Bug#549376: openssh-server: sshd not reaping my login shell
Package: openssh-server
Version: 1:5.1p1-7
Severity: important
When I ssh from little-cat-a to cat-in-the-hat, exiting the login shell
on cat-in-the-hat doesn't end my ssh connection. After running ps on
cat-in-the-hat, I noticed that the login shell in question was still
sitting around as a zombie process, meaning that sshd isn't reaping the
shell.
Here's an strace of the problem (from sshd on cat-in-the-hat), attaching
to the sshd process (as root) after I am already logged in. You can see
that sshd is changing the signal mask an awful lot (blocking and
unblocking SIGCHLD), and it appears sshd isn't responding to SIGCHLD.
(It's definitley not calling waitpid to reap the shell.)
sshd finally quits when I type ~. to make the client drop the
connection.
[bloom@cat-in-the-hat ~]$ sudo strace -p 8124
[sudo] password for bloom:
Process 8124 attached - interrupt to quit
select(13, [3 6 8 9 12], [], NULL, NULL) = 1 (in [3])
rt_sigprocmask(SIG_BLOCK, [CHLD], ~[KILL ALRM STOP RTMIN RT_1], 8) = 0
rt_sigprocmask(SIG_SETMASK, ~[KILL ALRM STOP RTMIN RT_1], NULL, 8) = 0
read(3, "?m\3\270^\316,\314\0v\375\240\36\rG\263\203`f\210\210\264\340
\366\3\341\366\230_X\5\276"..., 16384) = 48
select(13, [3 6 8 9 12], [10], NULL, NULL) = 1 (out [10])
rt_sigprocmask(SIG_BLOCK, [CHLD], ~[KILL ALRM STOP RTMIN RT_1], 8) = 0
rt_sigprocmask(SIG_SETMASK, ~[KILL ALRM STOP RTMIN RT_1], NULL, 8) = 0
write(10, "e", 1) = 1
ioctl(10, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig -icanon
-echo ...}) = 0
select(13, [3 6 8 9 12], [], NULL, NULL) = 1 (in [12])
rt_sigprocmask(SIG_BLOCK, [CHLD], ~[KILL ALRM STOP RTMIN RT_1], 8) = 0
rt_sigprocmask(SIG_SETMASK, ~[KILL ALRM STOP RTMIN RT_1], NULL, 8) = 0
read(12, "e", 16384) = 1
select(13, [3 6 8 9 12], [3], NULL, NULL) = 1 (out [3])
rt_sigprocmask(SIG_BLOCK, [CHLD], ~[KILL ALRM STOP RTMIN RT_1], 8) = 0
rt_sigprocmask(SIG_SETMASK, ~[KILL ALRM STOP RTMIN RT_1], NULL, 8) = 0
write(3, "X\263\2A\350\235\233\355,\3149\223\364\221\265Ut\346\225h\275
\215z\234Z\3039\31\356x[\27"..., 48) = 48
select(13, [3 6 8 9 12], [], NULL, NULL) = 1 (in [3])
rt_sigprocmask(SIG_BLOCK, [CHLD], ~[KILL ALRM STOP RTMIN RT_1], 8) = 0
rt_sigprocmask(SIG_SETMASK, ~[KILL ALRM STOP RTMIN RT_1], NULL, 8) = 0
read(3, "\233`\205l\271\25\217\245\311j\307\2614\267t\226D\212\275h&q
\314+\262\23\25\321\302\261D\235"..., 16384) = 48
select(13, [3 6 8 9 12], [10], NULL, NULL) = 1 (out [10])
rt_sigprocmask(SIG_BLOCK, [CHLD], ~[KILL ALRM STOP RTMIN RT_1], 8) = 0
