This patch will upgrade Sudo version 1.7.10 patchlevel 5 to Sudo version 1.7.10 patchlevel 6. To apply: $ cd sudo-1.7.10p5 $ patch -p1 < sudo-1.7.10p6.patch diff -urNa sudo-1.7.10p5/ChangeLog sudo-1.7.10p6/ChangeLog --- sudo-1.7.10p5/ChangeLog Thu Jan 31 16:13:55 2013 +++ sudo-1.7.10p6/ChangeLog Sun Feb 10 18:44:50 2013 @@ -1,8 +1,35 @@ +2013-02-10 Todd C. Miller + + * .hgtags: + Added tag SUDO_1_7_10p6 for changeset 882475dfa47c + [5317840e3275] [tip] <1.7> + + * NEWS, configure, configure.in: + Sudo 1.7.10p6 + [882475dfa47c] [SUDO_1_7_10p6] <1.7> + + * INSTALL.configure: + Sync with autoconf 2.68 + [dde57bdf3274] <1.7> + + * sudo.c: + Move call the save_signals() to before SIGINT, SIGQUIT and SIGTSTP + are set to SIG_IGN. + [52cc6817ffba] <1.7> + +2013-02-08 Todd C. Miller + + * check.c, config.h.in, configure, configure.in, sudo.c, sudo.h: + Store the session ID in the tty ticket file too. A tty may only be + in one session at a time so if the session ID doesn't match we + ignore the ticket. + [0c0283d1fafa] <1.7> + 2013-01-31 Todd C. Miller * .hgtags: Added tag SUDO_1_7_10p5 for changeset 765958d9ee1e - [36f1598f6c3c] [tip] <1.7> + [36f1598f6c3c] <1.7> * NEWS, configure, configure.in: Sudo 1.7.10p5 diff -urNa sudo-1.7.10p5/INSTALL.configure sudo-1.7.10p6/INSTALL.configure --- sudo-1.7.10p5/INSTALL.configure Tue Sep 18 09:56:28 2012 +++ sudo-1.7.10p6/INSTALL.configure Sun Feb 10 18:35:56 2013 @@ -1,48 +1,80 @@ +Installation Instructions +************************* + +Copyright (C) 1994, 1995, 1996, 1999, 2000, 2001, 2002, 2004, 2005, +2006, 2007, 2008, 2009, 2010 Free Software Foundation, Inc. + + Copying and distribution of this file, with or without modification, +are permitted in any medium without royalty provided the copyright +notice and this notice are preserved. This file is offered as-is, +without warranty of any kind. + Basic Installation ================== - These are generic installation instructions. + Briefly, the shell commands `./configure; make; make install' should +configure, build, and install this package. The following +more-detailed instructions are generic; see the `README' file for +instructions specific to this package. Some packages provide this +`INSTALL' file but do not implement all of the features documented +below. The lack of an optional feature in a given package is not +necessarily a bug. More recommendations for GNU packages can be found +in *note Makefile Conventions: (standards)Makefile Conventions. The `configure' shell script attempts to guess correct values for various system-dependent variables used during compilation. It uses those values to create a `Makefile' in each directory of the package. It may also create one or more `.h' files containing system-dependent definitions. Finally, it creates a shell script `config.status' that -you can run in the future to recreate the current configuration, a file -`config.cache' that saves the results of its tests to speed up -reconfiguring, and a file `config.log' containing compiler output -(useful mainly for debugging `configure'). +you can run in the future to recreate the current configuration, and a +file `config.log' containing compiler output (useful mainly for +debugging `configure'). + It can also use an optional file (typically called `config.cache' +and enabled with `--cache-file=config.cache' or simply `-C') that saves +the results of its tests to speed up reconfiguring. Caching is +disabled by default to prevent problems with accidental use of stale +cache files. + If you need to do unusual things to compile the package, please try to figure out how `configure' could check whether to do them, and mail diffs or instructions to the address given in the `README' so they can -be considered for the next release. If at some point `config.cache' -contains results you don't want to keep, you may remove or edit it. +be considered for the next release. If you are using the cache, and at +some point `config.cache' contains results you don't want to keep, you +may remove or edit it. - The file `configure.in' is used to create `configure' by a program -called `autoconf'. You only need `configure.in' if you want to change -it or regenerate `configure' using a newer version of `autoconf'. + The file `configure.ac' (or `configure.in') is used to create +`configure' by a program called `autoconf'. You need `configure.ac' if +you want to change it or regenerate `configure' using a newer version +of `autoconf'. -The simplest way to compile this package is: + The simplest way to compile this package is: 1. `cd' to the directory containing the package's source code and type - `./configure' to configure the package for your system. If you're - using `csh' on an old version of System V, you might need to type - `sh ./configure' instead to prevent `csh' from trying to execute - `configure' itself. + `./configure' to configure the package for your system. - Running `configure' takes awhile. While running, it prints some - messages telling which features it is checking for. + Running `configure' might take a while. While running, it prints + some messages telling which features it is checking for. 2. Type `make' to compile the package. 3. Optionally, type `make check' to run any self-tests that come with - the package. + the package, generally using the just-built uninstalled binaries. 4. Type `make install' to install the programs and any data files and - documentation. + documentation. When installing into a prefix owned by root, it is + recommended that the package be configured and built as a regular + user, and only the `make install' phase executed with root + privileges. - 5. You can remove the program binaries and object files from the + 5. Optionally, type `make installcheck' to repeat any self-tests, but + this time using the binaries in their final installed location. + This target does not install anything. Running this target as a + regular user, particularly if the prior `make install' required + root privileges, verifies that the installation completed + correctly. + + 6. You can remove the program binaries and object files from the source code directory by typing `make clean'. To also remove the files that `configure' created (so you can compile the package for a different kind of computer), type `make distclean'. There is @@ -51,55 +83,119 @@ all sorts of other programs in order to regenerate files that came with the distribution. + 7. Often, you can also type `make uninstall' to remove the installed + files again. In practice, not all packages have tested that + uninstallation works correctly, even though it is required by the + GNU Coding Standards. + + 8. Some packages, particularly those that use Automake, provide `make + distcheck', which can by used by developers to test that all other + targets like `make install' and `make uninstall' work correctly. + This target is generally not run by end users. + Compilers and Options ===================== Some systems require unusual options for compilation or linking that -the `configure' script does not know about. You can give `configure' -initial values for variables by setting them in the environment. Using -a Bourne-compatible shell, you can do that on the command line like -this: - CC=c89 CFLAGS=-O2 LIBS=-lposix ./configure +the `configure' script does not know about. Run `./configure --help' +for details on some of the pertinent environment variables. -Or on systems that have the `env' program, you can do it like this: - env CPPFLAGS=-I/usr/local/include LDFLAGS=-s ./configure + You can give `configure' initial values for configuration parameters +by setting variables in the command line or in the environment. Here +is an example: + ./configure CC=c99 CFLAGS=-g LIBS=-lposix + + *Note Defining Variables::, for more details. + Compiling For Multiple Architectures ==================================== You can compile the package for more than one kind of computer at the same time, by placing the object files for each architecture in their -own directory. `cd' to the directory where you want the object files -and executables to go and run the `configure' script. `configure' -automatically checks for the source code in the directory that `configure' -is in and in `..'. +own directory. To do this, you can use GNU `make'. `cd' to the +directory where you want the object files and executables to go and run +the `configure' script. `configure' automatically checks for the +source code in the directory that `configure' is in and in `..'