[Bug 1976] New: sshd leaks stderr fd when run as 'sshd -D'

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Tue Feb 7 03:31:22 EST 2012


https://bugzilla.mindrot.org/show_bug.cgi?id=1976

             Bug #: 1976
           Summary: sshd leaks stderr fd when run as 'sshd -D'
    Classification: Unclassified
           Product: Portable OpenSSH
           Version: 5.9p1
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: sshd
        AssignedTo: unassigned-bugs at mindrot.org
        ReportedBy: james.hunt at ubuntu.com


When run as 'sshd -D', the server calls server_accept_inetd(). This
function sets stdin and stdout to /dev/null, but crucially does _not_
set stderr.

As such, this fd is leaked from a privileged process (either the parent
sshd or the priv-separation process for the user (for example "sshd:
james [priv]")) to a non-priv process (for example "sshd:
james at pts/0").

I suspect the rationale for leaving stderr as-is is to allow for
debug-mode (where the user specifies '-d') such that debug information
is written to stderr. However, if sshd is run exactly as 'sshd -D', no
'-d' has been specified, so the user does not want debug output. Thus,
even though the process does not daemonize, it should still dup stderr
to /dev/null.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list