bin/134694: gives false-positive when unable to obtain socket [WAS: sshd(8) - alert user when fails to execute from rc.d]

Tobias Fendin tobias.fendin at glocalnet.net
Wed May 20 11:50:04 UTC 2009 

The following reply was made to PR bin/134694; it has been noted by GNATS.

From: Tobias Fendin <tobias.fendin at glocalnet.net>
To: Dimitry Andric <dimitry at andric.com>
Cc: rea-fbsd at codelabs.ru, hackers at freebsd.org, 
 Glen Barber <glen.j.barber at gmail.com>,
 bug-followup at freebsd.org
Subject: Re: bin/134694: gives false-positive when unable to obtain socket
 [WAS: sshd(8) - alert user when fails to execute from rc.d]
Date: Wed, 20 May 2009 13:18:15 +0200

 Dimitry Andric wrote:
 > On 2009-05-20 12:19, Eygene Ryabinkin wrote:
 >   
 >> You seem to mix two things: binding to the port and the output from rc.d
 >> 'status' command.  Binding to the port is done by SSH by the bind(2)
 >> system call and if something is already listening on the given address,
 >> the socket won't be bound, so SSH daemon terminates.
 >>     
 >
 > I think what might be confusing, is the fact that sshd dies due to
 > bind() failing, and it should; but you will only see this in the syslog,
 > NOT on the command line.
 >
 > E.g. the /etc/rc.d/sshd script will NOT give an error, because the
 > /usr/bin/sshd it calls will fork, and as soon as the fork is okay, the
 > original instance with exit with 0.  The forked instance is what will
 > die on bind(), so you will not see any failures from it.
 > _______________________________________________
 > freebsd-hackers at freebsd.org mailing list
 > http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
 > To unsubscribe, send any mail to "freebsd-hackers-unsubscribe at freebsd.org"
 >
 >   
 Does the child really die? I did a little test:
 
 # /etc/rc.d/sshd status
 sshd is not running.
 # nc -l 22 >/tmp/ssh_test &
 [1] 1733
 # /etc/rc.d/sshd start
 Starting sshd.
 # /etc/rc.d/sshd status
 sshd is running as pid 1740.
 # ssh someuser at localhost                          // This didn't timeout 
 or anything, just didn't give any output. I killed it after a couple of 
 minutes.
 ^C
 [1]+  Done                    nc -l 22 > /tmp/ssh_test
 # ssh someuser at localhost
 The authenticity of host 'localhost (::1)' can't be established.
 DSA key fingerprint is 9f:fa:ee:f5:39:c5:de:c4:8f:b9:c5:43:d8:9d:85:23.
 Are you sure you want to continue connecting (yes/no)? ^C
 # uname -a
 FreeBSD asator 7.0-RELEASE-p2 FreeBSD 7.0-RELEASE-p2 #0: Thu Mar  5 
 03:16:15 CET 2009     root at asator:/usr/obj/usr/src/sys/A_KERNEL  i386
 
 As you can see, the first execution of ssh connects to nc (which 
 terminated when I killed the ssh client). And the second execution it 
 gets through to sshd (thus, sshd never failed at it's startup).
 I don't know if this is the expected behavior, or if it has changed on 
 -CURRENT.

More information about the freebsd-bugs mailing list