[Bug 2646] zombie processes when using privilege separation

2016-12-14 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=2646

--- Comment #8 from Akshay  ---
Also, adding the one line patch you suggested (on to 7.2p2*) does not
fix the problem. I still see processes marked 'defunct' once I log out.

* = your patch was probably on a different branch, because the line nos
didnt seem to align. I was able to find the appropriate line using the
comment above it

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2646] zombie processes when using privilege separation

2016-12-14 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=2646

--- Comment #7 from Akshay  ---
Here is what happened when I tested with the '-r' option:

Initially...

root@4871a0e3589e:/# ps auxf
USER   PID %CPU %MEMVSZ   RSS TTY  STAT START   TIME
COMMAND
root 9  0.0  0.0  18248  3308 ?Ss   01:14   0:00
/bin/bash
root27  0.0  0.0  34424  2908 ?R+   01:14   0:00  \_ ps
auxf
root 1  0.1  0.0  40356  8196 ?Ssl+ 01:14   0:00
/usr/bin/ruby -- /init.rb
root 8  0.0  0.0  26468  3772 ?S+   01:14   0:00
/usr/sbin/sshd -D -r
root19  0.0  0.0  29028  4084 ?Ss   01:14   0:00  \_
sshd: nsadmin [priv]
nsadmin 21  0.0  0.0  29028  2668 ?S01:14   0:00 
\_ sshd: nsadmin@pts/0
nsadmin 22  0.0  0.0  18252  3204 pts/0Ss+  01:14   0:00   
  \_ -bash

Later, (after login then logout)...

root@4871a0e3589e:/# ps auxf
USER   PID %CPU %MEMVSZ   RSS TTY  STAT START   TIME
COMMAND
root 9  0.0  0.0  18248  3324 ?Ss   01:14   0:00
/bin/bash
root29  0.0  0.0  34424  2824 ?R+   01:14   0:00  \_ ps
auxf
root 1  0.1  0.0  40356  8196 ?Ssl+ 01:14   0:00
/usr/bin/ruby -- /init.rb
root 8  0.0  0.0  26468  3772 ?S+   01:14   0:00
/usr/sbin/sshd -D -r
nsadmin 21  0.0  0.0  0 0 ?Z01:14   0:00 [sshd]


-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2341] XQuartz X11 forwarding not working in OS X 10.10 Yosemite

2016-12-14 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=2341

Damien Miller  changed:

   What|Removed |Added

   Attachment #2917||ok+
  Flags||

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2341] XQuartz X11 forwarding not working in OS X 10.10 Yosemite

2016-12-14 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=2341

Darren Tucker  changed:

   What|Removed |Added

   Attachment #2916|0   |1
is obsolete||

--- Comment #22 from Darren Tucker  ---
Created attachment 2917
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2917=edit
OSX X11: if using launchd socket, remove the screen number

(In reply to Damien Miller from comment #21)
> hemi-demi-nitpick: remove braces

done.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2341] XQuartz X11 forwarding not working in OS X 10.10 Yosemite

2016-12-14 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=2341

Damien Miller  changed:

   What|Removed |Added

   Attachment #2915|0   |1
is obsolete||

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2341] XQuartz X11 forwarding not working in OS X 10.10 Yosemite

2016-12-14 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=2341

Damien Miller  changed:

   What|Removed |Added

   Attachment #2916||ok+
  Flags||

--- Comment #21 from Damien Miller  ---
Comment on attachment 2916
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2916
OSX X11: if using launchd socket, remove the screen number

>+  if (stat(path, ) == 0) {
>+  return 1;
>+  }

hemi-demi-nitpick: remove braces

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2341] XQuartz X11 forwarding not working in OS X 10.10 Yosemite

2016-12-14 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=2341

--- Comment #20 from Darren Tucker  ---
Created attachment 2916
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2916=edit
OSX X11: if using launchd socket, remove the screen number

(In reply to Damien Miller from comment #19)
> no need to wrap the remainder in and else block after return here.

done

> I'd stick "char *dot" at the start of the function and do
> "if ((dot = strrchr(path, '.')) != NULL {"
> on one line, but that's nitpicking :)

done

[...]
> also nitpicking: maybe we should move this whole lot into a separate
> function?

left this one for now.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2341] XQuartz X11 forwarding not working in OS X 10.10 Yosemite

2016-12-14 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=2341

Damien Miller  changed:

   What|Removed |Added

   Attachment #2915|ok?(d...@mindrot.org)|ok+
  Flags||

--- Comment #19 from Damien Miller  ---
Comment on attachment 2915
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2915
OSX X11: if using launchd socket, remove the screen number

This is ok, my comments are just nitpicks:

>+  if (stat(path, ) == 0) {
>+  return 1;

no need to wrap the remainder in and else block after return here.

>+  } else {
>+  char *dot = strrchr(path, '.');

I'd stick "char *dot" at the start of the function and do
"if ((dot = strrchr(path, '.')) != NULL {"
on one line, but that's nitpicking :)


> #ifdef __APPLE__
>-  if (strncmp(display, "/tmp/launch", 11) == 0) {
>-  sock = connect_local_xsocket_path(display);
>-  if (sock < 0)
>-  return -1;
>+  /* Check if display is a path to a socket (as set by launchd). */
>+  {
>+  char path[PATH_MAX];
> 
>-  /* OK, we now have a connection to the display. */
>-  return sock;
>+  if (is_path_to_xsocket(display, path, sizeof(path))) {
>+  debug("x11_connect_display: $DISPLAY is launchd");
>+
>+  /* Create a socket. */
>+  sock = connect_local_xsocket_path(path);
>+  if (sock < 0)
>+  return -1;
>+
>+  /* OK, we now have a connection to the display. */
>+  return sock;

also nitpicking: maybe we should move this whole lot into a separate
function?

