[sudo-workers] SIGINT signal before exec

Todd C. Miller Todd.Miller at courtesan.com
Thu Feb 2 07:16:13 MST 2017


Keep in mind that a non-root user cannot send SIGINT to a setuid
process other than via the keyboard (^C).

Sudo does not currently block SIGINT during authentication but it
is probably best not to rely on this.

You must also restore the original signal handler and mask when
your module finishes.  Seomthing like this should work:

    sigset_t mask, omask;
    struct sigaction sa, saved_sigint;

    /* Set handler first. */
    memset(&sa, 0, sizeof(sa));
    sa.sa_flags = 0; /* no SA_RESTART */
    sa.sa_handler = sigint_handler;
    sigemptyset(&mask.sa_mask);
    sigaction(SIGINT, &sa, &saved_sigint);

    /* Unmask SIGINT */
    sigemptyset(&mask);
    sigaddset(&mask, SIGINT);
    sigprocmask(SIG_UNBLOCK, &mask, &omask);    

    /* module logic... */

    /* Restore signal mask and handler */
    sigprocmask(SIG_SETMASK, &omask, NULL);    
    sigaction(SIGINT, &saved_sigint, NULL);

This is effectively what sudo itself does to catch ^C when reading
the password.

 - todd


More information about the sudo-workers mailing list