openssh unix dev - May 2003 - [Bug 560] Privsep child continues to run after monitor killed.

http://bugzilla.mindrot.org/show_bug.cgi?id=560

           Summary: Privsep child continues to run after monitor killed.
           Product: Portable OpenSSH
           Version: -current
          Platform: ix86
               URL: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=164797
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: sshd
        AssignedTo: openssh-unix-dev at mindrot.org
        ReportedBy: dtucker at zip.com.au


When the privileged monitor is killed (eg via a SIGHUP) cleans up the utmp 
entries and exits, leaving the child still running.

hosta$ ssh -p 2022 hostb
hostb$ sudo rpm -q redhat-release
redhat-release-8.0-8
hostb$ w
  9:26pm  up 9 days,  9:53,  2 users,  load average: 0.23, 0.39, 0.60
USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU  WHAT
dtucker  pts/0    laptop            9:25pm  0.00s  0.20s  0.03s  w

hostb$ ps -eaf |grep "sshd"
root      5052     1  0 21:25 ?        00:00:00 ./sshd -p 2022
root      5061   853  0 21:25 ?        00:00:00 [sshd]
dtucker   5063  5061  0 21:25 ?        00:00:00 [sshd]
dtucker   5154  5064  0 21:26 pts/0    00:00:00 grep sshd
hostb$ sudo kill -HUP 5061
hostb$ w
  9:27pm  up 9 days,  9:54,  2 users,  load average: 0.11, 0.34, 0.57
USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU  WHAT
hostb$



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=560





------- Additional Comments From dtucker at zip.com.au  2003-05-12 21:49 -------
Created an attachment (id=290)
 --> (http://bugzilla.mindrot.org/attachment.cgi?id=290&action=view)
Pass monitor signals through to child

Attempt to fix.  Dunno if this is a good idea or not.

The problem doesn't seem to happen on Solaris 8, don't know why.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=560





------- Additional Comments From dtucker at zip.com.au  2003-05-12 22:27 -------
OK, I think I know why the bug does not manifest on Solaris:

$ truss -p 10673  # user child
poll(0xEFFFF348, 3, -1)         (sleeping...)
    Received signal #1, SIGHUP, in poll() [default]
poll(0xEFFFF348, 3, -1)                         Err#4 EINTR
        *** process killed ***

I think the reason why it doesn't happen on Solaris is because setsid() is 
not called early in sshd (SSHD_ACQUIRES_CTTY is defined), so both monitor and 
child have the same controlling terminal.

$ ps -eafj   # Solaris 8
     UID   PID  PPID  PGID   SID  C    STIME TTY      TIME CMD
 dtucker 12497 12495 12495 12495  1 22:01:54 pts/2    0:00 ./sshd -p 2022
    root  2541     1  2541  2541  0 21:04:37 ?        0:00 ./sshd -p 2022
    root 12495  2541 12495 12495  1 22:01:52 pts/2    0:00 ./sshd -p 2022 

$ ps -eafj    # Redhat 8
UID        PID  PPID  PGID   SID  C STIME TTY          TIME CMD
root      5052     1  5052  5052  0 21:25 ?        00:00:00 ./sshd -p 2022
root     13559  5052 13559 13559  1 22:05 ?        00:00:00 [sshd]
dtucker  13562 13559 13559 13559  0 22:05 ?        00:00:00 [sshd]



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=560

dtucker at zip.com.au changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |FIXED



------- Additional Comments From dtucker at zip.com.au  2003-05-14 20:17 -------
Now fixed.

$ cvs log monitor.c
[snip]
revision 1.46
date: 2003/05/14 09:31:12;  author: djm;  state: Exp;  lines: +18 -1
   - markus at cvs.openbsd.org 2003/05/14 08:57:49
     [monitor.c]
     http://bugzilla.mindrot.org/show_bug.cgi?id=560
     Privsep child continues to run after monitor killed.
     Pass monitor signals through to child; Darren Tucker



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.