Bugzilla – Bug 687
sudo: tgetpass doesn't restore SIGPIPE's action
Last modified: 2015-03-21 19:17:38 MDT
Created attachment 444 [details] patch: properly restore SIGPIPE's action Hello. Slackware 14.1 recently bumped its sudo version from 1.8.6p8 to 1.8.12 to address CVE-2014-9680. After the upgrade, gaining root via 'sudo -i' and running makewhatis causes gzip (called by makewhatis) to throw a bunch of EPIPEs (see original report: https://tinyurl.com/mmmdrcx). Gzip was not receiving SIGPIPE and after some digging I discovered the source of the problem is a long-standing bug in sudo's tgetpass: SIGPIPE's signal action is not properly restored. Sudo 1.8.6p8 also has the bug but in that version a more liberal restore_signals restores the action before exec. Attached patch against HEAD@20150301 fixes the bug. To repro, run this script after switching to root with "sudo -i" (make sure to traverse the password-getting code): ----------------- #!/bin/bash trap "{ echo Success ; exit 0; }" SIGPIPE kill -s PIPE "$$" echo "Failure" exit 1 ----------------- --mancha
Created attachment 445 [details] patch: properly restore SIGPIPE's action
Committed, thanks.
Fixed in sudo 1.8.13, available now.