[Bug 3137] New: -f keeps stdin and stderr open
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Mon Mar 16 19:53:00 AEDT 2020
https://bugzilla.mindrot.org/show_bug.cgi?id=3137
Bug ID: 3137
Summary: -f keeps stdin and stderr open
Product: Portable OpenSSH
Version: 8.2p1
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P5
Component: ssh
Assignee: unassigned-bugs at mindrot.org
Reporter: ionic at ionic.de
As a more general case of #1988, the -f flag also seems to keep stdin
and stderr open in the general case:
% ssh ionic.de -f -T 'pv -qL 1 /dev/zero'
% ls -ldh /proc/7115/fd/*
lrwx------ 1 ionic ionic 64 Mar 16 09:21 /proc/7115/fd/0 -> /dev/pts/50
l-wx------ 1 ionic ionic 64 Mar 16 09:21 /proc/7115/fd/1 -> /dev/null
lrwx------ 1 ionic ionic 64 Mar 16 09:21 /proc/7115/fd/2 -> /dev/pts/50
lrwx------ 1 ionic ionic 64 Mar 16 09:21 /proc/7115/fd/3 ->
'socket:[1405985948]'
lrwx------ 1 ionic ionic 64 Mar 16 09:21 /proc/7115/fd/5 -> /dev/pts/50
lrwx------ 1 ionic ionic 64 Mar 16 09:21 /proc/7115/fd/6 -> /dev/pts/50
I'd argue that this is unnecessary and harmful because:
- the channel will dup2() stdin and stderr anyway (see FD 5 and 6)
- backgrounding usually means that the user intends to close a
controlling terminal anyway (or doesn't even have one to begin with),
severing the pipes uni-laterally.
Additionally, this effectively lets #1988 resurface when pairing
ControlMaster, ControlPersist and the -f flag.
Using the -f flag disables the "normal" ControlPersist code path that
closes stderr and daemonizes, and instead uses the other -f code path
which does not close stderr. This makes sense to not fork twice, but
also means that the fix from #1988 is outright worked around:
% ssh ionic.de -o ControlMaster=yes -o ControlPersist=yes -o
ControlPath=/home/ionic/.sshsock -f -N -T 'pv -qL 1 /dev/zero'
% ls -ldh /proc/22122/fd/*
lrwx------ 1 ionic ionic 64 Mar 16 09:45 /proc/22122/fd/0 ->
/dev/pts/50
l-wx------ 1 ionic ionic 64 Mar 16 09:45 /proc/22122/fd/1 -> /dev/null
lrwx------ 1 ionic ionic 64 Mar 16 09:45 /proc/22122/fd/2 ->
/dev/pts/50
lrwx------ 1 ionic ionic 64 Mar 16 09:45 /proc/22122/fd/3 ->
'socket:[1406165968]'
lrwx------ 1 ionic ionic 64 Mar 16 09:45 /proc/22122/fd/4 ->
'socket:[1406168946]'
Here, no command is actually executed. We're only interested in the
control socket, but the forked/backgrounded control socket process
retains stdin and stderr.
FWIW, keeping stdin connected/open might be okay, but I don't see any
benefit in doing so.
Keeping stderr open might be useful if -v is passed/debugging turned
on, but should otherwise be closed like in the "normal" ControlPersist
case.
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list