From 7f99af859a5e8bfbfa1104306f28ce0e9a1e3fed Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Fri, 22 Dec 2017 11:10:22 -0700 Subject: [PATCH] Use a tty lock even for kernel time stamps so we can avoid simultaneous password prompts. --- plugins/sudoers/timestamp.c | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/plugins/sudoers/timestamp.c b/plugins/sudoers/timestamp.c index d2cd3a705..8a6f8e4e2 100644 --- a/plugins/sudoers/timestamp.c +++ b/plugins/sudoers/timestamp.c @@ -393,7 +393,8 @@ timestamp_open(const char *user, pid_t sid) fd = open(_PATH_TTY, O_RDWR); if (fd == -1) goto bad; - goto done; + close(fd); + fd = -1; } /* Sanity check timestamp dir and create if missing. */ @@ -443,7 +444,6 @@ timestamp_open(const char *user, pid_t sid) break; } -done: /* Allocate and fill in cookie to store state. */ cookie = malloc(sizeof(*cookie)); if (cookie == NULL) { @@ -599,11 +599,6 @@ timestamp_lock(void *vcookie, struct passwd *pw) debug_return_bool(false); } - if (def_timestamp_type == kernel) { - cookie->pos = 0; - debug_return_bool(true); - } - /* * Take a lock on the "write" record (the first record in the file). * This will let us seek for the record or extend as needed @@ -651,7 +646,8 @@ timestamp_lock(void *vcookie, struct passwd *pw) lock_pos = lseek(cookie->fd, 0, SEEK_CUR) - (off_t)entry.size; } else { sudo_debug_printf(SUDO_DEBUG_DEBUG|SUDO_DEBUG_LINENO, - "appending new tty time stamp record"); + "appending new %s time stamp record", + def_timestamp_type == ppid ? "ppid" : "tty"); lock_pos = lseek(cookie->fd, 0, SEEK_CUR); if (ts_write(cookie->fd, cookie->fname, &cookie->key, -1) == -1) debug_return_bool(false); -- 2.40.0