Add O_NOCTTY when opening a tty device.

Explicitly disconnect from old tty before associatng with new one.

diff --git a/script.c b/script.c
index 0624977025ea1e9cfebb468ab1b17cfcd6229bad..d6953f2a5e166dc407b74bae4edca456e3da2bc7 100644 (file)
--- a/script.c
+++ b/script.c
@@ -69,6 +69,10 @@
 __unused static const char rcsid[] = "$Sudo$";
 #endif /* lint */
 
+#ifndef O_NOCTTY
+#define O_NOCTTY 0
+#endif
+
 #define SFD_MASTER 0
 #define SFD_SLAVE 1
 #define SFD_LOG 2
@@ -342,7 +346,7 @@ script_execv(path, argv)
        selinux_prefork(user_role, user_type, script_fds[SFD_SLAVE]);
        /* Re-open slave fd after it has been relabeled */
        close(script_fds[SFD_SLAVE]);
-       script_fds[SFD_SLAVE] = open(slavename, O_RDWR, 0);
+       script_fds[SFD_SLAVE] = open(slavename, O_RDWR|O_NOCTTY, 0);
        if (script_fds[SFD_SLAVE] == -1)
            log_error(USE_ERRNO, "cannot open %s", slavename);
     }
@@ -533,6 +537,14 @@ script_child(path, argv, rbac_enabled)
     char *argv[];
     int rbac_enabled;
 {
+#ifdef TIOCNOTTY
+    int fd = open(_PATH_TTY, O_RDWR|O_NOCTTY);
+    if (fd >= 0) {
+       /* Disconnect from old controlling tty. */
+       (void) ioctl(fd, TIOCNOTTY, NULL);
+       close(fd);
+    }
+#endif
     /*
      * Create new session, make slave controlling terminal and
      * point std{in,out,err} to it.
@@ -677,7 +689,7 @@ get_pty(master, slave)
        return(0);
     }
     strlcpy(slavename, line, sizeof(slavename));
-    *slave = open(slavename, O_RDWR, 0);
+    *slave = open(slavename, O_RDWR|O_NOCTTY, 0);
     if (*slave == -1) {
        close(*master);
        return(0);
@@ -716,7 +728,7 @@ get_pty(master, slave)
 #  ifdef HAVE_REVOKE
            (void) revoke(slavename);
 #  endif
-           *slave = open(slavename, O_RDWR, 0);
+           *slave = open(slavename, O_RDWR|O_NOCTTY, 0);
            if (*slave != -1)
                    return(1); /* success */
            (void) close(*master);