sv[0]); + /* Replace stdin/stdout/stderr with pipes as needed and exec. */ + if (io_pipe[STDIN_FILENO][0] != -1) { + if (dup3(io_pipe[STDIN_FILENO][0], STDIN_FILENO, 0) == -1) + sudo_fatal("dup3"); + close(io_pipe[STDIN_FILENO][0]); + close(io_pipe[STDIN_FILENO][1]); + } + if (io_pipe[STDOUT_FILENO][0] != -1) { + if (dup3(io_pipe[STDOUT_FILENO][1], STDOUT_FILENO, 0) == -1) + sudo_fatal("dup3"); + close(io_pipe[STDOUT_FILENO][0]); + close(io_pipe[STDOUT_FILENO][1]); + } + if (io_pipe[STDERR_FILENO][0] != -1) { + if (dup3(io_pipe[STDERR_FILENO][1], STDERR_FILENO, 0) == -1) + sudo_fatal("dup3"); + close(io_pipe[STDERR_FILENO][0]); + close(io_pipe[STDERR_FILENO][1]); + } + exec_cmnd(details, &oset, intercept_sv[1], errpipe[1]); + while (write(errpipe[1], &errno, sizeof(int)) == -1) { + if (errno != EINTR) + break; + } + sudo_debug_exit_int(__func__, __FILE__, __LINE__, sudo_debug_subsys, 1); + _exit(EXIT_FAILURE); + /* NOTREACHED */ + } + sudo_debug_printf(SUDO_DEBUG_INFO, "executed %s, pid %d", details->command, + (int)ec.cmnd_pid); + /* Close the other end of the pipes and socketpairs. */ + if (io_pipe[STDIN_FILENO][0] != -1) + close(io_pipe[STDIN_FILENO][0]); + if (io_pipe[STDOUT_FILENO][1] != -1) + close(io_pipe[STDOUT_FILENO][1]); + if (io_pipe[STDERR_FILENO][1] != -1) + close(io_pipe[STDERR_FILENO][1]); + close(errpipe[1]); + if (intercept_sv[1] != -1) + close(intercept_sv[1]); + + /* No longer need execfd. */ + if (details->execfd != -1) { + close(details->execfd); + details->execfd = -1; + } + + /* Set command timeout if specified. */ + if (ISSET(details->flags, CD_SET_TIMEOUT)) + alarm(details->timeout); + + /* + * Fill in exec closure, allocate event base, signal events and + * the error pipe event. + */ + fill_exec_closure(&ec, cstat, details, user_details, evbase, errpipe[0]); + + if (ISSET(details->flags, CD_INTERCEPT|CD_LOG_SUBCMDS)) { + int rc = 1; + + /* Create event and closure for intercept mode. */ + ec.intercept = intercept_setup(intercept_sv[0], ec.evbase, details); + if (ec.intercept == NULL) { + rc = -1; + } else if (ISSET(details->flags, CD_USE_PTRACE)) { + /* Try to seize control of the command using ptrace(2). */ + rc = exec_ptrace_seize(ec.cmnd_pid); + if (rc == 0) { + /* There is another tracer present. */ + CLR(details->flags, CD_INTERCEPT|CD_LOG_SUBCMDS|CD_USE_PTRACE); + } + } + if (rc == -1) + terminate_command(ec.cmnd_pid, false); + } + + /* Enable any I/O log events. */ + add_io_events(&ec); + + /* Restore signal mask now that signal handlers are setup. */ + sigprocmask(SIG_SETMASK, &oset, NULL); + + /* + * Non-pty event loop. + * Wait for command to exit, handles signals and the error pipe. + */ + if (sudo_ev_dispatch(ec.evbase) == -1) + sudo_warn("%s", U_("error in event loop")); + if (sudo_ev_got_break(ec.evbase)) { + /* error from callback */ + sudo_debug_printf(SUDO_DEBUG_ERROR, "event loop exited prematurely"); + /* kill command */ + terminate_command(ec.cmnd_pid, false); + ec.cmnd_pid = -1; + } + +#ifdef HAVE_SELINUX + if (ISSET(details->flags, CD_RBAC_ENABLED)) { + if (selinux_restore_tty() != 0) + sudo_warnx("%s", U_("unable to restore tty label")); + } +#endif + + /* Flush any remaining output. */ + del_io_events(true); + + /* Free things up. */ + free_io_bufs(); + free_exec_closure(&ec); + + debug_return; +} + +/* + * Wait for command status after receiving SIGCHLD. + * If the command exits, fill in cstat and stop the event loop. + * If the command stops, save the tty pgrp, suspend sudo, then restore + * the tty pgrp when sudo resumes. + */ +static void +handle_sigchld_nopty(struct exec_closure *ec) +{ + pid_t pid; + int status; + char signame[SIG2STR_MAX]; + debug_decl(handle_sigchld_nopty, SUDO_DEBUG_EXEC); + + /* There may be multiple children in intercept mode. */ + for (;;) { + do { + pid = waitpid(-1, &status, __WALL|WUNTRACED|WNOHANG); + } while (pid == -1 && errno == EINTR); + switch (pid) { + case -1: + if (errno != ECHILD) { + sudo_warn(U_("%s: %s"), __func__, "waitpid"); + debug_return; + } + FALLTHROUGH; + case 0: + /* Nothing left to wait for. */ + debug_return; + } + + if (WIFSTOPPED(status)) { + const int signo = WSTOPSIG(status); + + if (sig2str(signo, signame) == -1) + (void)snprintf(signame, sizeof(signame), "%d", signo); + sudo_debug_printf(SUDO_DEBUG_INFO, + "%s: process %d stopped, SIG%s", __func__, (int)pid, signame); + + if (ISSET(ec->details->flags, CD_USE_PTRACE)) { + /* If not a group-stop signal, just continue. */ + if (!exec_ptrace_stopped(pid, status, ec->intercept)) + continue; + } + + /* If the main command is suspended, suspend sudo too. */ + if (pid == ec->cmnd_pid) { + sudo_suspend_parent(signo, ec->sudo_pid, ec->ppgrp, + ec->cmnd_pid, ec, log_suspend); + } + } else { + if (WIFSIGNALED(status)) { + if (sig2str(WTERMSIG(status), signame) == -1) { + (void)snprintf(signame, sizeof(signame), "%d", + WTERMSIG(status)); + } + sudo_debug_printf(SUDO_DEBUG_INFO, + "%s: process %d killed, SIG%s", __func__, + (int)pid, signame); + } else if (WIFEXITED(status)) { + sudo_debug_printf(SUDO_DEBUG_INFO, + "%s: process %d exited: %d", __func__, + (int)pid, WEXITSTATUS(status)); + } else { + sudo_debug_printf(SUDO_DEBUG_WARN, + "%s: unexpected wait status 0x%x for process %d", + __func__, status, (int)pid); + } + + /* Only store exit status of the main command. */ + if (pid != ec->cmnd_pid) + continue; + + /* Don't overwrite execve() failure with command exit status. */ + if (ec->cstat->type == CMD_INVALID) { + ec->cstat->type = CMD_WSTATUS; + ec->cstat->val = status; + } else { + sudo_debug_printf(SUDO_DEBUG_WARN, + "%s: not overwriting command status %d,%d with %d,%d", + __func__, ec->cstat->type, ec->cstat->val, + CMD_WSTATUS, status); + } + ec->cmnd_pid = -1; + } + } +} |