Bug#512209: Please don't touch sshd from interfaces-up

To: Peter Palfrader <weasel@debian.org>, 512209@bugs.debian.org
Cc: "Perry E. Metzger" <perry@piermont.com>
Subject: Bug#512209: Please don't touch sshd from interfaces-up
From: Colin Watson <cjwatson@debian.org>
Date: Sun, 18 Jan 2009 18:20:56 +0000
Message-id: <[🔎] 20090118182056.GJ4735@riva.ucam.org>
Reply-to: Colin Watson <cjwatson@debian.org>, 512209@bugs.debian.org
In-reply-to: <[🔎] 20090118165918.GE12108@anguilla.noreply.org>
References: <[🔎] 20090118165918.GE12108@anguilla.noreply.org>

On Sun, Jan 18, 2009 at 05:59:18PM +0100, Peter Palfrader wrote:
> Package: openssh-server
> Version: 1:5.1p1-5
> 
> | * Check that /var/run/sshd.pid exists and that the process ID listed there
> |   corresponds to sshd before running '/etc/init.d/ssh reload' from if-up
> |   script; SIGHUP is racy if called at boot before sshd has a chance to
> |   install its signal handler, but fortunately the pid file is written
> |   after that which lets us avoid the race (closes: #502444).
> | * While the above is a valuable sanity-check, it turns out that it doesn't
> |   really fix the bug (thanks to Kevin Price for testing), so for the
> |   meantime we'll just use '/etc/init.d/ssh restart', even though it is
> |   unfortunately heavyweight.
> 
> Why restart it at all?  There's little point in the default
> configuration where sshd listens on INADDR_ANY.
> 
> At least make it configurable and don't mess with it from interfaces by
> default.

Hmm. This was in response to:

  https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/103436

... where somebody did appear to be having a genuine problem. I've CCed
him; Perry, perhaps you can elaborate, since your request and Peter's
directly conflict?

I vaguely remember some problem where INADDR_ANY meant "all the
interfaces that happen to be up at bind() time" rather than "all the
interfaces that are up whenever packets arrive". Am I hallucinating? I
can't find any proof of that now that I look for it, and I agree that it
ought not to be necessary; indeed, I can't reproduce the need for this
if-up script with current openssh-server.

Anyway, I'm happy to remove this (or at least move it to an examples
directory for people having problems). However, I'm conscious that I
have already pushed my luck for late changes in openssh for lenny since
the udebs it produces are built into some d-i initrds. Peter, is this
actually causing you a problem beyond inefficiency?

(It is, of course, configurable already due to being a conffile script
in /etc.)

-- 
Colin Watson                                       [cjwatson@debian.org]

Reply to:

Follow-Ups:
- Bug#512209: Please don't touch sshd from interfaces-up
  - From: Peter Palfrader <weasel@debian.org>
- Bug#512209: Please don't touch sshd from interfaces-up
  - From: Russ Allbery <rra@debian.org>

References:
- Bug#512209: Please don't touch sshd from interfaces-up
  - From: Peter Palfrader <weasel@debian.org>

Prev by Date: Bug#512209: Please don't touch sshd from interfaces-up
Next by Date: Bug#512209: Please don't touch sshd from interfaces-up
Previous by thread: Bug#512209: Please don't touch sshd from interfaces-up
Next by thread: Bug#512209: Please don't touch sshd from interfaces-up
Index(es):
- Date
- Thread