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2341] XQuartz X11 forwarding not working in OS X 10.10 Yosemite

2016-12-14 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=2341

Darren Tucker  changed:

   What|Removed |Added

   Attachment #2871|0   |1
is obsolete||
   Attachment #2915||ok?(d...@mindrot.org)
  Flags||

--- Comment #18 from Darren Tucker  ---
Created attachment 2915
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2915=edit
OSX X11: if using launchd socket, remove the screen number

(In reply to Jakob Schlyter from comment #17)
> Almost 2 years now, still not fixed. What's holding this back?

Well, there was no patch that had the issues addressed and had been
tested.  This takes your last patch and fixes djm's comment#15.  Could
you please try it?

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2646] zombie processes when using privilege separation

2016-12-14 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=2646

--- Comment #6 from Darren Tucker  ---
Created attachment 2914
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2914=edit
Add sigchld handler to inetd mode path

I think this patch would also fix it.  Could you please try it?

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2646] zombie processes when using privilege separation

2016-12-14 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=2646

--- Comment #5 from Darren Tucker  ---
(In reply to Akshay from comment #4)
> Okay, I was able to reproduce the issue using `OpenSSH_7.2p2,
> OpenSSL 1.0.2g  1 Mar 2016`


Thanks.

> nsadmin 22  0.0  0.0  0 0 ?Z22:48   0:00
> [sshd] 

If I'm reading this correctly that's the post-auth unprivileged process
(pid 22 in this example) not the [priv] process (pid 20 in this
example).

I think I can see how this would happen.  After accepting the
connection and forking off a copy, sshd re-execs itself with the "-R"
flag in order to (hopefully) get a new address space layout.  -R sets:

case 'R':
rexeced_flag = 1;
inetd_flag = 1;

then a bit later when the signal handlers are set up:
/* Get a connection, either from inetd or a listening TCP
socket */
if (inetd_flag) {
server_accept_inetd(_in, _out);
} else {
[...]
signal(SIGCHLD, main_sigchld_handler);

You can test this theory by running your sshd with the (undocumented)
"-r" option to disable the re-exec.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2646] zombie processes when using privilege separation

2016-12-14 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=2646

--- Comment #4 from Akshay  ---
Okay, I was able to reproduce the issue using `OpenSSH_7.2p2, OpenSSL
1.0.2g  1 Mar 2016`

First, I have a simple 'init' program that runs in a container. All it
does is it launches sshd, and waits for the TERM signal. On receipt of
TERM, it TERMs sshd, and exits.

So, initially, here is what I see:

root@4871a0e3589e:/# ps auxf
USER   PID %CPU %MEMVSZ   RSS TTY  STAT START   TIME
COMMAND
root 9  0.0  0.0  18248  3384 ?Ss   22:47   0:00 bash
root19  0.0  0.0  34424  2820 ?R+   22:48   0:00  \_ ps
auxf
root 1  0.4  0.0  40364  8220 ?Ssl+ 22:47   0:00
/usr/bin/ruby -- /init.rb
root 8  0.0  0.0  26468  3844 ?S+   22:47   0:00
/usr/sbin/sshd -D

The bash process (that spawns ps) is 'exec'd in the container using
docker exec so that I can view the process listing "out-of-band" (i.e
without exercising sshd)

Next, I log in, and list the processes (in-band, this time). This is
what i see:

nsadmin@4871a0e3589e:~$ ps auxf
USER   PID %CPU %MEMVSZ   RSS TTY  STAT START   TIME
COMMAND
root 1  0.0  0.0  40364  8220 ?Ssl+ 22:47   0:00
/usr/bin/ruby -- /init.rb
root 8  0.0  0.0  26468  3844 ?S+   22:47   0:00
/usr/sbin/sshd -D
root20  0.0  0.0  29028  4532 ?Ss   22:48   0:00  \_
sshd: nsadmin [priv]
nsadmin 22  0.0  0.0  29028  2624 ?S22:48   0:00 
\_ sshd: nsadmin@pts/0
nsadmin 23  0.0  0.0  18256  3216 pts/0Ss   22:48   0:00   
  \_ -bash
nsadmin 28  0.0  0.0  34424  2932 pts/0R+   22:48   0:00   
  \_ ps auxf


Then, I log out of the ssh session, and get the process listing using
an exec'd shell:

USER   PID %CPU %MEMVSZ   RSS TTY  STAT START   TIME
COMMAND
root29  0.0  0.0  18248  3264 ?Ss   22:48   0:00
/bin/bash
root40  0.0  0.0  34424  2876 ?R+   22:48   0:00  \_ ps
auxf
root 1  0.0  0.0  40364  8220 ?Ssl+ 22:47   0:00
/usr/bin/ruby -- /init.rb
root 8  0.0  0.0  26468  3844 ?S+   22:47   0:00
/usr/sbin/sshd -D
nsadmin 22  0.0  0.0  0 0 ?Z22:48   0:00 [sshd]


-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2646] zombie processes when using privilege separation

2016-12-14 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=2646

--- Comment #3 from Akshay  ---
> Can you reproduce the problem with a binary built from the stock sources from 
> openssh.com

Sure, I'll go ahead and do that

> What command line flags is sshd invoked with

I'll provide those as well

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 2341] XQuartz X11 forwarding not working in OS X 10.10 Yosemite

2016-12-14 Thread bugzilla-daemon 
https://bugzilla.mindrot.org/show_bug.cgi?id=2341

Damien Miller  changed:

   What|Removed |Added

   Attachment #2871|ok?(d...@mindrot.org)|ok+
  Flags||

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
___
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs