Bug#833263: openssh-server: SIGPIPE ignored/blocked differs between upgraded and fresh jessie system

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#833263: openssh-server: SIGPIPE ignored/blocked differs between upgraded and fresh jessie system
From: Michael Eyrich <meyr@newtec.eu>
Date: Tue, 02 Aug 2016 11:18:19 +0200
Message-id: <[🔎] 20160802091819.14008.84692.reportbug@p3.tellitec.test>
Reply-to: Michael Eyrich <meyr@newtec.eu>, 833263@bugs.debian.org
Package: openssh-server
Version: 1:6.7p1-5+deb8u3
Severity: normal

Dear Maintainer,

two jessie systems behave differently after remote login via ssh with regard to the handling of SIGPIPE:

 1) a freshly installed system ignores SIGPIPE:

    > me@fresh-installed:~$ yes | head -1
    > y
    > yes: standard output: Broken pipe
    > yes: write error

 2) an upgraded system does not ignore SIGPIPE ('yes' correctly terminates without clobbering stderror and with correct return code)
    > me@upgraded:~$ yes|head -1
    > y

It depends on where/how the sshd was started; from c) below, it looks as if 'sshd: <user> [priv]' toggles the blocked flag
for SIGPIPE invariably.

I'd expect at least the same outcome for both systems, in addition, I'd expect tools like 'yes', 'cat', 'grep' to behave
as always, i.e. to get a SIGPIPE delivered to them and to not clobber stderr with 'Broken pipe' messages.

Hope the lengthy report helps in resolving this issue.

Following some analysis:


a) from systemd service, SIGPIPE finally blocked

root     29059  0.0  0.0  51016  4176 ?        Ss   Jul29   0:00 /usr/sbin/sshd -D
root     17214  0.0  0.0 126756  8348 ?        Ss   10:20   0:00  \_ sshd: me [priv]     
me       17217  0.0  0.0 126756  4856 ?        S    10:20   0:00  |   \_ sshd: me@pts/0      
me       17218  0.0  0.0  24084  6204 pts/0    Ss+  10:20   0:00  |       \_ -bash

ps -sf:
  UID   PID          PENDING          BLOCKED          IGNORED           CAUGHT STAT TTY        TIME COMMAND
    0 29059 0000000000000000 0000000000000000 0000000000001000 0000000180014005 Ss   ?          0:00 /usr/sbin/sshd -D
    0 17214 0000000000000000 0000000000001000 0000000001001000 0000000180004003 Ss   ?          0:00  \_ sshd: me [priv]     
 1002 17217 0000000000000000 0000000000001000 0000000000001000 0000000180010000 S    ?          0:00      \_ sshd: me@pts/0      
 1002 17218 0000000000000000 0000000000001000 0000000000380004 000000004b817efb Ss+  pts/0      0:00          \_ -bash


b) from atd, SIGPIPE finally blocked

daemon   21831  0.0  0.0  90992  4968 ?        S    11:34   0:00  \_ /usr/sbin/atd -f
root     21832  0.0  0.0  17532  2620 ?        SN   11:34   0:00      \_ sh
root     21833  0.0  0.0  51016  5284 ?        SN   11:34   0:00          \_ /usr/sbin/sshd -D -p 7000
root     25343  0.0  0.0 126756  8408 ?        SNs  11:41   0:00              \_ sshd: me [priv]             
me       25346  0.0  0.0 126756  4872 ?        SN   11:41   0:00                  \_ sshd: me@pts/17             
me       25347  0.0  0.0  24100  6156 pts/17   SNs  11:41   0:00                      \_ -bash
root     27977  0.0  0.0  91448  6836 pts/17   SNL  11:46   0:00                          \_ sudo -i
root     28000  0.0  0.0  20752  5916 pts/17   SN+  11:46   0:00                              \_ -bash

ps -sf:
  UID   PID      PENDING          BLOCKED          IGNORED           CAUGHT STAT TTY        TIME COMMAND
    1 21831 0000000000000000 0000000000000000 0000000000000000 0000000180014003 S    ?          0:00 /usr/sbin/atd -f
    0 21832 0000000000000000 0000000000010000 0000000000000004 0000000000010002 SN   ?          0:00  \_ sh
    0 21833 0000000000000000 0000000000000000 0000000000001000 0000000180014005 SN   ?          0:00      \_ /usr/sbin/sshd -D -p 7000
    0 25343 0000000000000000 0000000000001000 0000000001001000 0000000180004003 SNs  ?          0:00          \_ sshd: me [priv]             
 1002 25346 0000000000000000 0000000000001000 0000000000001000 0000000180010000 SN   ?          0:00              \_ sshd: me@pts/17             
 1002 25347 0000000000000000 0000000000011000 0000000000380004 000000004b817efb SNs  pts/17     0:00                  \_ -bash
    0 27977 0000000000000000 0000000000001000 0000000000000000 00000001800b7a07 SNL  pts/17     0:00                      \_ sudo -i
    0 28000 0000000000000000 0000000000001000 0000000000380004 000000004b817efb SN+  pts/17     0:00                          \_ -bash


c) from a sudo shell, SIGPIPE finally delivered, although on the initial login (27719) blocked

