sshd blocking SIGALARM turns out to be due to tcpd
Wietse Venema
wietse at porcupine.org
Wed Mar 8 02:49:11 EST 2006
Ian Jackson:
> Wietse Venema writes ("Re: sshd blocking SIGALARM turns out to be due to tcpd"):
> > Ian Jackson:
> > > Experimentation with strace et al revealed the problem: the
> > > tcp-wrappers build I was using would use alarm(2) to time out of the
> > > ident (RFC931/1413) lookup, but failed to properly use sigsetjmp. [...]
> >
> > This could be introduced by third parties. The tcp wrapper does this:
> > if (setjmp(timebuf) == 0) {
> > signal(SIGALRM, timeout);
> > alarm(rfc931_timeout);
>
> Indeed the broken use of sigsetjmp was introduced by third parties (I
> can see in the Debian diff that the original uses setjmp). But, I was
> very surprised to see you still using signal.
In code that was released in 1996.
> Reading SuSv3 (the best
Sure.
Wietse
> reference I have available) doesn't make it clear whether the code
> above guarantees to unblock SIGALRM if the code longjmps out of the
> handler; this code is relying on old BSD and SysV behaviour, which
> AFAICT is as you might hope but I can see why people might be
> confused and try to `fix' it by changing it to use sigaction.
>
> Thanks,
> Ian.
>
More information about the openssh-unix-dev
mailing list