openssh bugs - Nov 2014 - [Bug 2308] New: Forwarded Unix domain sockets not removed on logout

https://bugzilla.mindrot.org/show_bug.cgi?id=2308

            Bug ID: 2308
           Summary: Forwarded Unix domain sockets not removed on logout
           Product: Portable OpenSSH
           Version: 6.7p1
          Hardware: All
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P5
         Component: sshd
          Assignee: unassigned-bugs at mindrot.org
          Reporter: swarren at wwwdotorg.org

I tested out Unix domain socket support in 6.7:

# On Ubuntu 14.04 amd64
wget the source
./configure --prefix=/home/swarren/ssh-test/install --with-pam
--with-kerberos5
make
make install

In one console, ran the newly installed sshd. In another:

./ssh -p 863 -R
/run/user/1000/keyring-wpPOO8/gpg-fwd:/run/user/1000/keyring-wpPOO8/gpg
127.0.0.1

Then within the SSH session, tested access to
/run/user/1000/keyring-wpPOO8/gpg-fwd, and verified it connects to
/run/user/1000/keyring-wpPOO8/gpg on the client. In my case
/run/user/1000/keyring-wpPOO8/gpg was actually the path from
$GPG_AGENT_INFO, although I don't think that matters.

When I disconnect the ssh session, the path
/run/user/1000/keyring-wpPOO8/gpg-fwd is not deleted. lsof doesn't show
any processes with the file open. When I re-execute the same ssh
command above, the domain socket forwarding fails, with the following
showing up in sshd's log:

Nov  6 23:25:12 dart sshd[19120]: error: bind: Address already in use
Nov  6 23:25:12 dart sshd[19120]: error: unix_listener: cannot bind to
path: /run/user/1000/keyring-wpPOO8/gpg-fwd

If I rm the domain socket manually on the server, then forwarding with
that remote name works again, once, until I delete it again, etc.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2308

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |djm at mindrot.org

--- Comment #1 from Damien Miller <djm at mindrot.org> ---
ssh/sshd should probably clean up after itself better, but you might be
interested in the ssh_config StreamLocalBindUnlink option in the
meantime

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2308

--- Comment #2 from Stephen Warren <swarren at wwwdotorg.org> ---
Yes, that option seems to work.

Shouldn't it be the default if sshd isn't going to clean up after
itself when connections drop?

I wonder if it interacts correctly with control masters?

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2308

Daniel Black <daniel.subs at internode.on.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |daniel.subs at internode.on.ne
                   |                            |t

--- Comment #3 from Daniel Black <daniel.subs at internode.on.net> ---
(In reply to Stephen Warren from comment #2)
> Yes, that option seems to work.
> 
> Shouldn't it be the default if sshd isn't going to clean up after
> itself when connections drop?
I'd think so. And ssh client too for localforwards.
> I wonder if it interacts correctly with control masters?
StreamLocalBindUnlink appears to leave existing local forward sockets
alone and assume they remain connected to the same remote end.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2308

Patrick Hemmer <mindrot at stormcloud9.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |mindrot at stormcloud9.net

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.