Bug#772641: apt: E: Setting TIOCSCTTY for slave fd fd failed when run as a session leader

[Faidon Liambotis]

Dear apt maintainers,

On Thu, Dec 11, 2014 at 01:35:27AM +0100, David Kalnischkies wrote:
 Attached is a patch which hopefully does exactly this. It is against
 experimental, but that shouldn't matter (expect for the testcase
 I think). I have run it on Linux amd64 (and armel) hardware as well
 as on a kfreebsd kvm, so I have some hope that it isn't regessing, but
 it would be nice if you could try it with puppet just to be sure that we
 are really fixing the problem completely or if I have justed resolved
 the problem in the setsid testcase.

Since David's patch works and this is an severity: serious/RC bug that
affects multiple people, how would you like to proceed? I see that while
David is not listed as an Uploader, he has a track record of
contributing to apt and has even signed off the latest upload.

I'd be happy to either sponsor an upload by David or NMU with his patch.
David, what do you think?

Let me know.

Thanks,
Faidon


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#772641: apt: E: Setting TIOCSCTTY for slave fd fd failed when run as a session leader

[Samuel Wolf]

I'am also affected by this bug.

Bug#772641: apt: E: Setting TIOCSCTTY for slave fd fd failed when run as a session leader

[Apollon Oikonomopoulos]

Hi,

On 01:35 Thu 11 Dec , David Kalnischkies wrote:
 Attached is a patch which hopefully does exactly this. It is against
 experimental, but that shouldn't matter (expect for the testcase
 I think). I have run it on Linux amd64 (and armel) hardware as well
 as on a kfreebsd kvm, so I have some hope that it isn't regessing, but
 it would be nice if you could try it with puppet just to be sure that we
 are really fixing the problem completely or if I have justed resolved
 the problem in the setsid testcase.

Just tested a patched 1.0.9.4 with puppet and it fixes the issue.

Thanks for the quick response!
Apollon


signature.asc
Description: Digital signature

Bug#772641: apt: E: Setting TIOCSCTTY for slave fd fd failed when run as a session leader

[David Kalnischkies]

Hi,

On Tue, Dec 09, 2014 at 03:57:05PM +0200, Apollon Oikonomopoulos wrote:
 apt 1.0.9.4 does not work correctly when run as a session leader, 
 reporting a failed ioctl on the pty used by dpkg. When called by puppet, 
 it emits the following output:
[…]
 Apart from the error message, it also appears that apt is trying to close its
 own control terminal, thus SIGHUP'ing itself, signaling an unclean exit:

There was a time in which I had read Why isn't X the year of the Linux
Desktop articles and the answer was always because of terminals.
I couldn't understood what could be so wrong with terminals. I loved them.

Then, I started hacking on the PTY handling in apt…
And all of a sudden I understand…


But enough about my first world problems:
The setup is like this: the apt process itself is keeping
a reference open to the pseudo terminal slave as Linux is upset
otherwise (see 299aea924ccef428219ed6f1a026c122678429e6).

That is all nice and dandy up to the point where the apt process has no
controlling terminal, so that opening the pseudo terminal slave will
make this terminal our controlling terminal! In our cleanup at the end
we close the pseudo terminal, which in that case is a terminal mistake
as its our controlling terminal, which quite literally means: we hang
ourselves.


So, the proper thing to do is to rule with our hard iron fist and show
our primitive little slave that it isn't right for him to have
aspirations behond what its puppet-master intended for him.
In other words: We add O_NOCTTY to the open(2) call to stop the slave
terminal from becoming our controlling terminal.


Attached is a patch which hopefully does exactly this. It is against
experimental, but that shouldn't matter (expect for the testcase
I think). I have run it on Linux amd64 (and armel) hardware as well
as on a kfreebsd kvm, so I have some hope that it isn't regessing, but
it would be nice if you could try it with puppet just to be sure that we
are really fixing the problem completely or if I have justed resolved
the problem in the setsid testcase.