rt_sigprocmask(SIG_SETMASK, ~[KILL ALRM STOP RTMIN RT_1], NULL, 8) = 0
write(10, "x", 1) = 1
ioctl(10, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig -icanon
-echo ...}) = 0
select(13, [3 6 8 9 12], [], NULL, NULL) = 1 (in [12])
rt_sigprocmask(SIG_BLOCK, [CHLD], ~[KILL ALRM STOP RTMIN RT_1], 8) = 0
rt_sigprocmask(SIG_SETMASK, ~[KILL ALRM STOP RTMIN RT_1], NULL, 8) = 0
read(12, "x", 16384) = 1
select(13, [3 6 8 9 12], [3], NULL, NULL) = 1 (out [3])
rt_sigprocmask(SIG_BLOCK, [CHLD], ~[KILL ALRM STOP RTMIN RT_1], 8) = 0
rt_sigprocmask(SIG_SETMASK, ~[KILL ALRM STOP RTMIN RT_1], NULL, 8) = 0
write(3, "\206\331V\270\377\4\356\34rA\211c\336\200-e\264M\205\244\263
\250Qg$\227\307\205\270\36\201t"..., 48) = 48
select(13, [3 6 8 9 12], [], NULL, NULL) = 1 (in [3])
rt_sigprocmask(SIG_BLOCK, [CHLD], ~[KILL ALRM STOP RTMIN RT_1], 8) = 0
rt_sigprocmask(SIG_SETMASK, ~[KILL ALRM STOP RTMIN RT_1], NULL, 8) = 0
read(3, "<\326\326|\204\343[G\22\230\211\231\2\240\324xs~\257\35\250TT
\212,>\1\376U\231\374\264"..., 16384) = 48
select(13, [3 6 8 9 12], [10], NULL, NULL) = 1 (out [10])
rt_sigprocmask(SIG_BLOCK, [CHLD], ~[KILL ALRM STOP RTMIN RT_1], 8) = 0
rt_sigprocmask(SIG_SETMASK, ~[KILL ALRM STOP RTMIN RT_1], NULL, 8) = 0
write(10, "i", 1) = 1
ioctl(10, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig -icanon
-echo ...}) = 0
select(13, [3 6 8 9 12], [], NULL, NULL) = 1 (in [12])
rt_sigprocmask(SIG_BLOCK, [CHLD], ~[KILL ALRM STOP RTMIN RT_1], 8) = 0
rt_sigprocmask(SIG_SETMASK, ~[KILL ALRM STOP RTMIN RT_1], NULL, 8) = 0
read(12, "i", 16384) = 1
select(13, [3 6 8 9 12], [3], NULL, NULL) = 1 (out [3])
rt_sigprocmask(SIG_BLOCK, [CHLD], ~[KILL ALRM STOP RTMIN RT_1], 8) = 0
rt_sigprocmask(SIG_SETMASK, ~[KILL ALRM STOP RTMIN RT_1], NULL, 8) = 0
write(3, "\320\230 \245\237\230[\261\33\16K1\207\270\241\270\310\\tkU
\231\n\347\232H2*LENf"..., 48) = 48
select(13, [3 6 8 9 12], [], NULL, NULL) = 1 (in [3])
rt_sigprocmask(SIG_BLOCK, [CHLD], ~[KILL ALRM STOP RTMIN RT_1], 8) = 0
rt_sigprocmask(SIG_SETMASK, ~[KILL ALRM STOP RTMIN RT_1], NULL, 8) = 0
read(3, "\236\347\243\35\22\235\241v\247k\246<\r\305a\271\335V\305&\30
\324-=\204\256\4`@\302`\333"..., 16384) = 48
select(13, [3 6 8 9 12], [10], NULL, NULL) = 1 (out [10])
rt_sigprocmask(SIG_BLOCK, [CHLD], ~[KILL ALRM STOP RTMIN RT_1], 8) = 0
rt_sigprocmask(SIG_SETMASK, ~[KILL ALRM STOP RTMIN RT_1], NULL, 8) = 0
write(10, "t", 1) = 1
ioctl(10, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig -icanon
-echo ...}) = 0
select(13, [3 6 8 9 12], [], NULL, NULL) = 1 (in [12])
rt_sigprocmask(SIG_BLOCK, [CHLD], ~[KILL ALRM STOP RTMIN RT_1], 8) = 0
