[Bug 3690] New: sshd: root [priv] process sleeping leads to unprivileged child proc zombie

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Mon May 13 00:19:08 AEST 2024


https://bugzilla.mindrot.org/show_bug.cgi?id=3690

            Bug ID: 3690
           Summary: sshd: root [priv] process sleeping leads to
                    unprivileged child proc zombie
           Product: Portable OpenSSH
           Version: -current
          Hardware: All
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P5
         Component: sshd
          Assignee: unassigned-bugs at mindrot.org
          Reporter: 546554688 at qq.com

Created attachment 3814
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3814&action=edit
deadlock process call stack

In the `sshd.c` file, the `grace_alarm_handler()` signal handling
function calls `sigdie()`, which in turn calls `sshsigdie()`, and
within this call, functions such as `shlogv()`, `do_log()`,
`{openlog(), syslog(), closelog()}` are invoked. Similarly, within the
main thread, the `privsep_preauth()` function calls
`monitor_child_preauth()`, which then calls `auth_log()`, and this also
results in calls to `{openlog(), syslog(), closelog()}`.

Since these functions are not async-signal-safe and they utilize a
global lock named `syslog_lock`, this can lead to a recursive deadlock
(AA lock). As a result, the pre-authentication process may end up in a
zombie state and fail to exit.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list