From b561d0d7ddf7e16472abd03fdada1ef2381f55cc Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@sudo.ws>
Date: Fri, 1 Dec 2017 13:43:06 -0700
Subject: [PATCH] When the command completes, make the monitor the foreground
 process group before informing the main sudo process of the command's exit
 status.  This will prevent processes started by the command (which runs in a
 different process group) from receiving SIGHUP since the kernel sends SIGHUP
 to the foreground process group associated with the terminal session.  The
 monitor has a SIGHUP handler installed so the signal is effectively ignored.

---
 src/exec_monitor.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/src/exec_monitor.c b/src/exec_monitor.c
index 470f7a069..d497f620c 100644
--- a/src/exec_monitor.c
+++ b/src/exec_monitor.c
@@ -630,6 +630,17 @@ exec_monitor(struct command_details *details, sigset_t *oset,
 	} while (pid == -1 && errno == EINTR);
 	/* XXX - update cstat with wait status? */
     }
+
+    /*
+     * Take the controlling tty.  This prevents processes spawned by the
+     * command from receiving SIGHUP when the session leader (us) exits.
+     */
+    if (tcsetpgrp(io_fds[SFD_SLAVE], mc.mon_pgrp) == -1) {
+	sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO,
+	    "%s: unable to set foreground pgrp to %d (monitor)",
+	    __func__, (int)mc.mon_pgrp);
+    }
+
     /* Send parent status. */
     send_status(backchannel, &cstat);
 
-- 
2.40.0