[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#367993: openssh-server: /etc/init.d/ssh start does not signal error for UID > 0

    > 1) Should return error (cannot commence any command non-root)

    This is actually a dpkg bug; start-stop-daemon is failing to do
    anything, but since --oknodo is given, it succeeds.  IMO this is
    incorrect for the case that it does nothing for any reason other than
    "there was nothing to do", in particular for the case that permission
    was denied:

It is an error. The service was asked to start and it returned success
status which indicates "service started". The program should have
signalled "service not started" with appropriate non-zero exit status. 

For command "stop", I understand that it's both logical to report 0
exit staus in cases like:

  - Service stopped
  - Hm, no services in process table to stop. Nothing to do. 

to be equal, because the ressult situation after each of these is the
same:

   - Service is no (more) running.

    > 2) Display error message, that user does not have privileges
    >    to run the command
     actually get an error message for both start and stop:
    $ /etc/init.d/ssh stop
    Stopping OpenBSD Secure Shell server: sshdstart-stop-daemon: warning: failed to
     kill 5870: Operation not permitted

True, but the error message isn't that helpful. The correct would
be to report that user is lacking the privileges to run the command. Then
problem is immediately understood (like in the shorewall's example output).
 
    Please give the output of bash -x /etc/init.d/ssh start, and then bash -x
    /etc/init.d/ssh stop (as a normal user).

Attached [1] and [2].

Jari

-----------------------------------------------------------------------

[1]
jaalto@cante:~$ bash -x /etc/init.d/ssh start
+ set -e
+ test -x /usr/sbin/sshd
+ test -f /etc/default/ssh
+ . /etc/default/ssh
++ SSHD_OPTS=
+ export PATH=/usr/local/bin:/home/jaalto/var/link/bin:/sbin:/usr/sbin:/usr/bin:/bin:/usr/bin/X11:/usr/games:/usr/sbin:/sbin
+ PATH=/usr/local/bin:/home/jaalto/var/link/bin:/sbin:/usr/sbin:/usr/bin:/bin:/usr/bin/X11:/usr/games:/usr/sbin:/sbin
+ case "$1" in
+ check_for_no_start
+ '[' -e /etc/ssh/sshd_not_to_be_run ']'
+ check_privsep_dir
+ '[' '!' -d /var/run/sshd ']'
+ echo -n 'Starting OpenBSD Secure Shell server: sshd'
Starting OpenBSD Secure Shell server: sshd+ start-stop-daemon --start --quiet --pidfile /var/run/sshd.pid --exec /usr/sbin/sshd --
Could not load host key: /etc/ssh/ssh_host_key
Could not load host key: /etc/ssh/ssh_host_rsa_key
Could not load host key: /etc/ssh/ssh_host_dsa_key
Disabling protocol version 1. Could not load host key
+ echo .
.
+ exit 0

[2]
+ set -e
+ test -x /usr/sbin/sshd
+ test -f /etc/default/ssh
+ . /etc/default/ssh
++ SSHD_OPTS=
+ export PATH=/usr/local/bin:/home/jaalto/var/link/bin:/sbin:/usr/sbin:/usr/bin:/bin:/usr/bin/X11:/usr/games:/usr/sbin:/sbin
+ PATH=/usr/local/bin:/home/jaalto/var/link/bin:/sbin:/usr/sbin:/usr/bin:/bin:/usr/bin/X11:/usr/games:/usr/sbin:/sbin
+ case "$1" in
+ echo -n 'Stopping OpenBSD Secure Shell server: sshd'
Stopping OpenBSD Secure Shell server: sshd+ start-stop-daemon --stop --quiet --oknodo --pidfile /var/run/sshd.pid
start-stop-daemon: warning: failed to kill 20483: Operation not permitted
+ echo .
.
+ exit 0
Reply to: