No need to pass signal mask to child since we unblock early.

Previously, signals were blocked until shortly before execve().
Now that signals handlers are installed early and signals are
unblocked before fork we don't need to do this.

Author: millert

src/exec.c

@@ -247,8 +247,7 @@ exec_setup(struct command_details *details, int intercept_fd, int errfd)
  * If the exec fails, cstat is filled in with the value of errno.
  */
 void
-exec_cmnd(struct command_details *details, sigset_t *mask,
-    int intercept_fd, int errfd)
+exec_cmnd(struct command_details *details, int intercept_fd, int errfd)
 {
     debug_decl(exec_cmnd, SUDO_DEBUG_EXEC);
 
@@ -262,8 +261,6 @@ exec_cmnd(struct command_details *details, sigset_t *mask,
     }
 #endif /* HAVE_PTRACE_INTERCEPT */
 
-    if (mask != NULL)
-	sigprocmask(SIG_SETMASK, mask, NULL);
     restore_signals();
     if (exec_setup(details, intercept_fd, errfd) == true) {
 	/* headed for execve() */
@@ -476,7 +473,7 @@ sudo_execute(struct command_details *details,
      */
     if (direct_exec_allowed(details)) {
 	if (!sudo_terminated(cstat)) {
-	    exec_cmnd(details, NULL, -1, -1);
+	    exec_cmnd(details, -1, -1);
 	    cstat->type = CMD_ERRNO;
 	    cstat->val = errno;
 	}

src/exec_monitor.c

@@ -345,8 +345,8 @@ mon_backchannel_cb(int fd, int what, void *v)
  * Returns only if execve() fails.
  */
 static void
-exec_cmnd_pty(struct command_details *details, sigset_t *mask,
-    bool foreground, int intercept_fd, int errfd)
+exec_cmnd_pty(struct command_details *details, bool foreground,
+    int intercept_fd, int errfd)
 {
     volatile pid_t self = getpid();
     debug_decl(exec_cmnd_pty, SUDO_DEBUG_EXEC);
@@ -396,7 +396,7 @@ exec_cmnd_pty(struct command_details *details, sigset_t *mask,
     /* Execute command; only returns on error. */
     sudo_debug_printf(SUDO_DEBUG_INFO, "executing %s in the %s",
 	details->command, foreground ? "foreground" : "background");
-    exec_cmnd(details, mask, intercept_fd, errfd);
+    exec_cmnd(details, intercept_fd, errfd);
 
     debug_return;
 }
@@ -542,12 +542,11 @@ pty_make_controlling(const char *follower)
  * resets signal handlers and forks a child to call exec_cmnd_pty().
  * Waits for status changes from the command and relays them to the
  * parent and relays signals from the parent to the command.
- * Must be called with signals blocked and the old signal mask in oset.
  * Returns an error if fork(2) fails, else calls _exit(2).
  */
 int
-exec_monitor(struct command_details *details, sigset_t *oset,
-    bool foreground, int backchannel, int intercept_fd)
+exec_monitor(struct command_details *details, bool foreground,
+    int backchannel, int intercept_fd)
 {
     struct monitor_closure mc;
     struct command_status cstat;
@@ -622,9 +621,6 @@ exec_monitor(struct command_details *details, sigset_t *oset,
      */
     init_exec_events_monitor(&mc, errsock[0]);
 
-    /* Restore signal mask now that signal handlers are setup. */
-    sigprocmask(SIG_SETMASK, oset, NULL);
-
     mc.cmnd_pid = sudo_debug_fork();
     switch (mc.cmnd_pid) {
     case -1:
@@ -641,7 +637,7 @@ exec_monitor(struct command_details *details, sigset_t *oset,
 	close(backchannel);
 	close(errsock[0]);
 	/* setup tty and exec command */
-	exec_cmnd_pty(details, oset, foreground, intercept_fd, errsock[1]);
+	exec_cmnd_pty(details, foreground, intercept_fd, errsock[1]);
 	if (send(errsock[1], &errno, sizeof(int), 0) == -1)
 	    sudo_warn(U_("unable to execute %s"), details->command);
 	_exit(EXIT_FAILURE);

src/exec_nopty.c

@@ -647,7 +647,7 @@ exec_nopty(struct command_details *details,
 	    close(io_pipe[STDERR_FILENO][0]);
 	    close(io_pipe[STDERR_FILENO][1]);
 	}
-	exec_cmnd(details, &oset, intercept_sv[1], errpipe[1]);
+	exec_cmnd(details, intercept_sv[1], errpipe[1]);
 	while (write(errpipe[1], &errno, sizeof(int)) == -1) {
 	    if (errno != EINTR)
 		break;

src/exec_pty.c

@@ -1375,7 +1375,7 @@ exec_pty(struct command_details *details,
 	 * from /dev/tty.  In this case, we rely on the command receiving
 	 * SIGTTOU or SIGTTIN when it needs access to the controlling tty.
 	 */                                                              
-	exec_monitor(details, &oset, cmnd_foreground, sv[1], intercept_sv[1]);
+	exec_monitor(details, cmnd_foreground, sv[1], intercept_sv[1]);
 	cstat->type = CMD_ERRNO;
 	cstat->val = errno;
 	if (send(sv[1], cstat, sizeof(*cstat), 0) == -1) {

src/regress/intercept/test_ptrace.c

@@ -188,7 +188,7 @@ main(int argc, char *argv[])
 	if (!set_exec_filter())
 	    _exit(EXIT_FAILURE);
 
-	/* Child waits until tracer seizes control and sends SIGUSR1. */
+	/* Child waits until tracer seizes control and sends a message. */
 	close(intercept_sv[0]);
 	recv(intercept_sv[1], &ch, sizeof(ch), 0);
 

src/sudo_exec.h

@@ -176,7 +176,7 @@ union sudo_token_un {
 
 /* exec.c */
 struct stat;
-void exec_cmnd(struct command_details *details, sigset_t *mask, int intercept_fd, int errfd);
+void exec_cmnd(struct command_details *details, int intercept_fd, int errfd);
 void terminate_command(pid_t pid, bool use_pgrp);
 bool sudo_terminated(struct command_status *cstat);
 void free_exec_closure(struct exec_closure *ec);
@@ -215,7 +215,7 @@ bool exec_pty(struct command_details *details, const struct user_details *user_d
 extern int io_fds[6];
 
 /* exec_monitor.c */
-int exec_monitor(struct command_details *details, sigset_t *omask, bool foreground, int backchannel, int intercept_fd);
+int exec_monitor(struct command_details *details, bool foreground, int backchannel, int intercept_fd);
 
 /* utmp.c */
 bool utmp_login(const char *from_line, const char *to_line, int ttyfd,