diff options
Diffstat (limited to 'TODO')
| -rw-r--r-- | TODO | 38 |
1 files changed, 34 insertions, 4 deletions
| @@ -18,7 +18,7 @@ Programming: | |||
| 18 | - Handle changing passwords for the non-PAM expired password case | 18 | - Handle changing passwords for the non-PAM expired password case |
| 19 | 19 | ||
| 20 | - Improve PAM support (a pam_lastlog module will cause sshd to exit) | 20 | - Improve PAM support (a pam_lastlog module will cause sshd to exit) |
| 21 | and maybe support alternate forms of authenications like OPIE via | 21 | and maybe support alternate forms of authentications like OPIE via |
| 22 | pam? | 22 | pam? |
| 23 | 23 | ||
| 24 | - Rework PAM ChallengeResponseAuthentication | 24 | - Rework PAM ChallengeResponseAuthentication |
| @@ -42,8 +42,38 @@ Programming: | |||
| 42 | solutions break scp or leaves processes hanging around after the ssh | 42 | solutions break scp or leaves processes hanging around after the ssh |
| 43 | connection has ended. It seems to be linked to two things. One | 43 | connection has ended. It seems to be linked to two things. One |
| 44 | select() under Linux is not as nice as others, and two the children | 44 | select() under Linux is not as nice as others, and two the children |
| 45 | of the shell are not killed on exiting the shell. Redhat have an excellent | 45 | of the shell are not killed on exiting the shell. |
| 46 | description of this in their RPM package. | 46 | A short run-down of what happens: |
| 47 | - The shell starts up, and starts its own session. As a side-effect, it | ||
| 48 | gets its own process group. | ||
| 49 | - The child forks off sleep, and because it's in the background, puts it | ||
| 50 | into its own process group. The sleep command inherits a copy of the | ||
| 51 | shell's descriptor for the tty as its stdout. | ||
| 52 | - The shell exits, but doesn't SIGHUP all of its child PIDs like it probably | ||
| 53 | should(?) | ||
| 54 | - The sshd server attempts to read from the master side of the pty, and | ||
| 55 | while there are still process with the pty open, no EOF is produced. | ||
| 56 | - The sleep command exits, closes its descriptor, sshd detects the EOF, and | ||
| 57 | the connection gets closed. | ||
| 58 | Ways we've tried fixing this in sshd, and why they didn't work out: | ||
| 59 | - SIGHUP the sshd's process group. | ||
| 60 | - The shell is in its own process group. | ||
| 61 | - Track process group IDs of all children before we reap them (via an extra | ||
| 62 | field in Session structures which holds the pgid for each child pid), and | ||
| 63 | SIGHUP the pgid when we reap. | ||
| 64 | - Background commands are in yet another process group. | ||
| 65 | - Close the connection when the child dies. | ||
| 66 | - Background commands may need to write data to the connection. Also | ||
| 67 | prematurely truncates output from some commands (scp server, the | ||
| 68 | famous "dd if=/dev/zero bs=1000 count=100" case). | ||
| 69 | Known workarounds: | ||
| 70 | - bash: shopt huponexit on | ||
| 71 | - tcsh: none | ||
| 72 | - zsh: setopt HUP (usually the default setting) | ||
| 73 | (taken from email from Jason Stone to openssh-unix-dev, 5 May 2001) | ||
| 74 | - pdksh: ? | ||
| 75 | This appears to affect NetKit rsh under Linux as well: it behaves the same | ||
| 76 | with 'sleep 20 & exit'. | ||
| 47 | 77 | ||
| 48 | - Build an automated test suite | 78 | - Build an automated test suite |
| 49 | 79 | ||
| @@ -103,4 +133,4 @@ PrivSep Issues: | |||
| 103 | - Cygwin | 133 | - Cygwin |
| 104 | + Privsep for Pre-auth only (no fd passing) | 134 | + Privsep for Pre-auth only (no fd passing) |
| 105 | 135 | ||
| 106 | $Id: TODO,v 1.50 2002/06/25 17:12:27 mouring Exp $ | 136 | $Id: TODO,v 1.51 2002/09/05 06:32:03 djm Exp $ |