search for: reexec

Pure refactoring. Just decouples the complicated reexec code from the rest. --- plugins/vddk/Makefile.am | 2 + plugins/vddk/vddk.h | 42 +++++++++ plugins/vddk/reexec.c | 196 +++++++++++++++++++++++++++++++++++++++ plugins/vddk/vddk.c | 151 ++---------------------------- 4 files changed, 246 insertions(+), 145 deletions(-) diff --gi...

Use an extensible buffer (a vector<char>) when reading /proc/self/cmdline. Tidy up some error messages. --- plugins/vddk/reexec.c | 57 ++++++++++++++++++++++++++----------------- 1 file changed, 35 insertions(+), 22 deletions(-) diff --git a/plugins/vddk/reexec.c b/plugins/vddk/reexec.c index 5a5e9844..9641ee8c 100644 --- a/plugins/vddk/reexec.c +++ b/plugins/vddk/reexec.c @@ -48,6 +48,19 @@ char *reexeced;...

Probably needs a bit of cleanup, but seems like it is generally the right direction. One thing I've noticed is that the expect test randomly (but rarely) hangs :-( I guess something is racey but I don't know what at the moment. Rich.

Hi is there any documentation on the new reexec mechanism in sshd? (didn't find find much about it here on the list) Background of this question: I added a session numbering to our internal version to help keeping all log messages of one client connection together. In 3.9p1 the current number gets lost when the sshd is restartet in the r...

See this thread: https://www.redhat.com/archives/libguestfs/2020-June/thread.html#00012 This commit also adds a regression test of vddk password=- and password=-FD. --- tests/Makefile.am | 4 ++ plugins/vddk/vddk.h | 1 + plugins/vddk/reexec.c | 43 ++++++++++++- plugins/vddk/vddk.c | 2 +- tests/test-vddk-password-fd.sh | 86 +++++++++++++++++++++++++ tests/test-vddk-password-interactive.sh | 77 ++++++++++++++++++++++ tests/dummy-vddk.c | 6 ++ 7 files changed, 217...

...even with -pie? > > On linux we can do it with "setarch x86_64 -R". > > > > You asked about link time. Now it sounds like you're talking about runtime? > Link time is of course better. But if there is a syscall (like the one used by setarch) we could call it and reexec. Using setenv("DYLD_NO_PIE")+reexec looks gross to me. > > > Another question: if asan would require -no_pie on Mac, will this be a > serious limitation? > > > > If asan required no pie on Linux, would it be a serious limitation? > For Linux, I don't thin...

...at 09:22:49AM -0500, Eric Blake wrote: >> On 6/2/20 7:27 AM, Richard W.M. Jones wrote: >>> Use an extensible buffer (a vector<char>) when reading >>> /proc/self/cmdline. >>> >>> Tidy up some error messages. >>> --- >>> plugins/vddk/reexec.c | 57 ++++++++++++++++++++++++++----------------- >>> 1 file changed, 35 insertions(+), 22 deletions(-) >>> >> Pre-existing bug, which you did not fix here. If we failed here, we >> are leaking fd. You slightly improved the situation by marking the >> leake...

On 6/2/20 7:27 AM, Richard W.M. Jones wrote: > Use an extensible buffer (a vector<char>) when reading > /proc/self/cmdline. > > Tidy up some error messages. > --- > plugins/vddk/reexec.c | 57 ++++++++++++++++++++++++++----------------- > 1 file changed, 35 insertions(+), 22 deletions(-) > > @@ -80,42 +95,40 @@ perform_reexec (const char *env, const char *prepend) > * until we get a short read. This assumes nbdkit did not alter its > * original argv[]...

...BDKIT_API_VERSION 2 @@ -72,7 +73,8 @@ int vddk_debug_extents; #define VDDK_MINOR 1 static void *dl = NULL; /* dlopen handle */ -static int init_called = 0; /* was InitEx called */ +static bool init_called = false; /* was InitEx called */ +static char *reexeced = false; /* did libdir require reexec */ static char *config = NULL; /* config */ static const char *cookie = NULL; /* cookie */ @@ -162,6 +164,8 @@ vddk_unload (void) static int vddk_config (const char *key, const char *value) { + int r; + if (strcmp...

