Implement --background flag

bjorn3 · bjorn3 · commit 24818d65e31e · 2025-12-16T15:33:25.000+01:00
diff --git a/src/common/context.rs b/src/common/context.rs
@@ -24,6 +24,7 @@ pub struct Context {
     pub askpass: bool,
     pub stdin: bool,
     pub bell: bool,
+    pub background: bool,
     pub prompt: Option<String>,
     pub non_interactive: bool,
     pub use_session_records: bool,
@@ -95,6 +96,7 @@ impl Context {
             askpass: sudo_options.askpass,
             stdin: sudo_options.stdin,
             bell: sudo_options.bell,
+            background: sudo_options.background,
             prompt,
             non_interactive: sudo_options.non_interactive,
             files_to_edit: vec![],
@@ -162,6 +164,7 @@ impl Context {
             askpass: sudo_options.askpass,
             stdin: sudo_options.stdin,
             bell: sudo_options.bell,
+            background: false,
             prompt: sudo_options.prompt,
             non_interactive: sudo_options.non_interactive,
             files_to_edit,
@@ -185,6 +188,7 @@ impl Context {
             askpass: sudo_options.askpass,
             stdin: sudo_options.stdin,
             bell: sudo_options.bell,
+            background: false,
             prompt: sudo_options.prompt,
             non_interactive: sudo_options.non_interactive,
             files_to_edit: vec![],
@@ -231,6 +235,7 @@ impl Context {
             askpass: sudo_options.askpass,
             stdin: sudo_options.stdin,
             bell: sudo_options.bell,
+            background: false,
             prompt: sudo_options.prompt,
             non_interactive: sudo_options.non_interactive,
             files_to_edit: vec![],
@@ -275,6 +280,7 @@ impl Context {
             group: &self.target_group,
             umask: controls.umask,
 
+            background: self.background,
             use_pty: controls.use_pty,
             noexec: controls.noexec,
         })
diff --git a/src/exec/mod.rs b/src/exec/mod.rs
@@ -13,7 +13,7 @@ use std::{
     os::unix::ffi::OsStrExt,
     os::unix::process::CommandExt,
     path::{Path, PathBuf},
-    process::Command,
+    process::{self, Command},
     time::Duration,
 };
 
@@ -24,13 +24,12 @@ use crate::{
     exec::no_pty::exec_no_pty,
     log::{dev_info, dev_warn, user_error},
     system::{
-        _exit,
+        ForkResult, Group, User, _exit, fork,
         interface::ProcessId,
-        kill, killpg, mark_fds_as_cloexec, set_target_user,
+        kill, killpg, mark_fds_as_cloexec, set_target_user, setpgid,
         signal::{consts::*, signal_name, SignalNumber, SignalSet},
         term::UserTerm,
         wait::{Wait, WaitError, WaitOptions},
-        Group, User,
     },
 };
 
@@ -71,6 +70,7 @@ pub struct RunOptions<'a> {
     pub group: &'a Group,
     pub umask: Umask,
 
+    pub background: bool,
     pub use_pty: bool,
     pub noexec: bool,
 }
@@ -83,6 +83,19 @@ pub fn run_command(
     options: RunOptions<'_>,
     env: impl IntoIterator<Item = (impl AsRef<OsStr>, impl AsRef<OsStr>)>,
 ) -> io::Result<ExitReason> {
+    if options.background {
+        // SAFETY: There should be no other threads at this point.
+        match unsafe { fork() }? {
+            ForkResult::Parent(_) => process::exit(0),
+            ForkResult::Child => {
+                // Child continues in an orphaned process group.
+                // Reads from the terminal fail with EIO.
+                // Writes succeed unless tostop is set on the terminal.
+                setpgid(ProcessId::new(0), ProcessId::new(0))?;
+            }
+        }
+    }
+
     // FIXME: should we pipe the stdio streams?
     let qualified_path = options.command;
     let mut command = Command::new(qualified_path);
@@ -185,6 +198,7 @@ pub fn run_command(
                 command,
                 user_tty,
                 options.user,
+                options.background,
             ),
             Err(err) => {
                 dev_info!("Could not open user's terminal, not allocating a pty: {err}");
diff --git a/src/exec/use_pty/parent.rs b/src/exec/use_pty/parent.rs
@@ -1,8 +1,12 @@
 use std::collections::VecDeque;
 use std::ffi::c_int;
 use std::io;
+use std::os::fd::{FromRawFd, OwnedFd};
 use std::process::{Command, Stdio};
 
+use libc::{close, O_CLOEXEC};
+
+use crate::cutils::cerr;
 use crate::exec::event::{EventHandle, EventRegistry, PollEvent, Process, StopReason};
 use crate::exec::use_pty::monitor::exec_monitor;
 use crate::exec::use_pty::SIGCONT_FG;
@@ -31,6 +35,7 @@ pub(in crate::exec) fn exec_pty(
     mut command: Command,
     user_tty: UserTerm,
     pty_owner: &User,
+    background: bool,
 ) -> io::Result<ExitReason> {
     // Allocate a pseudoterminal.
     let pty = get_pty(pty_owner)?;
@@ -81,6 +86,10 @@ pub(in crate::exec) fn exec_pty(
         ParentEvent::Pty,
     );
 
