bin/134694: gives false-positive when unable to obtain socket [WAS: sshd(8) - alert user when fails to execute from rc.d]

Tobias Fendin tobias.fendin at glocalnet.net
Wed May 20 11:41:13 UTC 2009 

Dimitry Andric wrote:
> On 2009-05-20 12:19, Eygene Ryabinkin wrote:
>   
>> You seem to mix two things: binding to the port and the output from rc.d
>> 'status' command.  Binding to the port is done by SSH by the bind(2)
>> system call and if something is already listening on the given address,
>> the socket won't be bound, so SSH daemon terminates.
>>     
>
> I think what might be confusing, is the fact that sshd dies due to
> bind() failing, and it should; but you will only see this in the syslog,
> NOT on the command line.
>
> E.g. the /etc/rc.d/sshd script will NOT give an error, because the
> /usr/bin/sshd it calls will fork, and as soon as the fork is okay, the
> original instance with exit with 0.  The forked instance is what will
> die on bind(), so you will not see any failures from it.
> _______________________________________________
> freebsd-hackers at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
> To unsubscribe, send any mail to "freebsd-hackers-unsubscribe at freebsd.org"
>
>   
Does the child really die? I did a little test:

# /etc/rc.d/sshd status
sshd is not running.
# nc -l 22 >/tmp/ssh_test &
[1] 1733
# /etc/rc.d/sshd start
Starting sshd.
# /etc/rc.d/sshd status
sshd is running as pid 1740.
# ssh someuser at localhost                          // This didn't timeout 
or anything, just didn't give any output. I killed it after a couple of 
minutes.
^C
[1]+  Done                    nc -l 22 > /tmp/ssh_test
# ssh someuser at localhost
The authenticity of host 'localhost (::1)' can't be established.
DSA key fingerprint is 9f:fa:ee:f5:39:c5:de:c4:8f:b9:c5:43:d8:9d:85:23.
Are you sure you want to continue connecting (yes/no)? ^C
# uname -a
FreeBSD asator 7.0-RELEASE-p2 FreeBSD 7.0-RELEASE-p2 #0: Thu Mar  5 
03:16:15 CET 2009     root at asator:/usr/obj/usr/src/sys/A_KERNEL  i386

As you can see, the first execution of ssh connects to nc (which 
terminated when I killed the ssh client). And the second execution it 
gets through to sshd (thus, sshd never failed at it's startup).
I don't know if this is the expected behavior, or if it has changed on 
-CURRENT.

More information about the freebsd-hackers mailing list