Mailing List Archive

http://bugzilla.mindrot.org/show_bug.cgi?id=1189





------- Comment #13 from dtucker@zip.com.au 2006-05-22 13:35 -------
Descriptor 8 in the lsof output seems a likely suspect. I went back to
the truss, and one thing jumped out at me: the child process closes
descriptor 8 then exits.

This makes me think that the cause is what is described in bug #926.
There's a patch in that bug which is not right, but I think will solve
your problem enough to prove whether or not this guess is correct,
could you please try it? Thanks.




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
http://www.mindrot.org/mailman/listinfo/openssh-bugs

http://bugzilla.mindrot.org/show_bug.cgi?id=1189





------- Comment #14 from wknox@mitre.org 2006-05-22 23:04 -------
It DOES help in the privsep case. As a side note, it doesn't help when
privsep is turned off (though this appears to be noted in the 926 bug
report). If I am reading this correctly, then, this patch is "doing the
right thing" as long as you keep privsep enabled? I would be happy to
perform any testing that people like for this patch or any others that
come down the pike in order to confirm that.

Thanks again for the help. I guess this bug can be labelled a duplicate
of 926.




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
http://www.mindrot.org/mailman/listinfo/openssh-bugs

http://bugzilla.mindrot.org/show_bug.cgi?id=1189


dtucker@zip.com.au changed:

What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |RESOLVED
Resolution| |DUPLICATE




------- Comment #15 from dtucker@zip.com.au 2006-05-23 07:07 -------
(In reply to comment #14)
> It DOES help in the privsep case. As a side note, it doesn't help when
> privsep is turned off (though this appears to be noted in the 926 bug
> report). If I am reading this correctly, then, this patch is "doing the
> right thing" as long as you keep privsep enabled?

Yeah that's basically it. Doing the same thing for privsep=no would
also mean breaking it for other situations where it currently works (or
maybe adding another process per connection, which I'm not wild about).

Patch #1143 doesn't change the behaviour for privsep=no, and is almost
certainly an improvement on what we have now for privsep=yes, so I
would like to see it or something similar in the next release.

> I would be happy to
> perform any testing that people like for this patch or any others that
> come down the pike in order to confirm that.

Based on the timing, I'm guessing you tested patch #1143? I would be
interested to know if it also solves your problem for privsep=yes and
user=root, assuming you permit this.

> Thanks again for the help. I guess this bug can be labelled a duplicate
> of 926.

Thanks, marking as duplicate of 926.


*** This bug has been marked as a duplicate of bug 926 ***




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
http://www.mindrot.org/mailman/listinfo/openssh-bugs

http://bugzilla.mindrot.org/show_bug.cgi?id=1189





------- Comment #16 from wknox@mitre.org 2006-05-23 07:15 -------
Yes, I tested patch 1143 (sorry I wasn't specific - I didn't see that
that patch had been posted just this morning). The only case with
trouble when privsep was on was root via pubkey - non-root users only
had trouble when privsep was off - so this solved my issue.

Again, I'd be happy to test any future patches against this known test
case. Thanks for the help.




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
http://www.mindrot.org/mailman/listinfo/openssh-bugs

http://bugzilla.mindrot.org/show_bug.cgi?id=1189





------- Comment #17 from dtucker@zip.com.au 2006-05-23 07:24 -------
(In reply to comment #16)
> Yes, I tested patch 1143 (sorry I wasn't specific - I didn't see that
> that patch had been posted just this morning). The only case with
> trouble when privsep was on was root via pubkey - non-root users only
> had trouble when privsep was off - so this solved my issue.

That's what I suspected. When privsep=yes and you're logging in as
root then after successful authentication, post-auth privsep is
disabled (since there's no point).

I'll think about this some more.




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
http://www.mindrot.org/mailman/listinfo/openssh-bugs