[sudo-users] disabling sudo fork-ing

Todd C. Miller Todd.Miller at courtesan.com
Fri Aug 20 09:14:53 EDT 2010

In message <AANLkTinJbMK2WaCQNVU5Gsq4jt3Vf83CDa+H6VO3FVqq at mail.gmail.com>
	so spake "Ciprian Dorin, Craciun" (ciprian.craciun):

>     So PAM is enabled, but the PAM session is not and from the
> changelog I've understood that this behaviour (forking and waiting) is
> enabled only when using a PAM session.

--disable-pam-session doesn't disable that, though arguably it
should.  I've added a patch at the end that should fix this.

> About the SELinux and logging I would guess no. (How do I disable
> logging?)

I/O logging is not enabled by default.

> > Currently, SIGINT, SIGTERM, SIGHUP, and
> > SIGQUIT are relayed to the child.  Adding to that list is not a
> > problem; what signals are `runit` and `daemontools` sending?
>     Strange... I think there is a problem on my part with the
> signals... Indeed it seems to relay the SIGTERM signals. (`runit` uses
> only the signals you've described.)

Try the following diff along with --disable-pam-session.

 - todd

diff -r 616509f85d6c sudo.c
--- a/sudo.c	Wed Aug 18 15:32:30 2010 -0400
+++ b/sudo.c	Fri Aug 20 09:11:56 2010 -0400
@@ -105,7 +105,7 @@
 # include "nonunix.h"
-#ifdef HAVE_PAM
+#if defined(HAVE_PAM) && !defined(NO_PAM_SESSION)
 # define CMND_WAIT	TRUE

More information about the sudo-users mailing list