+    if background {
+        tty_pipe.disable_input(&mut registry);
+    }
+
     let user_tty = tty_pipe.left_mut();
 
     // Check if we are the foreground process
@@ -118,6 +127,24 @@ pub(in crate::exec) fn exec_pty(
             // change the terminal mode.
             exec_bg = true;
         }
+    } else if background {
+        // Running in background (sudo -b), no access to terminal input.
+        // In non-pty mode, the command runs in an orphaned process
+        // group and reads from the controlling terminal fail with EIO.
+        // We cannot do the same while running in a pty but if we set
+        // stdin to a half-closed pipe, reads from it will get EOF.
+        exec_bg = true;
+
+        let mut pipes = [-1, -1];
+        // SAFETY: A valid pointer to a mutable array of 2 fds is passed in.
+        unsafe {
+            cerr(libc::pipe2(pipes.as_mut_ptr(), O_CLOEXEC))?;
+        }
+        // SAFETY: pipe2 created two owned pipe fds.
+        unsafe {
+            command.stdin(OwnedFd::from_raw_fd(pipes[0]));
+            close(pipes[1]);
+        }
     }
 
     if !io::stdout().is_terminal_for_pgrp(parent_pgrp) {
diff --git a/src/su/context.rs b/src/su/context.rs
@@ -210,6 +210,7 @@ impl SuContext {
             group: &self.group,
             umask: Umask::Preserve,
 
+            background: false,
             use_pty: true,
             noexec: false,
         }
diff --git a/src/sudo/cli/mod.rs b/src/sudo/cli/mod.rs
@@ -385,6 +385,8 @@ pub struct SudoRunOptions {
     pub askpass: bool,
     // -B
     pub bell: bool,
+    // -b
+    pub background: bool,
     // -E
     /* ignored, part of env_var_list */
     // -k
@@ -416,6 +418,7 @@ impl TryFrom<SudoOptions> for SudoRunOptions {
     fn try_from(mut opts: SudoOptions) -> Result<Self, Self::Error> {
         let askpass = mem::take(&mut opts.askpass);
         let bell = mem::take(&mut opts.bell);
+        let background = mem::take(&mut opts.background);
         let reset_timestamp = mem::take(&mut opts.reset_timestamp);
         let non_interactive = mem::take(&mut opts.non_interactive);
         let stdin = mem::take(&mut opts.stdin);
@@ -466,6 +469,7 @@ impl TryFrom<SudoOptions> for SudoRunOptions {
         Ok(Self {
             askpass,
             bell,
+            background,
             reset_timestamp,
             non_interactive,
             stdin,
@@ -487,6 +491,8 @@ struct SudoOptions {
     askpass: bool,
     // -B
     bell: bool,
+    // -b
+    background: bool,
     // -D
     chdir: Option<SudoPath>,
     // -g
@@ -698,6 +704,9 @@ impl SudoOptions {
                     "-B" | "--bell" => {
                         options.bell = true;
                     }
+                    "-b" | "--background" => {
+                        options.background = true;
+                    }
                     "-E" | "--preserve-env" => {
                         user_warn!(
                             "preserving the entire environment is not supported, '{flag}' is ignored",
@@ -878,6 +887,7 @@ fn reject_all(context: &str, opts: SudoOptions) -> Result<(), String> {
     check_options!(
         askpass,
         bell,
+        background,
         chdir,
         edit,
         group,
diff --git a/src/sudo/cli/tests.rs b/src/sudo/cli/tests.rs
@@ -330,7 +330,7 @@ fn help() {
     let cmd = SudoAction::try_parse_from(["sudo", "-h"]).unwrap();
     assert!(cmd.is_help());
 
-    let cmd = SudoAction::try_parse_from(["sudo", "-bh"]);
+    let cmd = SudoAction::try_parse_from(["sudo", "-zh"]);
     assert!(cmd.is_err());
 
     let cmd = SudoAction::try_parse_from(["sudo", "--help"]).unwrap();
diff --git a/src/sudo/env/tests.rs b/src/sudo/env/tests.rs
@@ -132,6 +132,7 @@ fn create_test_context(sudo_options: SudoRunOptions) -> Context {
         non_interactive: sudo_options.non_interactive,
         use_session_records: false,
         bell: false,
+        background: false,
         files_to_edit: vec![],
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -210,6 +210,7 @@ impl SuContext {`
`210`	`210`	`group: &self.group,`
`211`	`211`	`umask: Umask::Preserve,`
`212`	`212`
	`213`	`+ background: false,`
`213`	`214`	`use_pty: true,`
`214`	`215`	`noexec: false,`
`215`	`216`	`}`
Original file line number	Diff line number	Diff line change
`@@ -132,6 +132,7 @@ fn create_test_context(sudo_options: SudoRunOptions) -> Context {`
`132`	`132`	`non_interactive: sudo_options.non_interactive,`
`133`	`133`	`use_session_records: false,`
`134`	`134`	`bell: false,`
	`135`	`+ background: false,`
`135`	`136`	`files_to_edit: vec![],`
`136`	`137`	`}`
`137`	`138`	`}`