Conditionally mark fork as safe in linux

Author: pvdrz

lib/sudo-exec/src/lib.rs

@@ -77,10 +77,7 @@ pub fn run_command(
 
     let (pty_leader, pty_follower) = openpty()?;
     let (rx, tx) = pipe()?;
-    // SAFETY: we don't call any function that is not `async-signal-safe` inside this `fork` as all
-    // the signal handling is done by `signal_hook` which protects us from it.
-    #[allow(unsafe_code)]
-    let monitor_pid = unsafe { fork() }?;
+    let monitor_pid = fork()?;
     // Monitor logic. Based on `exec_monitor`.
     if monitor_pid == 0 {
         match monitor::MonitorRelay::new(command, pty_follower, tx)?.run()? {}

lib/sudo-system/src/lib.rs

@@ -40,6 +40,21 @@ pub fn pipe() -> io::Result<(OwnedFd, OwnedFd)> {
     Ok(unsafe { (OwnedFd::from_raw_fd(fds[0]), OwnedFd::from_raw_fd(fds[1])) })
 }
 
+#[cfg(target_os = "linux")]
+/// Create a new process.
+pub fn fork() -> io::Result<ProcessId> {
+    // SAFETY: `fork` is implemented using `clone` in linux so we don't need to worry about signal
+    // safety.
+    cerr(unsafe { libc::fork() })
+}
+
+#[cfg(not(target_os = "linux"))]
+/// Create a new process.
+///
+/// # Safety
+///
+/// In a multithreaded program, only async-signal-safe functions are guaranteed to work in the
+/// child process until a call to `execve` or a similar function is done.
 pub unsafe fn fork() -> io::Result<ProcessId> {
     cerr(unsafe { libc::fork() })
 }