Linux sets si_pid in struct siginfo to 0 when the process that sent

the signal is in a different container since the PID namespaces in
different conatiners are separate.  Avoid looking up the process
group by id when si_pid is 0 since getpgid(0) returns the process
group of the current process.  Since sudo ignores signals sent
by processes in its own process group, this had the effect of
ignoring signals sent from other containers.  From Maarten de Vries

diff --git a/doc/CONTRIBUTORS b/doc/CONTRIBUTORS
index b4b1ad695c798960862835a5e0d074cdbf6e2abe..09261071b2a8e1e46dd11a956c9fcfaf792993df 100644 (file)
--- a/doc/CONTRIBUTORS
+++ b/doc/CONTRIBUTORS
@@ -157,6 +157,7 @@ you believe you should be listed, please send a note to sudo@sudo.ws.
     Valery, Reznic
     Van Dinter, Theo
     Venckus, Martynas
+    de Vries, Maarten
     Wagner, Klaus
     Walsh, Dan
     Warburton, John

diff --git a/src/exec.c b/src/exec.c
index b518bae71859ebca9d1ef437a7aa0738e6a21334..4e4046a6a47acd48f037edb428e91e297b53e1e2 100644 (file)
--- a/src/exec.c
+++ b/src/exec.c
@@ -887,7 +887,7 @@ handler(int s, siginfo_t *info, void *context)
      * kill itself.  For example, this can happen with some versions of
      * reboot that call kill(-1, SIGTERM) to kill all other processes.
      */
-    if (s != SIGCHLD && USER_SIGNALED(info)) {
+    if (s != SIGCHLD && USER_SIGNALED(info) && info->si_pid != 0) {
        pid_t si_pgrp = getpgid(info->si_pid);
        if (si_pgrp != (pid_t)-1) {
            if (si_pgrp == ppgrp || si_pgrp == cmnd_pid)
@@ -934,7 +934,6 @@ static void
 handler_user_only(int s, siginfo_t *info, void *context)
 {
     unsigned char signo = (unsigned char)s;
-    pid_t si_pgrp;
 
     /*
      * Only forward user-generated signals not sent by a process in
@@ -945,11 +944,14 @@ handler_user_only(int s, siginfo_t *info, void *context)
      */
     if (!USER_SIGNALED(info))
        return;
-    if ((si_pgrp = getpgid(info->si_pid)) != (pid_t)-1) {
-       if (si_pgrp == ppgrp || si_pgrp == cmnd_pid)
-           return;
-    } else if (info->si_pid == cmnd_pid) {
+    if (info->si_pid != 0) {
+       pid_t si_pgrp = getpgid(info->si_pid);
+       if (si_pgrp != (pid_t)-1) {
+           if (si_pgrp == ppgrp || si_pgrp == cmnd_pid)
+               return;
+       } else if (info->si_pid == cmnd_pid) {
            return;
+       }
     }
 
     /*

diff --git a/src/exec_pty.c b/src/exec_pty.c
index f61658d2b70d7bb4854f625ee7e831431ace4d42..fc49e17f9860d6275c71f7149020f87bdc3022d8 100644 (file)
--- a/src/exec_pty.c
+++ b/src/exec_pty.c
@@ -135,7 +135,7 @@ mon_handler(int s, siginfo_t *info, void *context)
      * itself.  This can happen with, e.g., BSD-derived versions of
      * reboot that call kill(-1, SIGTERM) to kill all other processes.
      */
-    if (s != SIGCHLD && USER_SIGNALED(info)) {
+    if (s != SIGCHLD && USER_SIGNALED(info) && info->si_pid != 0) {
        pid_t si_pgrp = getpgid(info->si_pid);
        if (si_pgrp != (pid_t)-1) {
            if (si_pgrp == cmnd_pgrp)