[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#367993: openssh-server: /etc/init.d/ssh start does not signal error for UID > 0

bts severity 367993 wishlist
bts retitle 367993 ssh: request for explicit permissions check, rather than erroring at first failure

On Fri, May 19, 2006 at 07:01:53PM +0300, Jari Aalto wrote:
>     > 1) Should return error (cannot commence any command non-root)
>     This is actually a dpkg bug; start-stop-daemon is failing to do
>     anything, but since --oknodo is given, it succeeds.  IMO this is
>     incorrect for the case that it does nothing for any reason other than
>     "there was nothing to do", in particular for the case that permission
>     was denied:
> It is an error.
I don't deny this, but there is a separate dpkg bug.  3 bugs in all:

#368034 ssh: immediate failure of a child process doesn't cause an unsuccessful exit.
#368033 dpkg: [S-S-D]: --oknodo should exit unsuccessfully if there was stuff to do, but it failed
#367993 ssh: fails to show any error when start/stop as normal user fails

>     > 2) Display error message, that user does not have privileges
>     >    to run the command
>      actually get an error message for both start and stop:
>     $ /etc/init.d/ssh stop
>     Stopping OpenBSD Secure Shell server: sshdstart-stop-daemon: warning: failed to
>      kill 5870: Operation not permitted
> True, but the error message isn't that helpful.
You seem to have initially implied that there was no message at all..

Anyway, I disagree; "operation not permitted" is exactly right.  And
with Linux "capabilities", it is probably possible for non root users
to start (and stop) the ssh daemon, so this isn't as simple as
if geteuid()).


Reply to: