- djm@cvs.openbsd.org 2010/08/12 21:49:44

[ssh.c] close any extra file descriptors inherited from parent at start and reopen stdin/stdout to /dev/null when forking for ControlPersist. prevents tools that fork and run a captive ssh for communication from failing to exit when the ssh completes while they wait for these fds to close. The inherited fds may persist arbitrarily long if a background mux master has been started by ControlPersist. cvs and scp were effected by this. "please commit" markus@
author: Damien Miller <djm@mindrot.org> 2010-08-17 01:59:31 +1000
committer: Damien Miller <djm@mindrot.org> 2010-08-17 01:59:31 +1000
commit: 00d9ae26db2a8176f8ff511c207fa0bc7fadd562 (patch)
tree: a47c806a16673f2fd2c735a750bb7cf9b9343a58
parent: aa74f6754aa3696cf15abb3f27b00a7274e062dd (diff)
2 files changed, 31 insertions, 1 deletions
diff --git a/ChangeLog b/ChangeLog
index 2de42c4b5..f9496530c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -3,6 +3,19 @@
   openbsd-compat/openbsd-compat.h openbsd-compat/strptime.c] Add strptime to
   the compat library which helps on platforms like old IRIX.  Based on work
   by djm, tested by Tom Christensen.
+ - OpenBSD CVS Sync
+   - djm@cvs.openbsd.org 2010/08/12 21:49:44
+     [ssh.c]
+     close any extra file descriptors inherited from parent at start and
+     reopen stdin/stdout to /dev/null when forking for ControlPersist.
+     
+     prevents tools that fork and run a captive ssh for communication from
+     failing to exit when the ssh completes while they wait for these fds to
+     close. The inherited fds may persist arbitrarily long if a background
+     mux master has been started by ControlPersist. cvs and scp were effected
+     by this.
+     
+     "please commit" markus@
 20100812
 - (tim) [regress/login-timeout.sh regress/reconfigure.sh regress/reexec.sh
diff --git a/ssh.c b/ssh.c
index ab37c205d..4419f7642 100644
--- a/ssh.c
+++ b/ssh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.c,v 1.345 2010/08/04 05:42:47 djm Exp $ */
+/* $OpenBSD: ssh.c,v 1.346 2010/08/12 21:49:44 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -238,6 +238,12 @@ main(int ac, char **av)
        init_rng();
        /*
+         * Discard other fds that are hanging around. These can cause problem
+         * with backgrounded ssh processes started by ControlPersist.
+         */
+        closefrom(STDERR_FILENO + 1);
+        /*
         * Save the original real uid.  It will be needed later (uid-swapping
         * may clobber the real uid).
         */
@@ -898,6 +904,7 @@ static void
 control_persist_detach(void)
 {
        pid_t pid;
+        int devnull;
        debug("%s: backgrounding master process", __func__);
@@ -924,6 +931,16 @@ control_persist_detach(void)
                /* muxclient() doesn't return on success. */
                fatal("Failed to connect to new control master");
        }
+        if ((devnull = open(_PATH_DEVNULL, O_RDWR)) == -1) {
+                error("%s: open(\"/dev/null\"): %s", __func__,
+                    strerror(errno));
+        } else {
+                if (dup2(devnull, STDIN_FILENO) == -1 ||
+                    dup2(devnull, STDOUT_FILENO) == -1)
+                        error("%s: dup2: %s", __func__, strerror(errno));
+                if (devnull > STDERR_FILENO)
+                        close(devnull);
+        }
 }
 /* Do fork() after authentication. Used by "ssh -f" */
author	Damien Miller <djm@mindrot.org>	2010-08-17 01:59:31 +1000
committer	Damien Miller <djm@mindrot.org>	2010-08-17 01:59:31 +1000
commit	00d9ae26db2a8176f8ff511c207fa0bc7fadd562 (patch)
tree	a47c806a16673f2fd2c735a750bb7cf9b9343a58
parent	aa74f6754aa3696cf15abb3f27b00a7274e062dd (diff)

