sshd blocking SIGALARM turns out to be due to tcpd

Wietse Venema wietse at
Wed Mar 8 02:49:11 EST 2006

Ian Jackson:
> Wietse Venema writes ("Re: sshd blocking SIGALARM turns out to be due to tcpd"):
> > Ian Jackson:
> > > Experimentation with strace et al revealed the problem: the
> > > tcp-wrappers build I was using would use alarm(2) to time out of the
> > > ident (RFC931/1413) lookup, but failed to properly use sigsetjmp. [...]
> > 
> > This could be introduced by third parties. The tcp wrapper does this:
> >         if (setjmp(timebuf) == 0) {
> >             signal(SIGALRM, timeout);
> >             alarm(rfc931_timeout);
> Indeed the broken use of sigsetjmp was introduced by third parties (I
> can see in the Debian diff that the original uses setjmp).  But, I was
> very surprised to see you still using signal.

In code that was released in 1996.

>  Reading SuSv3 (the best



> reference I have available) doesn't make it clear whether the code
> above guarantees to unblock SIGALRM if the code longjmps out of the
> handler; this code is relying on old BSD and SysV behaviour, which
> AFAICT is as you might hope but I can see why people might be
> confused and try to `fix' it by changing it to use sigaction.
> Thanks,
> Ian.

More information about the openssh-unix-dev mailing list