diff options
author | Damien Miller <djm@mindrot.org> | 2010-08-17 01:59:31 +1000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2010-08-17 01:59:31 +1000 |
commit | 00d9ae26db2a8176f8ff511c207fa0bc7fadd562 (patch) | |
tree | a47c806a16673f2fd2c735a750bb7cf9b9343a58 | |
parent | aa74f6754aa3696cf15abb3f27b00a7274e062dd (diff) |
- djm@cvs.openbsd.org 2010/08/12 21:49:44
[ssh.c]
close any extra file descriptors inherited from parent at start and
reopen stdin/stdout to /dev/null when forking for ControlPersist.
prevents tools that fork and run a captive ssh for communication from
failing to exit when the ssh completes while they wait for these fds to
close. The inherited fds may persist arbitrarily long if a background
mux master has been started by ControlPersist. cvs and scp were effected
by this.
"please commit" markus@
-rw-r--r-- | ChangeLog | 13 | ||||
-rw-r--r-- | ssh.c | 19 |
2 files changed, 31 insertions, 1 deletions
@@ -3,6 +3,19 @@ | |||
3 | openbsd-compat/openbsd-compat.h openbsd-compat/strptime.c] Add strptime to | 3 | openbsd-compat/openbsd-compat.h openbsd-compat/strptime.c] Add strptime to |
4 | the compat library which helps on platforms like old IRIX. Based on work | 4 | the compat library which helps on platforms like old IRIX. Based on work |
5 | by djm, tested by Tom Christensen. | 5 | by djm, tested by Tom Christensen. |
6 | - OpenBSD CVS Sync | ||
7 | - djm@cvs.openbsd.org 2010/08/12 21:49:44 | ||
8 | [ssh.c] | ||
9 | close any extra file descriptors inherited from parent at start and | ||
10 | reopen stdin/stdout to /dev/null when forking for ControlPersist. | ||
11 | |||
12 | prevents tools that fork and run a captive ssh for communication from | ||
13 | failing to exit when the ssh completes while they wait for these fds to | ||
14 | close. The inherited fds may persist arbitrarily long if a background | ||
15 | mux master has been started by ControlPersist. cvs and scp were effected | ||
16 | by this. | ||
17 | |||
18 | "please commit" markus@ | ||
6 | 19 | ||
7 | 20100812 | 20 | 20100812 |
8 | - (tim) [regress/login-timeout.sh regress/reconfigure.sh regress/reexec.sh | 21 | - (tim) [regress/login-timeout.sh regress/reconfigure.sh regress/reexec.sh |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh.c,v 1.345 2010/08/04 05:42:47 djm Exp $ */ | 1 | /* $OpenBSD: ssh.c,v 1.346 2010/08/12 21:49:44 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -238,6 +238,12 @@ main(int ac, char **av) | |||
238 | init_rng(); | 238 | init_rng(); |
239 | 239 | ||
240 | /* | 240 | /* |
241 | * Discard other fds that are hanging around. These can cause problem | ||
242 | * with backgrounded ssh processes started by ControlPersist. | ||
243 | */ | ||
244 | closefrom(STDERR_FILENO + 1); | ||
245 | |||
246 | /* | ||
241 | * Save the original real uid. It will be needed later (uid-swapping | 247 | * Save the original real uid. It will be needed later (uid-swapping |
242 | * may clobber the real uid). | 248 | * may clobber the real uid). |
243 | */ | 249 | */ |
@@ -898,6 +904,7 @@ static void | |||
898 | control_persist_detach(void) | 904 | control_persist_detach(void) |
899 | { | 905 | { |
900 | pid_t pid; | 906 | pid_t pid; |
907 | int devnull; | ||
901 | 908 | ||
902 | debug("%s: backgrounding master process", __func__); | 909 | debug("%s: backgrounding master process", __func__); |
903 | 910 | ||
@@ -924,6 +931,16 @@ control_persist_detach(void) | |||
924 | /* muxclient() doesn't return on success. */ | 931 | /* muxclient() doesn't return on success. */ |
925 | fatal("Failed to connect to new control master"); | 932 | fatal("Failed to connect to new control master"); |
926 | } | 933 | } |
934 | if ((devnull = open(_PATH_DEVNULL, O_RDWR)) == -1) { | ||
935 | error("%s: open(\"/dev/null\"): %s", __func__, | ||
936 | strerror(errno)); | ||
937 | } else { | ||
938 | if (dup2(devnull, STDIN_FILENO) == -1 || | ||
939 | dup2(devnull, STDOUT_FILENO) == -1) | ||
940 | error("%s: dup2: %s", __func__, strerror(errno)); | ||
941 | if (devnull > STDERR_FILENO) | ||
942 | close(devnull); | ||
943 | } | ||
927 | } | 944 | } |
928 | 945 | ||
929 | /* Do fork() after authentication. Used by "ssh -f" */ | 946 | /* Do fork() after authentication. Used by "ssh -f" */ |