| Summary: | Provide a global configuration option to disable ControlPersist | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | Portable OpenSSH | Reporter: | Jakub Jelen <jjelen> | ||||||
| Component: | ssh | Assignee: | Assigned to nobody <unassigned-bugs> | ||||||
| Status: | CLOSED INVALID | ||||||||
| Severity: | enhancement | ||||||||
| Priority: | P5 | ||||||||
| Version: | 6.8p1 | ||||||||
| Hardware: | Other | ||||||||
| OS: | Linux | ||||||||
| Attachments: |
|
||||||||
Created attachment 2622 [details]
possible solution
Sorry. That patch was nonsense. At that time, there is options variable still empty. It would require to take the block under reading configuration files and parsing commandline options. But at that time, there is possible that there is opened -E logfile which we can't close and reopen. This is not a problem with syslog.
* We do not open config file until we open log file (which makes sense)
* We should close hanging file descriptors before we open log file (which is file descriptor)
dependency hell ...
This would require some more changes in upstream. Proposing to move this check further and reopen log, if required.
Cleaning up. After realistic consideration I understand that this is not a good idea, it doesn't make much sense and there should be different solution on the other side. Thank you for all your inputs. closing resolved bugs as of 8.6p1 release |
Created attachment 2616 [details] proposed patch +++ This bug was cloned from Red Hat Bugzilla – Bug 1218351 +++ The new ControlPersist feature undesireably closes fds that are loaded by an adhoc LD_PRELOAD application. Customer would like to be able to remove the ControlPersist feature set by providing a global configuration option. This will allow ssh to act as it did before and not interfere with customer adhoc LD_PRELOAD app. e.g. if( options.controlpersist != 0 ){ closefrom(STDERR_FILENO+1) } How reproducible: Write app that opens some FDS use the export LD_PRELOAD on ssh execution of a scripted session when session exists see if FDS from the LD_PRELOAD app did too Actual results: fds closed Expected results: with ControlPersist disable option, fds from LD_PRELOAD do not close on ssh session close +++ Jakub Jelen +++ This will be probably fixed by checking ControlPersist configuration option and not closing the additional file descriptors if it is disabled. This solution shouldn't have any drawback and should allow users happy hacking. Yes, LD_PRELOAD can be dangerous, but I believe they know what are doing.