560 – Privsep child continues to run after monitor killed.

Bug 560 - Privsep child continues to run after monitor killed.

Summary: Privsep child continues to run after monitor killed.

Status:	CLOSED FIXED

Alias:	None

Product:	Portable OpenSSH
Classification:	Unclassified
Component:	sshd (show other bugs)
Version:	-current
Hardware:	ix86 Linux

Importance:	P2 normal
Assignee:	OpenSSH Bugzilla mailing list

URL:	http://bugs.debian.org/cgi-bin/bugrep...
Keywords:

Depends on:
Blocks:

Reported:	2003-05-12 21:40 AEST by Darren Tucker
Modified:	2004-04-14 12:24 AEST (History)
CC List:	0 users

See Also:

Attachments
Pass monitor signals through to child (946 bytes, patch) 2003-05-12 21:49 AEST, Darren Tucker	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Darren Tucker 2003-05-12 21:40:11 AEST

When the privileged monitor is killed (eg via a SIGHUP) cleans up the utmp 
entries and exits, leaving the child still running.

hosta$ ssh -p 2022 hostb
hostb$ sudo rpm -q redhat-release
redhat-release-8.0-8
hostb$ w
  9:26pm  up 9 days,  9:53,  2 users,  load average: 0.23, 0.39, 0.60
USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU  WHAT
dtucker  pts/0    laptop            9:25pm  0.00s  0.20s  0.03s  w

hostb$ ps -eaf |grep "sshd"
root      5052     1  0 21:25 ?        00:00:00 ./sshd -p 2022
root      5061   853  0 21:25 ?        00:00:00 [sshd]
dtucker   5063  5061  0 21:25 ?        00:00:00 [sshd]
dtucker   5154  5064  0 21:26 pts/0    00:00:00 grep sshd
hostb$ sudo kill -HUP 5061
hostb$ w
  9:27pm  up 9 days,  9:54,  2 users,  load average: 0.11, 0.34, 0.57
USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU  WHAT
hostb$

Comment 1 Darren Tucker 2003-05-12 21:49:01 AEST

Created attachment 290 [details]
Pass monitor signals through to child

Attempt to fix.  Dunno if this is a good idea or not.

The problem doesn't seem to happen on Solaris 8, don't know why.

Comment 2 Darren Tucker 2003-05-12 22:27:36 AEST

OK, I think I know why the bug does not manifest on Solaris:

$ truss -p 10673  # user child
poll(0xEFFFF348, 3, -1)         (sleeping...)
    Received signal #1, SIGHUP, in poll() [default]
poll(0xEFFFF348, 3, -1)                         Err#4 EINTR
        *** process killed ***

I think the reason why it doesn't happen on Solaris is because setsid() is 
not called early in sshd (SSHD_ACQUIRES_CTTY is defined), so both monitor and 
child have the same controlling terminal.

$ ps -eafj   # Solaris 8
     UID   PID  PPID  PGID   SID  C    STIME TTY      TIME CMD
 dtucker 12497 12495 12495 12495  1 22:01:54 pts/2    0:00 ./sshd -p 2022
    root  2541     1  2541  2541  0 21:04:37 ?        0:00 ./sshd -p 2022
    root 12495  2541 12495 12495  1 22:01:52 pts/2    0:00 ./sshd -p 2022 

$ ps -eafj    # Redhat 8
UID        PID  PPID  PGID   SID  C STIME TTY          TIME CMD
root      5052     1  5052  5052  0 21:25 ?        00:00:00 ./sshd -p 2022
root     13559  5052 13559 13559  1 22:05 ?        00:00:00 [sshd]
dtucker  13562 13559 13559 13559  0 22:05 ?        00:00:00 [sshd]

Comment 3 Darren Tucker 2003-05-14 20:17:46 AEST

Now fixed.

$ cvs log monitor.c
[snip]
revision 1.46
date: 2003/05/14 09:31:12;  author: djm;  state: Exp;  lines: +18 -1
   - markus@cvs.openbsd.org 2003/05/14 08:57:49
     [monitor.c]
     http://bugzilla.mindrot.org/show_bug.cgi?id=560
     Privsep child continues to run after monitor killed.
     Pass monitor signals through to child; Darren Tucker

Comment 4 Damien Miller 2004-04-14 12:24:19 AEST

Mass change of RESOLVED bugs to CLOSED