[sudo-users] disabling sudo fork-ing
Todd C. Miller
Todd.Miller at courtesan.com
Fri Aug 20 09:14:53 EDT 2010
In message <AANLkTinJbMK2WaCQNVU5Gsq4jt3Vf83CDa+H6VO3FVqq at mail.gmail.com>
so spake "Ciprian Dorin, Craciun" (ciprian.craciun):
> So PAM is enabled, but the PAM session is not and from the
> changelog I've understood that this behaviour (forking and waiting) is
> enabled only when using a PAM session.
--disable-pam-session doesn't disable that, though arguably it
should. I've added a patch at the end that should fix this.
> About the SELinux and logging I would guess no. (How do I disable
> logging?)
I/O logging is not enabled by default.
> > Currently, SIGINT, SIGTERM, SIGHUP, and
> > SIGQUIT are relayed to the child. Â Adding to that list is not a
> > problem; what signals are `runit` and `daemontools` sending?
>
> Strange... I think there is a problem on my part with the
> signals... Indeed it seems to relay the SIGTERM signals. (`runit` uses
> only the signals you've described.)
Try the following diff along with --disable-pam-session.
- todd
diff -r 616509f85d6c sudo.c
--- a/sudo.c Wed Aug 18 15:32:30 2010 -0400
+++ b/sudo.c Fri Aug 20 09:11:56 2010 -0400
@@ -105,7 +105,7 @@
# include "nonunix.h"
#endif
-#ifdef HAVE_PAM
+#if defined(HAVE_PAM) && !defined(NO_PAM_SESSION)
# define CMND_WAIT TRUE
#else
# define CMND_WAIT FALSE
More information about the sudo-users
mailing list