search for: stderr_fileno

...26:15PM -0500, Eric Blake wrote: > + /* Ensure that stdin/out/err of the current process were not empty > + * before we started creating pipes (otherwise, the close and dup2 > + * calls below become more complex to juggle fds around correctly). > + */ > + assert (in_fd[0] > STDERR_FILENO && in_fd[1] > STDERR_FILENO && > + out_fd[0] > STDERR_FILENO && out_fd[1] > STDERR_FILENO && > + err_fd[0] > STDERR_FILENO && err_fd[1] > STDERR_FILENO); This assert is now being thrown whenever we use nbdkit + sh plugi...

...Blake wrote: >> + /* Ensure that stdin/out/err of the current process were not empty >> + * before we started creating pipes (otherwise, the close and dup2 >> + * calls below become more complex to juggle fds around correctly). >> + */ >> + assert (in_fd[0] > STDERR_FILENO && in_fd[1] > STDERR_FILENO && >> + out_fd[0] > STDERR_FILENO && out_fd[1] > STDERR_FILENO && >> + err_fd[0] > STDERR_FILENO && err_fd[1] > STDERR_FILENO); > > This assert is now being thrown whenever we use...

...+ return; Since no code should ever directly call nbd_internal_fork_safe_assert(0,...), but instead go through our macro that has already filtered on expression's value, this conditional is technically dead code; but I'm okay whether it stays in or gets removed. > + > + xwrite (STDERR_FILENO, file, strlen (file)); > + xwrite (STDERR_FILENO, ":", 1); Presumably, if our first best-effort xwrite() fails to produce full output, all later xwrite() will hopefully hit the same error condition so that we aren't producing even more-mangled output where later syscalls succeed...

...;> + /* Ensure that stdin/out/err of the current process were not empty >>> + * before we started creating pipes (otherwise, the close and dup2 >>> + * calls below become more complex to juggle fds around correctly). >>> + */ >>> + assert (in_fd[0] > STDERR_FILENO && in_fd[1] > STDERR_FILENO && >>> + out_fd[0] > STDERR_FILENO && out_fd[1] > STDERR_FILENO && >>> + err_fd[0] > STDERR_FILENO && err_fd[1] > STDERR_FILENO); >> >> This assert is now being thrown...

...rst argument of that function call: nbd_internal_fork_safe_assert ((expression) != 0, ... So I think the early return is definitely necessary here. > this conditional is > technically dead code; but I'm okay whether it stays in or gets > removed. > >> + >> + xwrite (STDERR_FILENO, file, strlen (file)); >> + xwrite (STDERR_FILENO, ":", 1); > > Presumably, if our first best-effort xwrite() fails to produce full > output, all later xwrite() will hopefully hit the same error condition > so that we aren't producing even more-mangled output where...

...ng stdin/out in the parent process: $ nbdsh -c 'h.connect_command (["nbdkit","sh","script", "-s","--exit-with-parent"])' -c 'print("%r"%h.get_size())' 1048576 nbdkit: call.c:155: call3: Assertion `in_fd[0] > STDERR_FILENO && in_fd[1] > STDERR_FILENO && out_fd[0] > STDERR_FILENO && out_fd[1] > STDERR_FILENO && err_fd[0] > STDERR_FILENO && err_fd[1] > STDERR_FILENO' failed. With this patch, the assertion can remain in place. Reported-by: Richard W.M. Jones...

...pipe: %m", script); goto error; } +#endif + + /* Ensure that stdin/out/err of the current process were not empty + * before we started creating pipes (otherwise, the close and dup2 + * calls below become more complex to juggle fds around correctly). + */ + assert (in_fd[0] > STDERR_FILENO && in_fd[1] > STDERR_FILENO && + out_fd[0] > STDERR_FILENO && out_fd[1] > STDERR_FILENO && + err_fd[0] > STDERR_FILENO && err_fd[1] > STDERR_FILENO); pid = fork (); if (pid == -1) { diff --git a/plugins/sh/sh.c b/plugin...

...123,8 @@ static int mount_sys_fs(const char *check, const char *fsname, { struct stat st; - if (stat(check, &st) == 0) { + if (stat(check, &st) == 0) return 0; - } mkdir(fsname, 0555); @@ -220,9 +217,8 @@ int main(int argc, char *argv[]) dup2(fd, STDOUT_FILENO); dup2(fd, STDERR_FILENO); - if (fd > STDERR_FILENO) { + if (fd > STDERR_FILENO) close(fd); - } } mnt_procfs = mount_sys_fs("/proc/cmdline", "/proc", "proc") >= 0; diff --git a/usr/kinit/kinit.h b/usr/kinit/kinit.h index c2e67b7..71414b1 100644 --- a/usr/kinit/kinit.h +...

On 2/20/23 19:21, Laszlo Ersek wrote: > On 2/15/23 21:57, Eric Blake wrote: >> On Wed, Feb 15, 2023 at 03:11:36PM +0100, Laszlo Ersek wrote: >>> + >>> + xwrite (STDERR_FILENO, file, strlen (file)); >>> + xwrite (STDERR_FILENO, ":", 1); >> >> Presumably, if our first best-effort xwrite() fails to produce full >> output, all later xwrite() will hopefully hit the same error condition >> so that we aren't producing even more-m...

On 2/21/23 07:33, Laszlo Ersek wrote: > On 2/20/23 19:21, Laszlo Ersek wrote: >> On 2/15/23 21:57, Eric Blake wrote: >>> On Wed, Feb 15, 2023 at 03:11:36PM +0100, Laszlo Ersek wrote: > >>>> + >>>> + xwrite (STDERR_FILENO, file, strlen (file)); >>>> + xwrite (STDERR_FILENO, ":", 1); >>> >>> Presumably, if our first best-effort xwrite() fails to produce full >>> output, all later xwrite() will hopefully hit the same error condition >>> so that we aren't p...

...ent, but lost.? I tracked it down to the following code, in ssh.c, at ssh_session2_open: ??????? if (stdin_null_flag) { ??????????????? in = open(_PATH_DEVNULL, O_RDONLY); ??????? } else { ??????????????? in = dup(STDIN_FILENO); ??????? } ??????? out = dup(STDOUT_FILENO); ??????? err = dup(STDERR_FILENO); The remote session did close stdout.? The sshd from which it was spawned signaled to close stdout.? The ssh program received that signal and closed, well, something, but not stdout.? It closed a copy.? Importantly, it left a copy open, so my program got no EOF. Why not: ??????? if (stdin_n...

...n_std_file_descriptors (); + threadlocal_init (); /* The default setting for TLS depends on whether we were @@ -930,3 +938,18 @@ is_config_key (const char *key, size_t len) return true; } + +static void +open_std_file_descriptors (void) +{ + int fds[] = { STDIN_FILENO, STDOUT_FILENO, STDERR_FILENO }; + int i, fd, fl; + + for (i = 0; i < sizeof fds / sizeof fds[0]; ++i) { + fd = fds[i]; + fl = fcntl (fd, F_GETFL, NULL); + if (fl == -1 && errno == EBADF) + /* This is best effort - don't fail. */ + open ("/dev/null", fd == STDIN_FILENO ? O_RDONLY :...

...signed: do { null_fd = open("/dev/null", O_WRONLY); if (null_fd == -1) i_fatal("Can't open /dev/null: %m"); fd_close_on_exec(null_fd, TRUE); } while (null_fd <= STDERR_FILENO); But stderr is missing when a later dup2() is used to release any inherited values not covered by the above: if (dup2(null_fd, STDIN_FILENO) < 0 || dup2(null_fd, STDOUT_FILENO) < 0) i_fatal("dup2(null_fd) failed: %m"); Adding a dup2 for stderr...

Can someone please explain the reason on the following code (in asterisk.c, function ast_safe_system()): /* Close file descriptors and launch system command */ for (x = STDERR_FILENO + 1; x < 4096; x++) close(x); Why to close so many descriptors? Thanks in advance ?ric

...in any conceivable situation. > @@ -455,6 +467,10 @@ nbdkit_read_password (const char *value, char **password) > > if (nbdkit_parse_int ("password file descriptor", &value[1], &fd) == -1) > return -1; > + if (!nbdkit_stdio_safe () && fd < STDERR_FILENO) { I think this could be clearer written the other way around: if (fd < STDERR_FILENO && !nbdkit_stdio_safe ()) { but then thinking about this more, why isn't it this? if (fd == STDIN_FILENO && !nbdkit_stdio_safe ()) { Anyway, these are minor points, ACK. Rich....

...e a bug on the main openssh tree. Thus my posting here. I'm CC'ing to the public list for information. The part of code I'm refering to is : /* XXX might close listen socket */ (void)dup2(fd, STDIN_FILENO); (void)dup2(fd, STDOUT_FILENO); (void)dup2(fd, STDERR_FILENO); if (fd > 2) close(fd); I'm actually launching the ssh agent from a "run.exe" script launched at the start of my X server (Cygwin/X). Things used to work perfectly until my last update. Unfortunately, I don't know which version I used before :-( Someth...

https://bugzilla.mindrot.org/show_bug.cgi?id=2681 Bug ID: 2681 Summary: postauth processes to log via monitor Product: Portable OpenSSH Version: 7.4p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: sshd Assignee: unassigned-bugs at

...program reading ssh's output to see an EOF from the remote session. Good for scripting. Author: David NewallPatch-Name: scriptable-ssh.patch --- diff -u a/ssh.c b/ssh.c --- a/ssh.c +++ b/ssh.c @@ -1837,11 +1837,11 @@ } else { in = dup(STDIN_FILENO); } - out = dup(STDOUT_FILENO); - err = dup(STDERR_FILENO); + out = STDOUT_FILENO; + err = STDERR_FILENO; - if (in < 0 || out < 0 || err < 0) - fatal("dup() in/out/err failed"); + if (in < 0) + fatal("dup() in failed"); /* enable nonblocking unless tty */ if (!isatty(in)) WHAT CAN I DO TO HELP STEWARD THIS CHANGE INTO T...

Hello... In regards to http://www.freebsd.org/security/ , from what I understand the FreeBSD 4.x branch is generally winding down in favor of the 5.x/6.x branches. It would be nice to know ahead of time if 4.11 will also be an extended release, or if that would fall to 4.12. For those of running 4.8 (expiring about the same time as 4.11 is released) we would be in a better position to know

...quot;/dev/null", O_WRONLY); - - /* If not verbose, set stderr to the same as stdout as well. */ + /* By this point, stdin/out have been redirected to /dev/null. + * If not verbose, set stderr to the same as stdout as well. + */ if (!verbose) - dup2 (1, 2); + dup2 (STDOUT_FILENO, STDERR_FILENO); forked_into_background = true; debug ("forked into background (new pid = %d)", getpid ()); diff --git a/server/captive.c b/server/captive.c index 0a243d2b..1ff10192 100644 --- a/server/captive.c +++ b/server/captive.c @@ -1,5 +1,5 @@ /* nbdkit - * Copyright (C) 2019 Red Hat Inc....