. This +is known as a "VPATH" build. + With a non-GNU `make', it is safer to compile the package for one +architecture at a time in the source code directory. After you have +installed the package for one architecture, use `make distclean' before +reconfiguring for another architecture. + + On MacOS X 10.5 and later systems, you can create libraries and +executables that work on multiple system types--known as "fat" or +"universal" binaries--by specifying multiple `-arch' options to the +compiler but only a single `-arch' option to the preprocessor. Like +this: + + ./configure CC="gcc -arch i386 -arch x86_64 -arch ppc -arch ppc64" \ + CXX="g++ -arch i386 -arch x86_64 -arch ppc -arch ppc64" \ + CPP="gcc -E" CXXCPP="g++ -E" + + This is not guaranteed to produce working output in all cases, you +may have to build one architecture at a time and combine the results +using the `lipo' tool if you have problems. + Installation Names ================== - By default, `make install' will install the package's files in -`/usr/local/bin', `/usr/local/man', etc. You can specify an -installation prefix other than `/usr/local' by giving `configure' the -option `--prefix=PATH'. + By default, `make install' installs the package's commands under +`/usr/local/bin', include files under `/usr/local/include', etc. You +can specify an installation prefix other than `/usr/local' by giving +`configure' the option `--prefix=PREFIX', where PREFIX must be an +absolute file name. You can specify separate installation prefixes for architecture-specific files and architecture-independent files. If you -give `configure' the option `--exec-prefix=PATH', the package will use -PATH as the prefix for installing programs and libraries. -Documentation and other data files will still use the regular prefix. +pass the option `--exec-prefix=PREFIX' to `configure', the package uses +PREFIX as the prefix for installing programs and libraries. +Documentation and other data files still use the regular prefix. In addition, if you use an unusual directory layout you can give -options like `--bindir=PATH' to specify different values for particular +options like `--bindir=DIR' to specify different values for particular kinds of files. Run `configure --help' for a list of the directories -you can set and what kinds of files go in them. +you can set and what kinds of files go in them. In general, the +default for these options is expressed in terms of `${prefix}', so that +specifying just `--prefix' will affect all of the other directory +specifications that were not explicitly provided. - If the package supports it, you can cause programs to be installed -with an extra prefix or suffix on their names by giving `configure' the -option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'. + The most portable way to affect installation locations is to pass the +correct locations to `configure'; however, many packages provide one or +both of the following shortcuts of passing variable assignments to the +`make install' command line to change installation locations without +having to reconfigure or recompile. + The first method involves providing an override variable for each +affected directory. For example, `make install +prefix=/alternate/directory' will choose an alternate location for all +directory configuration variables that were expressed in terms of +`${prefix}'. Any directories that were specified during `configure', +but not in terms of `${prefix}', must each be overridden at install +time for the entire installation to be relocated. The approach of +makefile variable overrides for each directory variable is required by +the GNU Coding Standards, and ideally causes no recompilation. +However, some platforms have known limitations with the semantics of +shared libraries that end up requiring recompilation when using this +method, particularly noticeable in packages that use GNU Libtool. + + The second method involves providing the `DESTDIR' variable. For +example, `make install DESTDIR=/alternate/directory' will prepend +`/alternate/directory' before all installation names. The approach of +`DESTDIR' overrides is not required by the GNU Coding Standards, and +does not work on platforms that have drive letters. On the other hand, +it does better at avoiding recompilation issues, and works well even +when some directory options were not specified in terms of `${prefix}' +at `configure' time. + Optional Features ================= + If the package supports it, you can cause programs to be installed +with an extra prefix or suffix on their names by giving `configure' the +option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'. + Some packages pay attention to `--enable-FEATURE' options to `configure', where FEATURE indicates an optional part of the package. They may also pay attention to `--with-PACKAGE' options, where PACKAGE @@ -112,26 +208,76 @@ you can use the `configure' options `--x-includes=DIR' and `--x-libraries=DIR' to specify their locations. + Some packages offer the ability to configure how verbose the +execution of `make' will be. For these packages, running `./configure +--enable-silent-rules' sets the default to minimal output, which can be +overridden with `make V=1'; while running `./configure +--disable-silent-rules' sets the default to verbose, which can be +overridden with `make V=0'. + +Particular systems +================== + + On HP-UX, the default C compiler is not ANSI C compatible. If GNU +CC is not installed, it is recommended to use the following options in +order to use an ANSI C compiler: + + ./configure CC="cc -Ae -D_XOPEN_SOURCE=500" + +and if that doesn't work, install pre-built binaries of GCC for HP-UX. + + On OSF/1 a.k.a. Tru64, some versions of the default C compiler cannot +parse its `' header file. The option `-nodtk' can be used as +a workaround. If GNU CC is not installed, it is therefore recommended +to try + + ./configure CC="cc" + +and if that doesn't work, try + + ./configure CC="cc -nodtk" + + On Solaris, don't put `/usr/ucb' early in your `PATH'. This +directory contains several dysfunctional programs; working variants of +these programs are available in `/usr/bin'. So, if you need `/usr/ucb' +in your `PATH', put it _after_ `/usr/bin'. + + On Haiku, software installed for all users goes in `/boot/common', +not `/usr/local'. It is recommended to use the following options: + + ./configure --prefix=/boot/common + Specifying the System Type ========================== - There may be some features `configure' can not figure out -automatically, but needs to determine by the type of host the package -will run on. Usually `configure' can figure that out, but if it prints -a message saying it can not guess the host type, give it the -`--host=TYPE' option. TYPE can either be a short name for the system -type, such as `sun4', or a canonical name with three fields: + There may be some features `configure' cannot figure out +automatically, but needs to determine by the type of machine the package +will run on. Usually, assuming the package is built to be run on the +_same_ architectures, `configure' can figure that out, but if it prints +a message saying it cannot guess the machine type, give it the +`--build=TYPE' option. TYPE can either be a short name for the system +type, such as `sun4', or a canonical name which has the form: + CPU-COMPANY-SYSTEM -See the file `config.sub' for the possible values of each field. If +where SYSTEM can have one of these forms: + + OS + KERNEL-OS + + See the file `config.sub' for the possible values of each field. If `config.sub' isn't included in this package, then this package doesn't -need to know the host type. +need to know the machine type. - If you are building compiler tools for cross-compiling, you can also -use the `--target=TYPE' option to select the type of system they will -produce code for and the `--build=TYPE' option to select the type of -system on which you are compiling the package. + If you are _building_ compiler tools for cross-compiling, you should +use the option `--target=TYPE' to select the type of system they will +produce code for. + If you want to _use_ a cross compiler, that generates code for a +platform different from the build platform, you should specify the +"host" platform (i.e., that on which the generated programs will +eventually be run) with `--host=TYPE'. + Sharing Defaults ================ @@ -143,32 +289,77 @@ `CONFIG_SITE' environment variable to the location of the site script. A warning: not all `configure' scripts look for a site script. -Operation Controls +Defining Variables ================== + Variables not defined in a site shell script can be set in the +environment passed to `configure'. However, some packages may run +configure again during the build, and the customized values of these +variables may be lost. In order to avoid this problem, you should set +them in the `configure' command line, using `VAR=value'. For example: + + ./configure CC=/usr/local2/bin/gcc + +causes the specified `gcc' to be used as the C compiler (unless it is +overridden in the site shell script). + +Unfortunately, this technique does not work for `CONFIG_SHELL' due to +an Autoconf bug. Until the bug is fixed you can use this workaround: + + CONFIG_SHELL=/bin/bash /bin/bash ./configure CONFIG_SHELL=/bin/bash + +`configure' Invocation +====================== + `configure' recognizes the following options to control how it operates. +`--help' +`-h' + Print a summary of all of the options to `configure', and exit. + +`--help=short' +`--help=recursive' + Print a summary of the options unique to this package's + `configure', and exit. The `short' variant lists options used + only in the top level, while the `recursive' variant lists options + also present in any nested packages. + +`--version' +`-V' + Print the version of Autoconf used to generate the `configure' + script, and exit. + `--cache-file=FILE' - Use and save the results of the tests in FILE instead of - `./config.cache'. Set FILE to `/dev/null' to disable caching, for - debugging `configure'. + Enable the cache: use and save the results of the tests in FILE, + traditionally `config.cache'. FILE defaults to `/dev/null' to + disable caching. -`--help' - Print a summary of the options to `configure', and exit. +`--config-cache' +`-C' + Alias for `--cache-file=config.cache'. `--quiet' `--silent' `-q' - Do not print messages saying which checks are being made. + Do not print messages saying which checks are being made. To + suppress all normal output, redirect it to `/dev/null' (any error + messages will still be shown). `--srcdir=DIR' Look for the package's source code in directory DIR. Usually `configure' can determine that directory automatically. -`--version' - Print the version of Autoconf used to generate the `configure' - script, and exit. +`--prefix=DIR' + Use DIR as the installation prefix. *note Installation Names:: + for more details, including other options available for fine-tuning + the installation locations. -`configure' also accepts some other, not widely useful, options. +`--no-create' +`-n' + Run the configure checks, but stop before creating any output + files. + +`configure' also accepts some other, not widely useful, options. Run +`configure --help' for more details. diff -urNa sudo-1.7.10p5/NEWS sudo-1.7.10p6/NEWS --- sudo-1.7.10p5/NEWS Thu Jan 31 16:07:56 2013 +++ sudo-1.7.10p6/NEWS Sun Feb 10 18:42:26 2013 @@ -1,3 +1,14 @@ +What's new in Sudo 1.7.10p6? + + * Fixed the restoration of SIGINT, SIGQUIT and SIGTSTP. This + is a regression introduced in version 1.7.10p4. + + * The tty-specific time stamp file now includes the session ID + of the sudo process that created it. If a process with the same + tty but a different session ID runs sudo, the user will now be + prompted for a password (assuming authentication is required for + the command). + What's new in Sudo 1.7.10p5? * On systems where the controlling tty can be determined via /proc diff -urNa sudo-1.7.10p5/check.c sudo-1.7.10p6/check.c --- sudo-1.7.10p5/check.c Tue Sep 18 10:00:09 2012 +++ sudo-1.7.10p6/check.c Fri Feb 8 10:35:46 2013 @@ -82,6 +82,7 @@ dev_t rdev; /* tty device ID */ ino_t ino; /* tty inode number */ struct timeval ctime; /* tty inode change time */ + pid_t sid; /* ID of session with controlling tty */ } tty_info; static int build_timestamp __P((char **, char **)); @@ -133,13 +134,14 @@ if (ISSET(mode, MODE_INVALIDATE)) SET(validated, FLAG_CHECK_USER); - /* Stash the tty's ctime for tty ticket comparison. */ + /* Stash the tty's device, session ID and ctime for ticket comparison. */ if (def_tty_tickets && user_ttypath && stat(user_ttypath, &sb) == 0) { tty_info.dev = sb.st_dev; tty_info.ino = sb.st_ino; tty_info.rdev = sb.st_rdev; if (tty_is_devpts(user_ttypath)) ctim_get(&sb, &tty_info.ctime); + tty_info.sid = user_sid; } if (build_timestamp(×tampdir, ×tampfile) == -1) { diff -urNa sudo-1.7.10p5/config.h.in sudo-1.7.10p6/config.h.in --- sudo-1.7.10p5/config.h.in Tue Sep 18 10:00:09 2012 +++ sudo-1.7.10p6/config.h.in Fri Feb 8 10:33:54 2013 @@ -174,6 +174,9 @@ passwords) */ #undef HAVE_GETPWANAM +/* Define to 1 if you have the `getsid' function. */ +#undef HAVE_GETSID + /* Define to 1 if you have the `getspnam' function (SVR4-style shadow passwords) */ #undef HAVE_GETSPNAM diff -urNa sudo-1.7.10p5/configure sudo-1.7.10p6/configure --- sudo-1.7.10p5/configure Thu Jan 31 11:39:23 2013 +++ sudo-1.7.10p6/configure Sun Feb 10 18:35:47 2013 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.68 for sudo 1.7.10p5. +# Generated by GNU Autoconf 2.68 for sudo 1.7.10p6. # # Report bugs to . # @@ -570,8 +570,8 @@ # Identity of this package. PACKAGE_NAME='sudo' PACKAGE_TARNAME='sudo' -PACKAGE_VERSION='1.7.10p5' -PACKAGE_STRING='sudo 1.7.10p5' +PACKAGE_VERSION='1.7.10p6' +PACKAGE_STRING='sudo 1.7.10p6' PACKAGE_BUGREPORT='http://www.sudo.ws/bugs/' PACKAGE_URL='' @@ -1447,7 +1447,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures sudo 1.7.10p5 to adapt to many kinds of systems. +\`configure' configures sudo 1.7.10p6 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1512,7 +1512,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of sudo 1.7.10p5:";; + short | recursive ) echo "Configuration of sudo 1.7.10p6:";; esac cat <<\_ACEOF @@ -1737,7 +1737,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -sudo configure 1.7.10p5 +sudo configure 1.7.10p6 generated by GNU Autoconf 2.68 Copyright (C) 2010 Free Software Foundation, Inc. @@ -2441,7 +2441,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by sudo $as_me 1.7.10p5, which was +It was created by sudo $as_me 1.7.10p6, which was generated by GNU Autoconf 2.68. Invocation command line was $ $0 $@ @@ -16245,7 +16245,7 @@ for ac_func in glob strchr strrchr memchr memcpy memset sysconf tzset \ strftime setrlimit initgroups getgroups fstat gettimeofday \ - regcomp setlocale nl_langinfo getaddrinfo setenv \ + regcomp setlocale nl_langinfo getaddrinfo getsid setenv \ mbr_check_membership setrlimit64 do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` @@ -20835,7 +20835,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by sudo $as_me 1.7.10p5, which was +This file was extended by sudo $as_me 1.7.10p6, which was generated by GNU Autoconf 2.68. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -20901,7 +20901,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -sudo config.status 1.7.10p5 +sudo config.status 1.7.10p6 configured by $0, generated by GNU Autoconf 2.68, with options \\"\$ac_cs_config\\" diff -urNa sudo-1.7.10p5/configure.in sudo-1.7.10p6/configure.in --- sudo-1.7.10p5/configure.in Thu Jan 31 11:13:08 2013 +++ sudo-1.7.10p6/configure.in Sun Feb 10 18:35:37 2013 @@ -3,7 +3,7 @@ dnl dnl Copyright (c) 1994-1996,1998-2012 Todd C. Miller dnl -AC_INIT([sudo], [1.7.10p5], [http://www.sudo.ws/bugs/], [sudo]) +AC_INIT([sudo], [1.7.10p6], [http://www.sudo.ws/bugs/], [sudo]) AC_CONFIG_HEADER(config.h pathnames.h zlib/zconf.h) dnl dnl Note: this must come after AC_INIT @@ -2066,7 +2066,7 @@ AC_FUNC_GETGROUPS AC_CHECK_FUNCS(glob strchr strrchr memchr memcpy memset sysconf tzset \ strftime setrlimit initgroups getgroups fstat gettimeofday \ - regcomp setlocale nl_langinfo getaddrinfo setenv \ + regcomp setlocale nl_langinfo getaddrinfo getsid setenv \ mbr_check_membership setrlimit64) AC_CHECK_FUNCS(getline, [], [ AC_LIBOBJ(getline) diff -urNa sudo-1.7.10p5/sudo.c sudo-1.7.10p6/sudo.c --- sudo-1.7.10p5/sudo.c Tue Jan 15 14:53:44 2013 +++ sudo-1.7.10p6/sudo.c Sun Feb 10 18:23:20 2013 @@ -211,6 +211,7 @@ * us at some point and avoid the logging. * Install handler to wait for children when they exit. */ + save_signals(); zero_bytes(&sa, sizeof(sa)); sigemptyset(&sa.sa_mask); sa.sa_flags = SA_RESTART; @@ -692,6 +693,9 @@ #ifdef HAVE_MBR_CHECK_MEMBERSHIP mbr_uid_to_uuid(user_uid, user_uuid); #endif +#ifdef HAVE_GETSID + user_sid = getsid(0); +#endif if (user_shell == NULL || *user_shell == '\0') user_shell = estrdup(sudo_user.pw->pw_shell); @@ -1110,7 +1114,6 @@ /* Reset signal mask and save signal state. */ (void) sigemptyset(&mask); (void) sigprocmask(SIG_SETMASK, &mask, NULL); - save_signals(); #if defined(__linux__) /* diff -urNa sudo-1.7.10p5/sudo.h sudo-1.7.10p6/sudo.h --- sudo-1.7.10p5/sudo.h Tue Nov 13 09:54:29 2012 +++ sudo-1.7.10p6/sudo.h Fri Feb 8 10:32:32 2013 @@ -60,6 +60,7 @@ char *krb5_ccname; char *display; char *askpass; + pid_t sid; int ngroups; GETGROUPS_T *groups; struct list_member *env_vars; @@ -166,6 +167,7 @@ #define user_shell (sudo_user.shell) #define user_ngroups (sudo_user.ngroups) #define user_groups (sudo_user.groups) +#define user_sid (sudo_user.sid) #define user_tty (sudo_user.tty) #define user_ttypath (sudo_user.ttypath) #define user_cwd (sudo_user.cwd)