diff --git a/ChangeLog b/ChangeLog index 2de42c4b5..f9496530c 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -3,6 +3,19 @@
3	openbsd-compat/openbsd-compat.h openbsd-compat/strptime.c] Add strptime to	3	openbsd-compat/openbsd-compat.h openbsd-compat/strptime.c] Add strptime to
4	the compat library which helps on platforms like old IRIX. Based on work	4	the compat library which helps on platforms like old IRIX. Based on work
5	by djm, tested by Tom Christensen.	5	by djm, tested by Tom Christensen.
		6	- OpenBSD CVS Sync
		7	- djm@cvs.openbsd.org 2010/08/12 21:49:44
		8	[ssh.c]
		9	close any extra file descriptors inherited from parent at start and
		10	reopen stdin/stdout to /dev/null when forking for ControlPersist.
		11
		12	prevents tools that fork and run a captive ssh for communication from
		13	failing to exit when the ssh completes while they wait for these fds to
		14	close. The inherited fds may persist arbitrarily long if a background
		15	mux master has been started by ControlPersist. cvs and scp were effected
		16	by this.
		17
		18	"please commit" markus@
6		19
7	20100812	20	20100812
8	- (tim) [regress/login-timeout.sh regress/reconfigure.sh regress/reexec.sh	21	- (tim) [regress/login-timeout.sh regress/reconfigure.sh regress/reexec.sh


diff --git a/ssh.c b/ssh.c index ab37c205d..4419f7642 100644 --- a/ssh.c +++ b/ssh.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssh.c,v 1.345 2010/08/04 05:42:47 djm Exp $ */	1	/* $OpenBSD: ssh.c,v 1.346 2010/08/12 21:49:44 djm Exp $ */
2	/*	2	/*
3	* Author: Tatu Ylonen <ylo@cs.hut.fi>	3	* Author: Tatu Ylonen <ylo@cs.hut.fi>
4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	4	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -238,6 +238,12 @@ main(int ac, char **av)
238	init_rng();	238	init_rng();
239		239
240	/*	240	/*
		241	* Discard other fds that are hanging around. These can cause problem
		242	* with backgrounded ssh processes started by ControlPersist.
		243	*/
		244	closefrom(STDERR_FILENO + 1);
		245
		246	/*
241	* Save the original real uid. It will be needed later (uid-swapping	247	* Save the original real uid. It will be needed later (uid-swapping
242	* may clobber the real uid).	248	* may clobber the real uid).
243	*/	249	*/
@@ -898,6 +904,7 @@ static void
898	control_persist_detach(void)	904	control_persist_detach(void)
899	{	905	{
900	pid_t pid;	906	pid_t pid;
		907	int devnull;
901		908
902	debug("%s: backgrounding master process", __func__);	909	debug("%s: backgrounding master process", __func__);
903		910
@@ -924,6 +931,16 @@ control_persist_detach(void)
924	/* muxclient() doesn't return on success. */	931	/* muxclient() doesn't return on success. */
925	fatal("Failed to connect to new control master");	932	fatal("Failed to connect to new control master");
926	}	933	}
		934	if ((devnull = open(_PATH_DEVNULL, O_RDWR)) == -1) {
		935	error("%s: open(\"/dev/null\"): %s", __func__,
		936	strerror(errno));
		937	} else {
		938	if (dup2(devnull, STDIN_FILENO) == -1 \|\|
		939	dup2(devnull, STDOUT_FILENO) == -1)
		940	error("%s: dup2: %s", __func__, strerror(errno));
		941	if (devnull > STDERR_FILENO)
		942	close(devnull);
		943	}
927	}	944	}
928		945
929	/* Do fork() after authentication. Used by "ssh -f" */	946	/* Do fork() after authentication. Used by "ssh -f" */