rt_sigprocmask(SIG_SETMASK, ~[KILL ALRM STOP RTMIN RT_1], NULL, 8) = 0
read(12, "t", 16384) = 1
select(13, [3 6 8 9 12], [3], NULL, NULL) = 1 (out [3])
rt_sigprocmask(SIG_BLOCK, [CHLD], ~[KILL ALRM STOP RTMIN RT_1], 8) = 0
rt_sigprocmask(SIG_SETMASK, ~[KILL ALRM STOP RTMIN RT_1], NULL, 8) = 0
write(3, ")(\353\317\2G(<\374e\346\253\277&R\214\37719\\\306\341\241d\5
\247\237\3059\35B}"..., 48) = 48
select(13, [3 6 8 9 12], [], NULL, NULL) = 1 (in [3])
rt_sigprocmask(SIG_BLOCK, [CHLD], ~[KILL ALRM STOP RTMIN RT_1], 8) = 0
rt_sigprocmask(SIG_SETMASK, ~[KILL ALRM STOP RTMIN RT_1], NULL, 8) = 0
read(3, "i2xeL\20\215\266~s\264\264/fIZe\314v\304\216E\323GO\236\34\331
\364\250[l"..., 16384) = 48
select(13, [3 6 8 9 12], [10], NULL, NULL) = 1 (out [10])
rt_sigprocmask(SIG_BLOCK, [CHLD], ~[KILL ALRM STOP RTMIN RT_1], 8) = 0
rt_sigprocmask(SIG_SETMASK, ~[KILL ALRM STOP RTMIN RT_1], NULL, 8) = 0
write(10, "\r", 1) = 1
select(13, [3 6 8 9 12], [], NULL, NULL) = 1 (in [12])
rt_sigprocmask(SIG_BLOCK, [CHLD], ~[KILL ALRM STOP RTMIN RT_1], 8) = 0
rt_sigprocmask(SIG_SETMASK, ~[KILL ALRM STOP RTMIN RT_1], NULL, 8) = 0
read(12, "\r\n", 16384) = 2
select(13, [3 6 8 9 12], [3], NULL, NULL) = 2 (in [12], out [3])
rt_sigprocmask(SIG_BLOCK, [CHLD], ~[KILL ALRM STOP RTMIN RT_1], 8) = 0
rt_sigprocmask(SIG_SETMASK, ~[KILL ALRM STOP RTMIN RT_1], NULL, 8) = 0
read(12, "logout\r\n", 16384) = 8
write(3, "v\216`<\244\240\264\32D\331\240\212R\250-+\346\325\237b\255
\351{{y\327D4(\250\371\313"..., 48) = 48
select(13, [3 6 8 9 12], [3], NULL, NULL) = 1 (out [3])
rt_sigprocmask(SIG_BLOCK, [CHLD], ~[KILL ALRM STOP RTMIN RT_1], 8) = 0
rt_sigprocmask(SIG_SETMASK, ~[KILL ALRM STOP RTMIN RT_1], NULL, 8) = 0
write(3, "\261\10\331\20fV\225\231\351=\2111\34\225G\366r\222+a\335\264
\244\266\r\17\2424^\311\0027"..., 48) = 48
select(13, [3 6 8 9 12], [], NULL, NULL) = 1 (in [12])
rt_sigprocmask(SIG_BLOCK, [CHLD], ~[KILL ALRM STOP RTMIN RT_1], 8) = 0
rt_sigprocmask(SIG_SETMASK, ~[KILL ALRM STOP RTMIN RT_1], NULL, 8) = 0
read(12, 0x7fff72ac4d40, 16384) = -1 EIO (Input/output error)
close(12) = 0
select(13, [3 6 8 9], [3], NULL, NULL) = 1 (out [3])
rt_sigprocmask(SIG_BLOCK, [CHLD], ~[KILL ALRM STOP RTMIN RT_1], 8) = 0
rt_sigprocmask(SIG_SETMASK, ~[KILL ALRM STOP RTMIN RT_1], NULL, 8) = 0
write(3, "\217\254\305\327\4\235N\266r\214\6h\341\256hg\362\227kNa\322
\376\33\306\363i\233\243\260x\311", 32) = 32
select(13, [3 6 8 9], [], NULL, NULL) = 1 (in [3])
rt_sigprocmask(SIG_BLOCK, [CHLD], ~[KILL ALRM STOP RTMIN RT_1], 8) = 0
