[PATCH] bug in check_parent_exists() in ssh-agent.c
Alan Barrett
apb at cequrux.com
Thu Apr 13 06:56:24 EST 2006
The check_parent_exists() function in ssh-agent.c does this:
if (parent_pid != -1 && kill(parent_pid, 0) < 0)
however, the kill can fail with EPERM even if the parent_pid
exists. For example, consider this command:
ssh-agent sh -c 'ssh-add ; exec sudo sh -i'
The original ssh-agent process sets things up so that the "sh -c '...'"
process is the parent of a child ssh-agent process; then the "sh -c
'...' process execs sudo (which is setuid root), and sudo execs "sh -i"
(which is now running as root); so now the "sh -i" process (running as
root) is the parent of the "ssh-agent" process (running as the original
user). When the ssh-agent child process calls check_parent_exists()
after 10 seconds, the kill will fail with EPERM, and the ssh-agent
process will exit. The obvious symptom is that "ssh-add -l" executed
in the child shell works if you are quick enough, but doesn't work 10
seconds later.
Two potential fixes come to mind:
A: if (parent_pid != -1 && kill(parent_pid, 0) < 0 && errno == ESRCH)
B: if (parent_pid != -1 && getppid() != parent_pid)
Fix A assumes that errno == ESRCH means that the process really doesn't
exist, and that other errno values mean other things. This assumption
would fail in a unix-like OS that, for security reasons, decides not to
let processes learn anything about the existence of processes owned by
other users.
Fix B assumes that, when your parent exits, you get re-parented to pid 1
and the result from getppid() changes. I have tested this and it works
for me. I append a patch.
--apb (Alan Barrett)
Index: ssh-agent.c
--- ssh-agent.c
+++ ssh-agent.c
@@ -964,7 +964,13 @@
{
int save_errno = errno;
- if (parent_pid != -1 && kill(parent_pid, 0) < 0) {
+ /*
+ * Don't just test whether kill(parent_pid,0) is successful,
+ * because it may fail with EPERM even if the process exists.
+ * If our parent has exited then getppid() will return (pid_t)1,
+ * so testing for that should be safe.
+ */
+ if (parent_pid != -1 && getppid() != parent_pid) {
/* printf("Parent has died - Authentication agent exiting.\n"); */
cleanup_handler(sig); /* safe */
}
More information about the openssh-unix-dev
mailing list