On Tue, Jun 02, 2020 at 09:22:49AM -0500, Eric Blake wrote: > On 6/2/20 7:27 AM, Richard W.M. Jones wrote: > >Use an extensible buffer (a vector<char>) when reading > >/proc/self/cmdline. > > > >Tidy up some error messages. > >--- > > plugins/vddk/reexec.c | 57 ++++++++++++++++++++++++++----------------- > > 1 file changed, 35 insertions(+), 22 deletions(-) > > > > >@@ -80,42 +95,40 @@ perform_reexec (const char *env, const char *prepend) > > * until we get a short read. This assumes nbdkit did not alter its > &...

https://bugzilla.mindrot.org/show_bug.cgi?id=2300 Bug ID: 2300 Summary: reexec.sh and login-timeout.sh fail due to a race condition Product: Portable OpenSSH Version: 6.7p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: Regression...

On Thu, 6 Feb 2020, Hisashi T Fujinaka wrote: > Built and passed tests on NetBSD-9_RC2 on amd64 and on NetBSD-current on > amd64. Issues with MacOS Catalina: > configure: error: *** working libcrypto not found, check config.log AFAIK MacOS no longer includes libcrypto or headers in the base operating system, so you'll either need to compile them yourself or install them via

This has been broken since we added the reexec code (commit 155af3107292c351d54ed42c732f4a67bb9aa910) because it tried to read the password twice (before and after the reexec) failing the second time because stdin had already been reopened on /dev/null. Virt-v2v used this feature, but I will change virt-v2v instead. --- plugins/vddk/nbdkit-vd...

On Dec 9, 2011, at 11:46 AM, Alexander Potapenko wrote: >> Link time is of course better. >> But if there is a syscall (like the one used by setarch) we could call it >> and reexec. >> Using setenv("DYLD_NO_PIE")+reexec looks gross to me. > There's posix_spawnattr_setflags() that can do the job > (http://reverse.put.as/2011/08/11/how-gdb-disables-aslr-in-mac-os-x-lion/), > but the necessary flag appeared only in Lion. > > To the best of my...

In v7: everything should work now! The re-exec code is slightly simplified, with Rich's suggestion to pass the original LD_LIBRARY_PATH rather than just the prefix being added, and I've now finished wiring up the initial dlopen() check into code that correctly computes the right prefix dir to add to LD_LIBRARY_PATH. Eric Blake (1): vddk: Add re-exec with altered environment Richard

...pie? > > On linux we can do it with "setarch x86_64 -R". > > > > You asked about link time. Now it sounds like you're talking about runtime? > > Link time is of course better. > But if there is a syscall (like the one used by setarch) we could call it and reexec. > Using setenv("DYLD_NO_PIE")+reexec looks gross to me. > Not sure honestly. > > > Another question: if asan would require -no_pie on Mac, will this be a serious limitation? > > > > If asan required no pie on Linux, would it be a serious limitation? &gt...

...ck config.log > > > > AFAIK MacOS no longer includes libcrypto or headers in the base operating > > system, so you'll either need to compile them yourself or install them > > via macports/brew/etc. > > I tried using the libcrypto from fink and I got: > > test reexec fallback > ssh cat /Users/htodd/openssh/regress/data failed > cmp: EOF on /Users/htodd/openssh/regress/copy > corrupted copy > failed reexec tests > make[1]: *** [t-exec] Error 1 > make: *** [t-exec] Error 2 There should be files named failed-ssh.log and failed-sshd.log in the re...

> Link time is of course better. > But if there is a syscall (like the one used by setarch) we could call it > and reexec. > Using setenv("DYLD_NO_PIE")+reexec looks gross to me. There's posix_spawnattr_setflags() that can do the job (http://reverse.put.as/2011/08/11/how-gdb-disables-aslr-in-mac-os-x-lion/), but the necessary flag appeared only in Lion. To the best of my knowledge, there's no lin...

http://bugzilla.mindrot.org/show_bug.cgi?id=973 Summary: sshd behaves differently while doing syslog entries for tcpwrappers denied message, with -r and without -r option. Product: Portable OpenSSH Version: 3.9p1 Platform: All OS/Version: All Status: NEW Severity: normal

...From the failed traces: > > debug1: rexec start in 4 out 4 newsock 4 pipe -1 sock 7 > debug1: inetd sockets after dupping: 3, 3 > debug1: getpeername failed: Transport endpoint is not connected > debug1: get_remote_port failed > > Since this happens immediately after the server reexecs itself, > another possiblity is that somehow the descriptors are being marked > close-on-exec. You can test this theory by adding "-r" to sshd's > command line to disable reexec. > > -- > Darren Tucker (dtucker at zip.com.au) > GPG key 8FF4FA69 / D9A3 86E9 7EEE...