rt_sigprocmask(SIG_SETMASK, ~[KILL ALRM STOP RTMIN RT_1], NULL, 8) = 0
read(3, "", 16384) = 0
rt_sigprocmask(SIG_BLOCK, [CHLD], ~[KILL ALRM STOP RTMIN RT_1], 8) = 0
rt_sigprocmask(SIG_SETMASK, ~[KILL ALRM STOP RTMIN RT_1], NULL, 8) = 0
close(10) = 0
shutdown(8, 2 /* send and receive */) = 0
close(8) = 0
close(8) = -1 EBADF (Bad file descriptor)
close(8) = -1 EBADF (Bad file descriptor)
shutdown(9, 2 /* send and receive */) = 0
close(9) = 0
close(9) = -1 EBADF (Bad file descriptor)
close(9) = -1 EBADF (Bad file descriptor)
brk(0x7fc905223000) = 0x7fc905223000
write(5, "\0\0\0\17\34", 5) = 5
write(5, "\0\0\0\n/dev/pts/1", 14) = 14
close(13) = 0
shutdown(3, 2 /* send and receive */) = 0
close(3) = 0
write(5, "\0\0\0\1=", 5) = 5
exit_group(0) = ?
Process 8124 detached
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.30-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages openssh-server depends on:
ii adduser 3.111 add and remove users and groups
ii debconf [debconf-2.0] 1.5.27 Debian configuration management sy
ii dpkg 1.15.4 Debian package management system
ii libc6 2.9-27 GNU C Library: Shared libraries
ii libcomerr2 1.41.9-1 common error description library
ii libgssapi-krb5-2 1.7dfsg~beta3-1 MIT Kerberos runtime libraries - k
ii libk5crypto3 1.7dfsg~beta3-1 MIT Kerberos runtime libraries - C
ii libkrb5-3 1.7dfsg~beta3-1 MIT Kerberos runtime libraries
ii libpam-modules 1.1.0-4 Pluggable Authentication Modules f
ii libpam-runtime 1.1.0-4 Runtime support for the PAM librar
ii libpam0g 1.1.0-4 Pluggable Authentication Modules l
ii libselinux1 2.0.85-4 SELinux runtime shared libraries
ii libssl0.9.8 0.9.8k-5 SSL shared libraries
ii libwrap0 7.6.q-18 Wietse Venema's TCP wrappers libra
ii lsb-base 3.2-23 Linux Standard Base 3.2 init scrip
ii openssh-blacklist 0.4.1 list of default blacklisted OpenSS
ii openssh-client 1:5.1p1-7 secure shell client, an rlogin/rsh
ii procps 1:3.2.8-1.2 /proc file system utilities
ii zlib1g 1:1.2.3.3.dfsg-15 compression library - runtime
Versions of packages openssh-server recommends:
ii openssh-blacklist-extra 0.4.1 list of non-default blacklisted Op
ii xauth 1:1.0.3-2 X authentication utility
Versions of packages openssh-server suggests:
pn molly-guard <none> (no description available)
pn rssh <none> (no description available)
pn ssh-askpass <none> (no description available)
pn ufw <none> (no description available)
-- debconf information:
* ssh/insecure_rshd:
* ssh/vulnerable_host_keys:
* ssh/new_config: true
* ssh/use_old_init_script: true
* ssh/disable_cr_auth: false
* ssh/encrypted_host_key_but_no_keygen:
Reply to: