Bug#714526: Should close stderr when becoming multiplex master

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#714526: Should close stderr when becoming multiplex master
From: Guido Günther <agx@sigxcpu.org>
Date: Sun, 30 Jun 2013 15:14:18 +0200
Message-id: <[🔎] 20130630131418.GA28796@bogon.sigxcpu.org>
Reply-to: Guido Günther <agx@sigxcpu.org>, 714526@bugs.debian.org

Package: openssh-client
Version: 1:6.2p2-5
Severity: wishlist
Tags: patch

Hi,
when becoming multiplex master and not closing stderr processes can hand
as described in #708296. This happens since Python's subprocess module
won't terminate Popen.communicate() when the chield dies but only when
it receives EOF on the fd.

While this is arguably a bug in python's subprocess module [1] being
"half" a daemon and closing most file descriptors like ssh currently
does is bad either.

I'm happy to modify the patch to not close stderr e.g. in case of
running in debug mode but wanted to get your feedback first.

Cheers,
 -- Guido

[1] http://bugs.python.org/issue4216



-- System Information:
Debian Release: jessie/sid
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'testing'), (50, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 3.2.0-4-686-pae (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages openssh-client depends on:
ii  adduser           3.113+nmu3
ii  dpkg              1.16.10
ii  libc6             2.17-3
ii  libedit2          2.11-20080614-6
ii  libgssapi-krb5-2  1.10.1+dfsg-5+deb7u1
ii  libselinux1       2.1.13-2
ii  libssl1.0.0       1.0.1e-3
ii  passwd            1:4.1.5.1-1
ii  zlib1g            1:1.2.8.dfsg-1

Versions of packages openssh-client recommends:
ii  xauth  1:1.0.7-1

Versions of packages openssh-client suggests:
pn  keychain                 <none>
pn  libpam-ssh               <none>
pn  monkeysphere             <none>
ii  openssh-blacklist        0.4.1+nmu1
ii  openssh-blacklist-extra  0.4.1+nmu1
ii  ssh-askpass              1:1.2.4.1-9

-- no debconf information

-- debsums errors found:
debsums: changed file /usr/bin/ssh (from openssh-client package)

>From e10183e072dd2e815ffbc4d82e59a03cfa029099 Mon Sep 17 00:00:00 2001
Message-Id: <e10183e072dd2e815ffbc4d82e59a03cfa029099.1372597574.git.agx@sigxcpu.org>
From: =?UTF-8?q?Guido=20G=C3=BCnther?= <agx@sigxcpu.org>
Date: Sun, 30 Jun 2013 15:04:11 +0200
Subject: [PATCH] Close stderr iff multiplex master

When we're becoming the multiplex master we should close all file
descriptors by default including stderr. Everything else might
yield surprises to the user like:

    http://bugs.debian.org/708296

While this is arguably a bug in python's subprocess being "half"
a daemon and closing most file descriptors is bad either.
---
 ssh.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/ssh.c b/ssh.c
index 5ec89f2..4552151 100644
--- a/ssh.c
+++ b/ssh.c
@@ -990,7 +990,8 @@ control_persist_detach(void)
 		    strerror(errno));
 	} else {
 		if (dup2(devnull, STDIN_FILENO) == -1 ||
-		    dup2(devnull, STDOUT_FILENO) == -1)
+		    dup2(devnull, STDOUT_FILENO) == -1 ||
+		    dup2(devnull, STDERR_FILENO) == -1)
 			error("%s: dup2: %s", __func__, strerror(errno));
 		if (devnull > STDERR_FILENO)
 			close(devnull);
-- 
1.8.3.1

Reply to:

Prev by Date: Bug#714435: openssh-client: please support reattach to existing ssh-agent
Previous by thread: Bug#714435: openssh-client: please support reattach to existing ssh-agent
Index(es):
- Date
- Thread