Thanks in any case for the report and the testcase, especially the
later helped tremendously in reproducing the problem!


Best regards

David Kalnischkies
commit c6bc9735cf1486d40d85bba90cfc3aaa6537a9c0
Author: David Kalnischkies da...@kalnischkies.de
Date:   Wed Dec 10 22:26:59 2014 +0100

do not make PTY slave the controlling terminal

If we have no controlling terminal opening a terminal will make this
terminal our controller, which is a serious problem if this happens to
be the pseudo terminal we created to run dpkg in as we will close this
terminal at the end hanging ourself up in the process…

The offending open is the one we do to have at least one slave fd open
all the time, but for good measure, we apply the flag also to the slave
fd opening in the child process as we set the controlling terminal
explicitely here.

This is a regression from 150bdc9ca5d656f9fba94d37c5f4f183b02bd746 with
the slight twist that this usecase was silently broken before in that it
wasn't logging the output in term.log (as a pseudo terminal wasn't
created).

Closes: 772641

diff --git a/apt-pkg/deb/dpkgpm.cc b/apt-pkg/deb/dpkgpm.cc
index 79120f6..8a8214c 100644
--- a/apt-pkg/deb/dpkgpm.cc
+++ b/apt-pkg/deb/dpkgpm.cc
@@ -1127,7 +1127,7 @@ void pkgDPkgPM::StartPtyMagic()
 	   on kfreebsd we get an incorrect (step like) output then while it has
 	   no problem with closing all references… so to avoid platform specific
 	   code here we combine both and be happy once more */
-	d-protect_slave_from_dying = open(d-slave, O_RDWR | O_CLOEXEC);
+	d-protect_slave_from_dying = open(d-slave, O_RDWR | O_CLOEXEC | O_NOCTTY);
 	 }
   }
}
@@ -1159,7 +1159,7 @@ void pkgDPkgPM::SetupSlavePtyMagic()
if (setsid() == -1)
   _error-FatalE(setsid, Starting a new session for child failed!);
 
-   int const slaveFd = open(d-slave, O_RDWR);
+   int const slaveFd = open(d-slave, O_RDWR | O_NOCTTY);
if (slaveFd == -1)
   _error-FatalE(open, _(Can not write log (%s)), _(Is /dev/pts mounted?));
else if (ioctl(slaveFd, TIOCSCTTY, 0)  0)
diff --git a/test/integration/test-no-fds-leaked-to-maintainer-scripts b/test/integration/test-no-fds-leaked-to-maintainer-scripts
index cde987b..a7d556b 100755
--- a/test/integration/test-no-fds-leaked-to-maintainer-scripts
+++ b/test/integration/test-no-fds-leaked-to-maintainer-scripts
@@ -26,20 +26,25 @@ setupaptarchive
 
 rm -f rootdir/var/log/dpkg.log rootdir/var/log/apt/term.log
 testsuccess aptget install -y fdleaks -qq  /dev/null
-msgtest 'Check if fds were not' 'leaked'
-if [ $(grep 'root root' rootdir/tmp/testsuccess.output | wc -l) = '8' ]; then
-	msgpass
-else
-	echo
-	cat rootdir/tmp/testsuccess.output
-	msgfail
-fi
 
-cp rootdir/tmp/testsuccess.output terminal.output
-tail -n +3 rootdir/var/log/apt/term.log | head -n -1  terminal.log
-testfileequal 

Bug#772641: apt: E: Setting TIOCSCTTY for slave fd fd failed when run as a session leader

[Apollon Oikonomopoulos]

Package: apt
Version: 1.0.9.4
Severity: serious
Justification: Regression, breaks other software (e.g. puppet)

Dear Maintainer,

apt 1.0.9.4 does not work correctly when run as a session leader, 
reporting a failed ioctl on the pty used by dpkg. When called by puppet, 
it emits the following output:

