PATCH: pidfile/sigterm race

Rob Braun bbraun at synack.net
Sat Jun 23 05:06:47 EST 2001


If one is using the pidfile as an indicator of sshd's status,
it is possible to kill sshd before the sigterm handler gets
installed, since the pidfile is written out before the signal
handlers are setup.

The solution is to simply write the pidfile after the signal
handlers are setup.  Here's the patch.

Rob

--- sshd.c.orig	Fri Jun 22 11:16:41 2001
+++ sshd.c	Fri Jun 22 11:18:32 2001
@@ -857,6 +857,19 @@
 		if (!num_listen_socks)
 			fatal("Cannot bind any address.");
 
+		if (options.protocol & SSH_PROTO_1)
+			generate_ephemeral_server_key();
+
+		/* Arrange to restart on SIGHUP.  The handler needs listen_sock. */
+		signal(SIGHUP, sighup_handler);
+
+		signal(SIGTERM, sigterm_handler);
+		signal(SIGQUIT, sigterm_handler);
+
+		/* Arrange SIGCHLD to be caught. */
+		signal(SIGCHLD, main_sigchld_handler);
+
+		/* Write out the pid file after the sigterm handler is setup */
 		if (!debug_flag) {
 			/*
 			 * Record our pid in /var/run/sshd.pid to make it
@@ -871,17 +884,6 @@
 				fclose(f);
 			}
 		}
-		if (options.protocol & SSH_PROTO_1)
-			generate_ephemeral_server_key();
-
-		/* Arrange to restart on SIGHUP.  The handler needs listen_sock. */
-		signal(SIGHUP, sighup_handler);
-
-		signal(SIGTERM, sigterm_handler);
-		signal(SIGQUIT, sigterm_handler);
-
-		/* Arrange SIGCHLD to be caught. */
-		signal(SIGCHLD, main_sigchld_handler);
 
 		/* setup fd set for listen */
 		fdset = NULL;



More information about the openssh-unix-dev mailing list