Bug 606 - sshd [-t] should warn when cannot create pid file
Summary: sshd [-t] should warn when cannot create pid file
Status: CLOSED FIXED
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: sshd (show other bugs)
Version: -current
Hardware: All Linux
: P2 enhancement
Assignee: OpenSSH Bugzilla mailing list
URL:
Keywords:
Depends on: 605
Blocks:
  Show dependency treegraph
 
Reported: 2003-06-26 17:58 AEST by Roumen Petrov
Modified: 2004-04-14 12:24 AEST (History)
0 users

See Also:

Attachments
Check directory and file perms for PidFile (1.58 KB, patch)
2003-06-26 21:55 AEST, Darren Tucker 		no flags Details | Diff
Use realpath to test existence of PidFile directory (1.09 KB, patch)
2003-06-28 00:11 AEST, Darren Tucker 		no flags Details | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Roumen Petrov 2003-06-26 17:58:54 AEST 
1.) sshd should warn user when cannot create pid file.
2.) sshd -t should warn user when dont have write permition to pid_file_dir. One
possible reason is missing directory.
Comment 1 Damien Miller 2003-06-26 21:52:19 AEST 
> 1.) sshd should warn user when cannot create pid file.

This is difficult - see the comment in sshd.c where we write the pidfile

> 2.) sshd -t should warn user when dont have write permition to 
> pid_file_dir. One possible reason is missing directory.

IMO that is just bloat.
Comment 2 Darren Tucker 2003-06-26 21:55:49 AEST 
Created attachment 338 [details]
Check directory and file perms for PidFile

Also reports error if there's an error writing the PidFile (this could still
happen, either due to a race or things like ENOSPC).  This part based on Roumen
Petrov's patch.

Patch against OpenBSD -current.
Comment 3 Damien Miller 2003-06-26 22:14:34 AEST 
OK - (1) isn't difficult unless one wants the error written to stderr (the
pidfile writing happens after the fork). 

I'd say that the patch confirms that (2) is bloat
Comment 4 Ben Lindstrom 2003-06-27 01:01:01 AEST 
Don't know.. Other projects tend to provide notifications on testing 
configurations (apache does), but Darren's patch is wrong.

+	/* Determine directory path to PidFile */
+	if (strrchr(options.pid_file, '/') != NULL) {
+		path = xstrdup(options.pid_file);
+		*(strrchr(path, '/')+1) = '\0';
+	} else
+		path = xstrdup(".");


Fails when the admin is insane and does:  "/my/loc/my\/myfile.pid"

Since it will not decide if the / has been escaped or not.


I don't have a strong feeling either way (For the record, I don't use
the pid file for tracking the sshd).
Comment 5 Roumen Petrov 2003-06-27 21:37:36 AEST 
Might is better configure to warn for missing piddir and 
sshd only when cannot create pidfile.
Comment 6 Darren Tucker 2003-06-28 00:11:56 AEST 
Created attachment 339 [details]
Use realpath to test existence of PidFile directory

One person's "bloat" is another's "valuable diagnostic" :-)

If you cut down the things that are checked for and can live with less
descriptive errors you can just use realpath().  It still performs a useful
subset of tests (and handles Ben's evilness too) with less code.

# sshd/sshd -t -o 'PidFile /no/such'
Invalid PidFile specification: /no/such (No such file or directory)
# sshd/sshd -t -o 'PidFile /etc/passwd/pidfile'
Invalid PidFile specification: /etc/passwd/pidfile (Not a directory)
# sshd/sshd -t -o 'PidFile /tmp\/myfile.pid'
Invalid PidFile specification: /tmp\\/myfile.pid (No such file or directory)
Comment 7 Damien Miller 2003-06-28 17:50:32 AEST 
I have committed a similar patch which reports the error() on failure to create
the pidfile, but not the "sshd -t" tests. There are just too many ways for an
admin to break a system to test for them all. Besides, pidfile creation failure
is non-fatal.
Comment 8 Damien Miller 2004-04-14 12:24:19 AEST 
Mass change of RESOLVED bugs to CLOSED