  Error: Execution of '/usr/bin/apt-get -q -y -o 
DPkg::Options::=--force-confold install ntpdate' returned : Reading package 
lists...
  Building dependency tree...
  Reading state information...
  Recommended packages:
lockfile-progs
  The following NEW packages will be installed:
ntpdate
  0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
  Need to get 0 B/74.1 kB of archives.
  After this operation, 233 kB of additional disk space will be used.
  E: Setting TIOCSCTTY for slave fd 18 failed! - ioctl (1: Operation not 
permitted)
  Selecting previously unselected package ntpdate.
  (Reading database ... 46412 files and directories currently installed.)
  Preparing to unpack .../ntpdate_1%3a4.2.6.p5+dfsg-3.1+b1_amd64.deb ...
  Unpacking ntpdate (1:4.2.6.p5+dfsg-3.1+b1) ...
  Processing triggers for man-db (2.7.0.2-3) ...
  E: Setting TIOCSCTTY for slave fd 18 failed! - ioctl (1: Operation not 
permitted)
  Setting up ntpdate (1:4.2.6.p5+dfsg-3.1+b1) ...

Apart from the error message, it also appears that apt is trying to close its
own control terminal, thus SIGHUP'ing itself, signaling an unclean exit:

23631 open(/dev/pts/2, O_RDWR|O_CLOEXEC) = 19
...
23631 close(19) = 0
23631 close(18) = 0
23631 --- SIGHUP {si_signo=SIGHUP, si_code=SI_KERNEL} ---
23631 +++ killed by SIGHUP +++

This has the side-effect of puppet marking the package installation as failed
and all downstream dependencies as unsatisfied.

This behavior was introduced in commit 299aea924c and can be trivially 
reproduced using setsid:

 # setsid -w apt-get install sm /dev/null
 Reading package lists... Done
 Building dependency tree   
 Reading state information... Done
 The following NEW packages will be installed:
   sm
 0 upgraded, 1 newly installed, 0 to remove and 203 not upgraded.
 Need to get 0 B/21,3 kB of archives.
 After this operation, 108 kB of additional disk space will be used.
 dpkg-preconfigure: unable to re-open stdin: No such file or directory
 E: Setting TIOCSCTTY for slave fd 38 failed! - ioctl (1: Operation not 
permitted)
 Selecting previously unselected package sm.
 (Reading database ... 411612 files and directories currently installed.)
 Preparing to unpack .../archives/sm_0.22.1-2_amd64.deb ...
 Unpacking sm (0.22.1-2) ...
 Processing triggers for hicolor-icon-theme (0.13-1) ...
 Processing triggers for man-db (2.7.0.2-3) ...
 Processing triggers for menu (2.1.47) ...
 Processing triggers for mime-support (3.57) ...
 Processing triggers for desktop-file-utils (0.22-1) ...
 E: Setting TIOCSCTTY for slave fd 38 failed! - ioctl (1: Operation not 
permitted)
 Setting up sm (0.22.1-2) ...
 Processing triggers for menu (2.1.47) ...
 setsid: child 5136 did not exit normally: Success
 
Regards,
Apollon

-- Package-specific info:

-- (no /etc/apt/preferences present) --


-- (/etc/apt/sources.list present, but not submitted) --


-- System Information:
Debian Release: 8.0
  APT prefers testing
  APT policy: (500, 'testing'), (90, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=el_GR.UTF-8, LC_CTYPE=el_GR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages apt depends on:
ii  debian-archive-keyring  2014.3
ii  gnupg   1.4.18-4
ii  libapt-pkg4.12  1.0.9.4
ii  libc6   2.19-13
ii  libgcc1 1:4.9.1-19
ii  libstdc++6  4.9.1-19

apt recommends no packages.

Versions of packages apt suggests:
pn  apt-doc none
ii  aptitude0.6.11-1+b1
ii  dpkg-dev1.17.21
ii  python-apt  0.9.3.11

-- debconf-show failed


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org