[openssh-commits] [openssh] 04/08: upstream: Clear signal mask early in main(); sshd may have been

git+noreply at mindrot.org git+noreply at mindrot.org
Tue Jan 3 17:53:43 AEDT 2023

This is an automated email from the git hooks/post-receive script.

dtucker pushed a commit to branch master
in repository openssh.

commit 93f2ce8c050a7a2a628646c00b40b9b53fef93ef
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Fri Dec 16 06:56:47 2022 +0000

    upstream: Clear signal mask early in main(); sshd may have been
    started with one or more signals masked (sigprocmask(2) is not cleared
    on fork/exec) and this could interfere with various things, e.g. the
    login grace timer.
    Execution environments that fail to clear the signal mask before running
    sshd are clearly broken, but apparently they do exist.
    Reported by Sreedhar Balasubramanian; ok dtucker@
    OpenBSD-Commit-ID: 77078c0b1c53c780269fc0c416f121d05e3010ae
 sshd.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/sshd.c b/sshd.c
index 6bb3a962..72525525 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.593 2022/12/04 23:50:49 cheloha Exp $ */
+/* $OpenBSD: sshd.c,v 1.594 2022/12/16 06:56:47 djm Exp $ */
  * Author: Tatu Ylonen <ylo at cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -1546,12 +1546,16 @@ main(int ac, char **av)
 	int keytype;
 	Authctxt *authctxt;
 	struct connection_info *connection_info = NULL;
+	sigset_t sigmask;
 	(void)set_auth_parameters(ac, av);
 	__progname = ssh_get_progname(av[0]);
+	sigemptyset(&sigmask);
+	sigprocmask(SIG_SETMASK, &sigmask, NULL);
 	/* Save argv. Duplicate so setproctitle emulation doesn't clobber it */
 	saved_argc = ac;
 	rexec_argc = ac;

To stop receiving notification emails like this one, please contact
djm at mindrot.org.

More information about the openssh-commits mailing list