sshd fails to close open file descriptors when forking

Ed Phillips ed at UDel.Edu
Tue Oct 23 05:47:21 EST 2001


On Mon, 22 Oct 2001, Nicolas Williams wrote:

> Date: Mon, 22 Oct 2001 15:30:43 -0400
> From: Nicolas Williams <Nicolas.Williams at ubsw.com>
> To: Ed Phillips <ed at UDel.Edu>
> Cc: Lutz Jaenicke <Lutz.Jaenicke at aet.TU-Cottbus.DE>,
>      openssh-unix-dev at mindrot.org
> Subject: Re: sshd fails to close open file descriptors when forking
>
> This is the SIGCHLD race condition that's been hashed to death already.

Okay... so what is the status of hang-on-exit-SIGCHLD-race-condition?  Is
it fixed in 2.9.9p2?  Noone has given me a "clear" answer on this ("I
think that might be fixed in 2.9.9p2" is not exactly a clear answer in my
book).

I've tried 2.9.9p2 and it doesn't seem to hang for a normal interactive
shell (yet - but then 2.9p2 didn't _usually_ hang when exiting an
interactive shell except occasionally).  However, I can't test something
like:

ssh -n sys1 xterm

... because sshd 2.9.9p2 crashes in the PAM code.

Sorry to "hash this to death", but we still don't have a solution here
that works reliably in our very simple environment.  I just want some
version 2.X that works reliably (no abandoned ssh processes left lying
around), doesn't have glaring security holes (are there any 2.X version to
watch out for?), and will work with PAM and TCP Wrappers on Solaris 2.6
thru Solaris 9.  Also, it'd be nice if it was compatible with later
versions that are already released or are currently being worked.  For
example, I heard some mention on this list about putting the stuff from
"authorized_keys2" or "known_hosts2" or one of the v2-named files being
put into the v1-named file... each one of these little "changes" makes
potential problems here for thousands of users on our campus.

Thanks,

	Ed

Ed Phillips <ed at udel.edu> University of Delaware (302) 831-6082
Systems Programmer III, Network and Systems Services
finger -l ed at polycut.nss.udel.edu for PGP public key




More information about the openssh-unix-dev mailing list