diff options
author | Colin Watson <cjwatson@debian.org> | 2009-01-13 20:18:14 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2009-01-13 20:18:14 +0000 |
commit | 78a89e637c337e240678de3d1c0f1486b3affb93 (patch) | |
tree | b4b030fa792cc32b5cceae77fb99d98bdb6882b6 | |
parent | 92863e5802abcf84a0c778e2cfd52def42d19f89 (diff) |
Check that /var/run/sshd.pid exists and that the process ID listed there
corresponds to sshd before running '/etc/init.d/ssh reload' from if-up
script; SIGHUP is racy if called at boot before sshd has a chance to
install its signal handler, but fortunately the pid file is written
after that which lets us avoid the race (closes: #502444).
-rw-r--r-- | debian/changelog | 5 | ||||
-rw-r--r-- | debian/control | 2 | ||||
-rw-r--r-- | debian/openssh-server.if-up | 5 |
3 files changed, 11 insertions, 1 deletions
diff --git a/debian/changelog b/debian/changelog index 049d0740b..a58cca063 100644 --- a/debian/changelog +++ b/debian/changelog | |||
@@ -3,6 +3,11 @@ openssh (1:5.1p1-5) UNRELEASED; urgency=low | |||
3 | * Backport from upstream CVS (Markus Friedl): | 3 | * Backport from upstream CVS (Markus Friedl): |
4 | - packet_disconnect() on padding error, too. Should reduce the success | 4 | - packet_disconnect() on padding error, too. Should reduce the success |
5 | probability for the CPNI-957037 Plaintext Recovery Attack to 2^-18. | 5 | probability for the CPNI-957037 Plaintext Recovery Attack to 2^-18. |
6 | * Check that /var/run/sshd.pid exists and that the process ID listed there | ||
7 | corresponds to sshd before running '/etc/init.d/ssh reload' from if-up | ||
8 | script; SIGHUP is racy if called at boot before sshd has a chance to | ||
9 | install its signal handler, but fortunately the pid file is written | ||
10 | after that which lets us avoid the race (closes: #502444). | ||
6 | 11 | ||
7 | -- Colin Watson <cjwatson@debian.org> Mon, 01 Dec 2008 16:13:14 +0000 | 12 | -- Colin Watson <cjwatson@debian.org> Mon, 01 Dec 2008 16:13:14 +0000 |
8 | 13 | ||
diff --git a/debian/control b/debian/control index 27b27e756..d87025778 100644 --- a/debian/control +++ b/debian/control | |||
@@ -37,7 +37,7 @@ Description: secure shell client, an rlogin/rsh/rcp replacement | |||
37 | Package: openssh-server | 37 | Package: openssh-server |
38 | Priority: optional | 38 | Priority: optional |
39 | Architecture: any | 39 | Architecture: any |
40 | Depends: ${shlibs:Depends}, debconf (>= 1.2.0) | debconf-2.0, libpam-runtime (>= 0.76-14), libpam-modules (>= 0.72-9), adduser (>= 3.9), dpkg (>= 1.9.0), openssh-client (= ${binary:Version}), lsb-base (>= 3.2-13), libssl0.9.8 (>= 0.9.8g-9), openssh-blacklist | 40 | Depends: ${shlibs:Depends}, debconf (>= 1.2.0) | debconf-2.0, libpam-runtime (>= 0.76-14), libpam-modules (>= 0.72-9), adduser (>= 3.9), dpkg (>= 1.9.0), openssh-client (= ${binary:Version}), lsb-base (>= 3.2-13), libssl0.9.8 (>= 0.9.8g-9), openssh-blacklist, procps |
41 | Recommends: xauth, openssh-blacklist-extra | 41 | Recommends: xauth, openssh-blacklist-extra |
42 | Conflicts: ssh (<< 1:3.8.1p1-9), ssh-nonfree (<<2), ssh-socks, ssh2, sftp, rsh-client (<<0.16.1-1), ssh-krb5 (<< 1:4.3p2-7) | 42 | Conflicts: ssh (<< 1:3.8.1p1-9), ssh-nonfree (<<2), ssh-socks, ssh2, sftp, rsh-client (<<0.16.1-1), ssh-krb5 (<< 1:4.3p2-7) |
43 | Replaces: ssh, openssh-client (<< 1:3.8.1p1-11), ssh-krb5 | 43 | Replaces: ssh, openssh-client (<< 1:3.8.1p1-11), ssh-krb5 |
diff --git a/debian/openssh-server.if-up b/debian/openssh-server.if-up index c44a4d257..9b2140352 100644 --- a/debian/openssh-server.if-up +++ b/debian/openssh-server.if-up | |||
@@ -25,6 +25,11 @@ if [ ! -e /usr/sbin/sshd ]; then | |||
25 | exit 0 | 25 | exit 0 |
26 | fi | 26 | fi |
27 | 27 | ||
28 | if [ ! -f /var/run/sshd.pid ] || \ | ||
29 | [ "$(ps -p "$(cat /var/run/sshd.pid)" -o comm=)" = sshd ]; then | ||
30 | exit 0 | ||
31 | fi | ||
32 | |||
28 | /etc/init.d/ssh reload >/dev/null 2>&1 || true | 33 | /etc/init.d/ssh reload >/dev/null 2>&1 || true |
29 | 34 | ||
30 | exit 0 | 35 | exit 0 |