Mailing List Archive

http://bugzilla.mindrot.org/show_bug.cgi?id=606





------- Additional Comments From djm@mindrot.org 2003-06-26 21:52 -------
> 1.) sshd should warn user when cannot create pid file.

This is difficult - see the comment in sshd.c where we write the pidfile

> 2.) sshd -t should warn user when dont have write permition to
> pid_file_dir. One possible reason is missing directory.

IMO that is just bloat.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=606





------- Additional Comments From dtucker@zip.com.au 2003-06-26 21:55 -------
Created an attachment (id=338)
--> (http://bugzilla.mindrot.org/attachment.cgi?id=338&action=view)
Check directory and file perms for PidFile

Also reports error if there's an error writing the PidFile (this could still
happen, either due to a race or things like ENOSPC). This part based on Roumen
Petrov's patch.

Patch against OpenBSD -current.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=606





------- Additional Comments From djm@mindrot.org 2003-06-26 22:14 -------
OK - (1) isn't difficult unless one wants the error written to stderr (the
pidfile writing happens after the fork).

I'd say that the patch confirms that (2) is bloat



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=606





------- Additional Comments From mouring@eviladmin.org 2003-06-27 01:01 -------
Don't know.. Other projects tend to provide notifications on testing
configurations (apache does), but Darren's patch is wrong.

+ /* Determine directory path to PidFile */
+ if (strrchr(options.pid_file, '/') != NULL) {
+ path = xstrdup(options.pid_file);
+ *(strrchr(path, '/')+1) = '\0';
+ } else
+ path = xstrdup(".");


Fails when the admin is insane and does: "/my/loc/my\/myfile.pid"

Since it will not decide if the / has been escaped or not.


I don't have a strong feeling either way (For the record, I don't use
the pid file for tracking the sshd).



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=606

openssh@roumenpetrov.info changed:

What |Removed |Added
----------------------------------------------------------------------------
BugsThisDependsOn| |605



------- Additional Comments From openssh@roumenpetrov.info 2003-06-27 21:37 -------
Might is better configure to warn for missing piddir and
sshd only when cannot create pidfile.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=606

dtucker@zip.com.au changed:

What |Removed |Added
----------------------------------------------------------------------------
Attachment #338 is|0 |1
obsolete| |



------- Additional Comments From dtucker@zip.com.au 2003-06-28 00:11 -------
Created an attachment (id=339)
--> (http://bugzilla.mindrot.org/attachment.cgi?id=339&action=view)
Use realpath to test existence of PidFile directory

One person's "bloat" is another's "valuable diagnostic" :-)

If you cut down the things that are checked for and can live with less
descriptive errors you can just use realpath(). It still performs a useful
subset of tests (and handles Ben's evilness too) with less code.

# sshd/sshd -t -o 'PidFile /no/such'
Invalid PidFile specification: /no/such (No such file or directory)
# sshd/sshd -t -o 'PidFile /etc/passwd/pidfile'
Invalid PidFile specification: /etc/passwd/pidfile (Not a directory)
# sshd/sshd -t -o 'PidFile /tmp\/myfile.pid'
Invalid PidFile specification: /tmp\\/myfile.pid (No such file or directory)



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=606

djm@mindrot.org changed:

What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED



------- Additional Comments From djm@mindrot.org 2003-06-28 17:50 -------
I have committed a similar patch which reports the error() on failure to create
the pidfile, but not the "sshd -t" tests. There are just too many ways for an
admin to break a system to test for them all. Besides, pidfile creation failure
is non-fatal.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.