[openssh-commits] [openssh] branch master updated (ea13fc83 -> b3069866)

git+noreply at mindrot.org git+noreply at mindrot.org
Fri Feb 11 21:09:05 AEDT 2022

This is an automated email from the git hooks/post-receive script.

dtucker pushed a change to branch master
in repository openssh.

      from  ea13fc83  Stop testing OpenBSD HEAD on 6.9 and 7.0.
       new  cd00b48c  Simplify handling of --with-ssl-dir.
       new  b3069866  Move SSHD_ACQUIRES_CTTY workaround into compat.

The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.

Detailed log of new commits:

commit b30698662b862f5397116d23688aac0764e0886e
Author: Darren Tucker <dtucker at dtucker.net>
Date:   Fri Feb 11 21:00:35 2022 +1100

    Move SSHD_ACQUIRES_CTTY workaround into compat.
    On some (most? all?) SysV based systems with STREAMS based ptys,
    sshd could acquire a controlling terminal during pty setup when
    it pushed the "ptem" module, due to what is probably a bug in
    the STREAMS driver that's old enough to vote.  Because it was the
    privileged sshd's controlling terminal, it was not available for
    the user's session, which ended up without one.  This is known to
    affect at least Solaris <=10, derivatives such as OpenIndiana and
    several other SysV systems.  See bz#245 for the backstory.
    In the we past worked around that by not calling setsid in the
    privileged sshd child, which meant it was not a session or process
    group leader.  This solved controlling terminal problem because sshd
    was not eligble to acquire one, but had other side effects such as
    not cleaning up helper subprocesses in the SIGALRM handler since it
    was not PG leader.  Recent cleanups in the signal handler uncovered
    this, resulting in the LoginGraceTime timer not cleaning up privsep
    unprivileged processes.
    This change moves the workaround into the STREAMS pty allocation code,
    by allocating a sacrificial pty to act as sshd's controlling terminal
    before allocating user ptys, so those are still available for users'
    On the down side:
     - this will waste a pty per ssh connection on affected platforms.
    On the up side:
     - it makes the process group behaviour consistent between platforms.
     - it puts the workaround nearest the code that actually causes the
       problem and competely out of the mainline code.
     - the workaround is only activated if you use the STREAMS code.  If,
       say, Solaris 11 has the bug but also a working openpty() it doesn't
       matter that we defined SSHD_ACQUIRES_CTTY.
     - the workaround is only activated when the fist pty is allocated,
       ie in the post-auth privsep monitor.  This means there's no risk
       of fd leaks to the unprivileged processes, and there's no effect on
       sessions that do not allocate a pty.
    Based on analysis and work by djm@, ok djm@

commit cd00b48cf10f3565936a418c1e6d7e48b5c36140
Author: Darren Tucker <dtucker at dtucker.net>
Date:   Fri Feb 11 20:09:32 2022 +1100

    Simplify handling of --with-ssl-dir.
    ok djm@

Summary of changes:
 configure.ac                 | 24 ++++++----------
 openbsd-compat/bsd-openpty.c | 67 +++++++++++++++++++++++++++++++-------------
 sshd.c                       |  7 -----
 3 files changed, 56 insertions(+), 42 deletions(-)

To stop receiving notification emails like this one, please contact
djm at mindrot.org.

More information about the openssh-commits mailing list