Bugzilla – Attachment 1324 Details for
Bug 396
sshd orphans processes when no pty allocated
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Modified patch for openSSH-4.6p1
openssh-4.6p1.bug396 (text/plain), 4.31 KB, created by
Matthieu Hautreux
on 2007-07-11 23:02:19 AEST
(
hide
)
Description:
Modified patch for openSSH-4.6p1
Filename:
MIME Type:
Creator:
Matthieu Hautreux
Created:
2007-07-11 23:02:19 AEST
Size:
4.31 KB
patch
obsolete
>diff --git a/ChangeLog b/ChangeLog >index f2b96c3..6a060f6 100644 >--- a/ChangeLog >+++ b/ChangeLog >@@ -1,3 +1,12 @@ >+20070626 >+ - matthieu.hautreux@cea.fr >+ [session.c] [servconf.h] [servconf.c] [sshd_config] [sshd_config.0] >+ [sshd_config.5] >+ bug#396 : add an sshd option (RemoteCommandCleanup) that enables to clean >+ child processes when remote command connection is closed/lost. >+ All processes that share the pgrp of the child (child pid) receive >+ a SIGHUP during session close. Default behavior is no. >+ > 20070306 > - (djm) OpenBSD CVS Sync > - jmc@cvs.openbsd.org 2007/03/01 16:19:33 >diff --git a/servconf.c b/servconf.c >index 1e3c213..4ee4708 100644 >--- a/servconf.c >+++ b/servconf.c >@@ -122,6 +122,7 @@ initialize_server_options(ServerOptions > options->permit_tun = -1; > options->num_permitted_opens = -1; > options->adm_forced_command = NULL; >+ options->remote_command_cleanup = -1; > } > > void >@@ -263,6 +264,9 @@ fill_default_server_options(ServerOption > } > #endif > >+ if (options->remote_command_cleanup == -1) >+ options->remote_command_cleanup = 0; >+ > } > > /* Keyword tokens. */ >@@ -293,6 +297,7 @@ typedef enum { > sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel, > sMatch, sPermitOpen, sForceCommand, > sUsePrivilegeSeparation, >+ sRemoteCommandCleanup, > sDeprecated, sUnsupported > } ServerOpCodes; > >@@ -403,6 +408,7 @@ static struct { > { "match", sMatch, SSHCFG_ALL }, > { "permitopen", sPermitOpen, SSHCFG_ALL }, > { "forcecommand", sForceCommand, SSHCFG_ALL }, >+ { "remotecommandcleanup", sRemoteCommandCleanup }, > { NULL, sBadOption, 0 } > }; > >@@ -1268,6 +1274,10 @@ parse_flag: > arg = strdelim(&cp); > break; > >+ case sRemoteCommandCleanup: >+ intptr = &options->remote_command_cleanup; >+ goto parse_flag; >+ > default: > fatal("%s line %d: Missing handler for opcode %s (%d)", > filename, linenum, arg, opcode); >diff --git a/servconf.h b/servconf.h >index 8a5b950..455b7d7 100644 >--- a/servconf.h >+++ b/servconf.h >@@ -141,6 +141,10 @@ typedef struct { > int permit_tun; > > int num_permitted_opens; >+ >+ int remote_command_cleanup; /* If true, send HUP to child process group when session is closed >+ and no pty was allocated (remote command execution) >+ */ > } ServerOptions; > > void initialize_server_options(ServerOptions *); >diff --git a/session.c b/session.c >index 4c97c4a..6106a17 100644 >--- a/session.c >+++ b/session.c >@@ -2243,6 +2243,11 @@ session_close(Session *s) > debug("session_close: session %d pid %ld", s->self, (long)s->pid); > if (s->ttyfd != -1) > session_pty_cleanup(s); >+ else if(s->pid && options.remote_command_cleanup){ >+ debug("sending signal HUP to process group %u ",s->pid); >+ kill(-1*s->pid,SIGHUP); >+ } >+ > if (s->term) > xfree(s->term); > if (s->display) >diff --git a/sshd_config b/sshd_config >index 6a3cad8..6f613b6 100644 >--- a/sshd_config >+++ b/sshd_config >@@ -80,6 +80,8 @@ > # and ChallengeResponseAuthentication to 'no'. > #UsePAM no > >+#RemoteCommandCleanup no >+ > #AllowTcpForwarding yes > #GatewayPorts no > #X11Forwarding no >diff --git a/sshd_config.0 b/sshd_config.0 >index c9a09a4..7fb0df7 100644 >--- a/sshd_config.0 >+++ b/sshd_config.0 >@@ -401,6 +401,11 @@ DESCRIPTION > fault is ``yes''. Note that this option applies to protocol ver- > sion 2 only. > >+ RemoteCommandCleanup >+ Specifies whether user processes that where launched without pty >+ and share the same pgrp as the child process pid must be signal >+ with HUP when connection is closed/lost. The default is ``no''. >+ > RhostsRSAAuthentication > Specifies whether rhosts or /etc/hosts.equiv authentication to- > gether with successful RSA host authentication is allowed. The >diff --git a/sshd_config.5 b/sshd_config.5 >index af12214..9507a7d 100644 >--- a/sshd_config.5 >+++ b/sshd_config.5 >@@ -708,6 +708,12 @@ Specifies whether public key authenticat > The default is > .Dq yes . > Note that this option applies to protocol version 2 only. >+.It Cm RemoteCommandCleanup >+Specifies whether user processes that where launched without pty >+and share the same pgrp as the child process pid must be signal >+with HUP when connection is closed/lost. >+The default is >+.Dq no . > .It Cm RhostsRSAAuthentication > Specifies whether rhosts or /etc/hosts.equiv authentication together > with successful RSA host authentication is allowed.
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=1324">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 396
:
145
|
934
| 1324