Critical EGD handling in 2.1.1p1
Lutz Jaenicke
Lutz.Jaenicke at aet.TU-Cottbus.DE
Wed Jun 21 20:03:46 EST 2000
On Wed, Jun 21, 2000 at 09:07:18AM +1000, Damien Miller wrote:
> On Tue, 20 Jun 2000, Lutz Jaenicke wrote:
>
> > Hi,
> >
> > when running OpenSSH with EGD as entropy source, the sshd server connects
> > to the EGD socket and leaves it open to re-seed on the fly.
> > Unfortunately the connection is not checked when re-seeding, so that
> > a failure or restart of EGD will lead to a "fatal()" abort of the sshd
> > server process.
> >
> > Since a dying server process can not be accepted, I would recommend to
> > not have sshd call it "fatal()" if EGD cannot be queried and there is
> > already enough seed available.
>
> Thanks for the report. How does the attached patch look?
Hmm,
I am not completely happy with it. If it finds, that the EGD connection
has been dropped, it tries to reconnect, that is a good one, but:
- If EGD is down at this point for any reason whatsoever, the sshd server
will die, even though enough entropy might have been collected over time.
* This is especially bad, as without EGD you cannot even fire off an
"emergency" sshd on another port from inetd. Hence you cannot recover
this problem from remote (without using the root password over telnet).
Hence, I have "reworked" your patch a bit :-)
Best regards,
Lutz
PS. I have sshd dying very often by now, it just services the first request
and once the connection is closed, the server process dies, too....
[No time to look into it now.]
Where in hell are the "fatal()" and "error()" messages logged on HP-UX 10.20??
--
Lutz Jaenicke Lutz.Jaenicke at aet.TU-Cottbus.DE
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
More information about the openssh-unix-dev
mailing list