daemon() before bind()

Jim Basney jbasney at ncsa.uiuc.edu
Tue Apr 20 05:46:20 EST 2010

Hello OpenSSH developers,

I hope you won't mind confirming something for me.

Recently an OpenSSH user objected to me about the sshd exiting with
status 0 when the bind to port 22 fails ("Address already in use"),
because it makes it not obvious to the init script that something went
wrong in sshd startup. As I understand it, this behavior is due to the
sshd calling daemon() before socket() and bind(), thereby returning
control to the parent process before seeing if the bind succeeds or
fails. Furthermore, the sshd makes the calls in this order because
daemon() will close the first three file descriptors, and we don't want
the socket() file descriptor to be closed by the daemon() call in case
the file descriptor happens to be one of the first three.

Would you consider a patch that moved the daemon() call after the
socket() and bind() calls? Clearly the patch would need to be careful
about the first three file descriptors, possibly using dup() to move
open file descriptors to higher values before the daemon() call. The
benefit being that more startup errors would return non-zero exit
statuses, with the drawback of adding complexity to the sshd startup
code. I'm guessing such a patch would not be accepted, but I wanted to
ask to be sure.

In any case, thanks for all your work on OpenSSH.


More information about the openssh-unix-dev mailing list