bin/134694: gives false-positive when unable to obtain socket
[WAS: sshd(8) - alert user when fails to execute from rc.d]
Tobias Fendin
tobias.fendin at glocalnet.net
Wed May 20 11:50:04 UTC 2009
The following reply was made to PR bin/134694; it has been noted by GNATS.
From: Tobias Fendin <tobias.fendin at glocalnet.net>
To: Dimitry Andric <dimitry at andric.com>
Cc: rea-fbsd at codelabs.ru, hackers at freebsd.org,
Glen Barber <glen.j.barber at gmail.com>,
bug-followup at freebsd.org
Subject: Re: bin/134694: gives false-positive when unable to obtain socket
[WAS: sshd(8) - alert user when fails to execute from rc.d]
Date: Wed, 20 May 2009 13:18:15 +0200
Dimitry Andric wrote:
> On 2009-05-20 12:19, Eygene Ryabinkin wrote:
>
>> You seem to mix two things: binding to the port and the output from rc.d
>> 'status' command. Binding to the port is done by SSH by the bind(2)
>> system call and if something is already listening on the given address,
>> the socket won't be bound, so SSH daemon terminates.
>>
>
> I think what might be confusing, is the fact that sshd dies due to
> bind() failing, and it should; but you will only see this in the syslog,
> NOT on the command line.
>
> E.g. the /etc/rc.d/sshd script will NOT give an error, because the
> /usr/bin/sshd it calls will fork, and as soon as the fork is okay, the
> original instance with exit with 0. The forked instance is what will
> die on bind(), so you will not see any failures from it.
> _______________________________________________
> freebsd-hackers at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
> To unsubscribe, send any mail to "freebsd-hackers-unsubscribe at freebsd.org"
>
>
Does the child really die? I did a little test:
# /etc/rc.d/sshd status
sshd is not running.
# nc -l 22 >/tmp/ssh_test &
[1] 1733
# /etc/rc.d/sshd start
Starting sshd.
# /etc/rc.d/sshd status
sshd is running as pid 1740.
# ssh someuser at localhost // This didn't timeout
or anything, just didn't give any output. I killed it after a couple of
minutes.
^C
[1]+ Done nc -l 22 > /tmp/ssh_test
# ssh someuser at localhost
The authenticity of host 'localhost (::1)' can't be established.
DSA key fingerprint is 9f:fa:ee:f5:39:c5:de:c4:8f:b9:c5:43:d8:9d:85:23.
Are you sure you want to continue connecting (yes/no)? ^C
# uname -a
FreeBSD asator 7.0-RELEASE-p2 FreeBSD 7.0-RELEASE-p2 #0: Thu Mar 5
03:16:15 CET 2009 root at asator:/usr/obj/usr/src/sys/A_KERNEL i386
As you can see, the first execution of ssh connects to nc (which
terminated when I killed the ssh client). And the second execution it
gets through to sshd (thus, sshd never failed at it's startup).
I don't know if this is the expected behavior, or if it has changed on
-CURRENT.
More information about the freebsd-bugs
mailing list