issue with EGD in openssh

[Lutz Jaenicke]

On Wed, Feb 14, 2001 at 10:33:13AM +0100, Lutz Jaenicke wrote:
> On Tue, Feb 13, 2001 at 04:16:43PM -0700, Todd C. Miller wrote:
> > Yes, I was surprised too.   I have not seen this happen on HP-UX either.
> > However, this is still something openssh needs to deal with as it should
> > be possible to restart the entropy daemon w/o having sshd die.
> 
> I agree. I had this problem quite some time ago with older versions of
> OpenSSH which kept the connection to EGD open all the time and were not
> prepared to deal with EGD-restarts.
> ...
> 20000626
> ...
>  - (djm) Make EGD failures non-fatal if OpenSSL's entropy pool is still OK
>    based on patch from Lutz Jaenicke <Lutz.Jaenicke at aet.TU-Cottbus.DE>
>  - (djm) Fix fixed EGD code.
> ...
> Based on what you write here, more work must be done to make sure that
> EGD failure must not lead to sshd failures.
> EGD or PRNGD can be shut down and restarted in a not synchronized way at
> any time, so that SSHD failure must be prevented.

Update: I have made some changes to I/O handling (EINTR, EAGAIN..)in
PRNGD and sent them to Todd Miller. He is now testing the changes
and I hope it will help (second attempt now since I shot myself into
the foot during the first attempt).

Independant of that I would propose to change the EGD query code to
protect against SIGPIPE by wrapping it with:

struct sigaction sa, osa;

memset(&sa, 0, sizeof(sa));
sa.sa_handler = SIG_IGN;
sigaction(SIGPIPE, &sa, &osa);
...
sigaction(SIGPIPE, &osa, NULL);

I would write a patch, but I don't know what signal handling to use.
There was a discussion about using sigaction() but I did not follow
close enough..

Best regards,
	Lutz
-- 
Lutz Jaenicke                             Lutz.Jaenicke at aet.TU-Cottbus.DE
BTU Cottbus               http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik                  Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus              Fax. +49 355 69-4153