Hi all, we were discussing internally how to make openssh leave open file descriptors that were open before main using LD_PRELOAD. Lately I filled upstream bugzilla [1] with proposed solution, that could be acceptable by upstream, but I'm also posting on this list to get more attention, other points of view or ideas for this case. I understand well, that closing FDs is important for backgrounded [mux] process who is handling IO for all sessions in specific connection. I also understand, that it is good practice to know what are your open file descriptors and close the other "hanging around". But aside all of this, what would be proposal if you would need to preserve this open file descriptor? In above mentioned bugzilla, I'm proposing to close these FDs only if we have configuration option ControlPersist enabled (as comments in code describes). This requires to move the the whole closing thing down after reading config files and commandline options. But this can interfere with debug logging enabled (using -E option), so to make it working, it is required to reopen this log file after closing other FDs. Q: File descriptor from debug log (-E option) doesn't matter when backgrounding ControlPersist master? Q: For non-backgrounding process using ControlMaster only is not a problem to have hanging file descriptors around? I'm interested only in preserving this FD without multiplexing, but of course I want to have multiplexing working after this change. [1] https://bugzilla.mindrot.org/show_bug.cgi?id=2394 -- Jakub Jelen Associate Software Engineer Security Technologies Red Hat
On Mon, 25 May 2015, Jakub Jelen wrote:> Hi all, > we were discussing internally how to make openssh leave open file descriptors > that were open before main using LD_PRELOAD.Something running in ssh's address space could do just about anything. If we start making changes for random stuff that users force in via LD_PRELOAD, where would we stop? -d
On 05/26/2015 01:44 AM, Damien Miller wrote:> On Mon, 25 May 2015, Jakub Jelen wrote: > >> Hi all, >> we were discussing internally how to make openssh leave open file descriptors >> that were open before main using LD_PRELOAD. > Something running in ssh's address space could do just about anything. > > If we start making changes for random stuff that users force in > via LD_PRELOAD, where would we stop? > > -dThanks for your reply. I totally accept your attitude from developer point of view. I wanted to gather some opinions from other people around openssh about this issue not to have it only as an internal discussion which just started to lead nowhere. Unfortunately, the world is not ideal place and some people are using strange constructions. And sometimes we need to make compromises. Jakub
On 25/05/15 15:32, Jakub Jelen wrote:> I understand well, that closing FDs is important for backgrounded > [mux] process who is handling IO for all sessions in specific > connection. I also understand, that it is good practice to know what > are your open file descriptors and close the other "hanging around". > But aside all of this, what would be proposal if you would need to > preserve this open file descriptor?Why would you need this open file descriptor?
Possibly Parallel Threads
- [Bug 2394] New: Provide a global configuration option to disable ControlPersist
- portable sftp oddity: sftp, redirection of stderr and ControPersist
- ssh -f and -O ControlPersist=yes, ControlMaster=yes leaves stderr open
- [Bug 3220] New: Possible bug if ControlMaster + ControlPersist and `-t`
- [PATCH] ssh: set proctitle for mux master