Call for testing: OpenSSH-5.9

Tim Rice tim at multitalents.net
Mon Aug 29 15:34:05 EST 2011 

On Sun, 28 Aug 2011, Darren Tucker wrote:

> On Sun, Aug 28, 2011 at 9:18 PM, Darren Tucker <dtucker at zip.com.au> wrote:
>  [...]
> > I trussed an sshd (on Solaris 10 x86) and the failure seems to be polling FDs:
> 
> confirmed: it's poll.  Still not sure what to do about it, it's used
> in atomicio.

Cool. Now we have a way to test.
Add your test program to configure.ac and define somehing like
POLL_USES_FD if it fails. Then we use something like this.
.......
--- sandbox-rlimit.c.old	2011-06-23 06:58:32.529017003 -0700
+++ sandbox-rlimit.c	2011-08-28 22:28:49.561109001 -0700
@@ -61,13 +61,19 @@
 ssh_sandbox_child(struct ssh_sandbox *box)
 {
 	struct rlimit rl_zero;
+	struct rlimit rl_one;
 
 	rl_zero.rlim_cur = rl_zero.rlim_max = 0;
+	rl_one.rlim_cur = rl_one.rlim_max = 1;
 
 	if (setrlimit(RLIMIT_FSIZE, &rl_zero) == -1)
 		fatal("%s: setrlimit(RLIMIT_FSIZE, { 0, 0 }): %s",
 			__func__, strerror(errno));
+#ifdef POLL_USES_FD
+	if (setrlimit(RLIMIT_NOFILE, &rl_one) == -1)
+#else
 	if (setrlimit(RLIMIT_NOFILE, &rl_zero) == -1)
+#endif
 		fatal("%s: setrlimit(RLIMIT_NOFILE, { 0, 0 }): %s",
 			__func__, strerror(errno));
 #ifdef HAVE_RLIMIT_NPROC
.......

BTW. What dows your polltest say on AIX?

> $ cat polltest.c
> #include <sys/time.h>
> #include <sys/resource.h>
> #include <stdio.h>
> #include <poll.h>
> #include <errno.h>
> 
> int main(int argc, char **argv)
> {
>         struct rlimit rl_zero;
>         struct pollfd pfd;
>         int fd, r, enforce_limit = 0;
> 
>         if (argc == 2 && strcmp(argv[1], "limit") == 0)
>                 enforce_limit = 1;
> 
>         fd = open("/dev/null", "r");
>         if (enforce_limit) {
>                 rl_zero.rlim_cur = rl_zero.rlim_max = 0;
>                 setrlimit(RLIMIT_FSIZE, &rl_zero);
>                 setrlimit(RLIMIT_NOFILE, &rl_zero);
>         }
> 
>         pfd.fd = fd;
>         pfd.events = POLLOUT;
>         r = poll(&pfd, 1, -1);
>         printf("poll = %d, error: %s\n", r, strerror(errno));
> }
> 
> $ gcc polltest.c && ./a.out
> poll = 1, error: Error 0
> $ ./a.out limit
> poll = -1, error: Invalid argument
> 
> 

-- 
Tim Rice				Multitalents	(707) 456-1146
tim at multitalents.net					(707) 887-1469

More information about the openssh-unix-dev mailing list