sshd and file descriptors
Andreas Hasenack
andreas at conectiva.com.br
Thu Jun 27 23:49:31 EST 2002
Em Thu, Jun 27, 2002 at 12:10:57AM -0500, Phil Howard escreveu:
> On Wed, Jun 26, 2002 at 07:06:13PM -0300, Andreas Hasenack wrote:
>
> | I have an openssh RPM package that restarts the sshd server during
> | an upgrade if the daemon is already running. So far, so good, restart
> | works.
>
> What happens if you were connected via ssh when it restarts?
Only the parent sshd process is restarted, current connections are left
untouched. I can safely do this remotely.
> | Shouldn't a daemon close all fds before going into "daemon land"? What exactly is broken here?
>
> Should a package manager be restarting a daemon?
If it is already running, yes, that's a plus, many users forget to restart
their services after an upgrade and are left vulnerable (if it's a
security upgrade, for example).
> Maybe the package manager should use close-on-exec on all the
> descriptors that aren't to be passed on to the daemon, while it
> still knows what descriptors are open instead of imposing on the
> next program to do thousands of close() calls.
Yeah, I think so too, it's easier and safer, no risk of closing something
that it shouldn't. But remember the hang-on-exit discussions? We
all said that the daemons should be fixed and close its descriptors
before daemonizing. But maybe folks were just talking about 0, 1 and
2.
Anyway, I'll get rpm maintainers into this. Worst that can happen is
jeff tell me to go to .... :)
More information about the openssh-unix-dev
mailing list