root     29059  0.0  0.0  51016  4176 ?        Ss   Jul29   0:00 /usr/sbin/sshd -D
root     27708  0.0  0.0 126756  8408 ?        Ss   11:46   0:00  \_ sshd: me [priv]     
me       27718  0.0  0.0 126756  4916 ?        S    11:46   0:00  |   \_ sshd: me@pts/31     
me       27719  0.0  0.0  24084  6032 pts/31   Ss   11:46   0:00  |       \_ -bash
root     27787  0.0  0.0  91448  6816 pts/31   SL   11:46   0:00  |           \_ sudo -i
root     27802  0.0  0.0  16408  5636 pts/31   S    11:46   0:00  |               \_ -bash
root     27934  0.0  0.0  51016  5256 pts/31   S+   11:46   0:00  |                   \_ /usr/sbin/sshd -D -p 8000
root     10677  0.0  0.0 126756  8592 ?        Ss   14:30   0:00  |                       \_ sshd: me [priv]             
me       10694  0.0  0.0 126756  4012 ?        S    14:30   0:00  |                           \_ sshd: me@pts/54             
me       10695  0.1  0.0  24104  6220 pts/54   Ss+  14:30   0:00  |                               \_ -bash

ps -sf: 
  UID   PID          PENDING          BLOCKED          IGNORED           CAUGHT STAT TTY        TIME COMMAND
    0 29059 0000000000000000 0000000000000000 0000000000001000 0000000180014005 Ss   ?          0:00 /usr/sbin/sshd -D
    0 27708 0000000000000000 0000000000001000 0000000001001000 0000000180004003 Ss   ?          0:00  \_ sshd: me [priv]     
 1002 27718 0000000000000000 0000000000001000 0000000000001000 0000000180010000 S    ?          0:00      \_ sshd: me@pts/31     
 1002 27719 0000000000000000 0000000000011000 0000000000380004 000000004b817efb Ss   pts/31     0:00          \_ -bash
    0 27787 0000000000000000 0000000000001000 0000000000000000 00000001800b7a07 SL   pts/31     0:00              \_ sudo -i
    0 27802 0000000000000000 0000000000011000 0000000000380004 000000004b817efb S    pts/31     0:00                  \_ -bash
    0 27934 0000000000000000 0000000000001000 0000000000001000 0000000180014005 S+   pts/31     0:00                      \_ /usr/sbin/sshd -D -p 8000
    0 10677 0000000000000000 0000000000000000 0000000001001000 0000000180004003 Ss   ?          0:00                          \_ sshd: me [priv]             
 1002 10694 0000000000000000 0000000000000000 0000000000001000 0000000180010000 S    ?          0:00                              \_ sshd: me@pts/54             
 1002 10695 0000000000000000 0000000000000000 0000000000380004 000000004b817efb Ss+  pts/54     0:00                                  \_ -bash


d) on upgraded system

root     22486  0.0  0.0  51012  3184 ?        Ss   Jul24   0:00 /usr/sbin/sshd -D
root      1143  0.0  0.0  97672  6420 ?        Ss   15:55   0:00  \_ sshd: me [priv]     
me        1148  0.0  0.0  97672  4048 ?        S    15:55   0:00      \_ sshd: me@pts/85     
me        1151  0.1  0.1  23080  9044 pts/85   Ss   15:55   0:00          \_ -bash

ps sf:
  UID   PID          PENDING          BLOCKED          IGNORED           CAUGHT STAT TTY        TIME COMMAND
    0 22486 0000000000000000 0000000000000000 0000000000001000 0000000180014005 Ss   ?          0:00 /usr/sbin/sshd -D
    0  1143 0000000000000000 0000000000000000 0000000001001000 0000000180004003 Ss   ?          0:00  \_ sshd: me [priv]     
 1002  1148 0000000000000000 0000000000000000 0000000000001000 0000000180010000 S    ?          0:00      \_ sshd: me@pts/85     
 1002  1151 0000000000000000 0000000000010000 0000000000380004 000000004b817efb Ss   pts/85     0:00          \_ -bash




*)

Last words of strace of 'yes' for 1)
[...]
write(1, "y\ny\ny\ny\ny\ny\ny\ny\ny\ny\ny\ny\ny\ny\ny\ny\n"..., 4096) = 4096
y
write(1, "y\ny\ny\ny\ny\ny\ny\ny\ny\ny\ny\ny\ny\ny\ny\ny\n"..., 4096) = -1 EPIPE (Broken pipe)
write(2, "yes: ", 5yes: )                    = 5
write(2, "standard output", 15standard output)         = 15
write(2, ": Broken pipe", 13: Broken pipe)           = 13
write(2, "\n", 1
)                       = 1
close(1)                                = 0
munmap(0x7f08b48b7000, 4096)            = 0
write(2, "yes: ", 5yes: )                    = 5
write(2, "write error", 11write error)             = 11
write(2, "\n", 1
)                       = 1
exit_group(1)                           = ?
+++ exited with 1 +++


Last words of strace of 'yes' for 2)
[...]
write(1, "y\ny\ny\ny\ny\ny\ny\ny\ny\ny\ny\ny\ny\ny\ny\ny\n"..., 4096y
) = 4096
write(1, "y\ny\ny\ny\ny\ny\ny\ny\ny\ny\ny\ny\ny\ny\ny\ny\n"..., 4096) = -1 EPIPE (Broken pipe)
--- SIGPIPE {si_signo=SIGPIPE, si_code=SI_USER, si_pid=1366, si_uid=1002} ---
+++ killed by SIGPIPE +++

BR,
 Michael



-- System Information:
Debian Release: 8.5
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.5.0-0.bpo.2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=ANSI_X3.4-1968) (ignored: LC_ALL set to C)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)

Versions of packages openssh-server depends on:
ii  adduser                3.113+nmu3
ii  debconf [debconf-2.0]  1.5.56
ii  dpkg                   1.17.27
ii  init-system-helpers    1.22
ii  libc6                  2.19-18+deb8u4
ii  libcomerr2             1.42.12-1.1
ii  libgssapi-krb5-2       1.12.1+dfsg-19+deb8u2
ii  libkrb5-3              1.12.1+dfsg-19+deb8u2
ii  libpam-modules         1.1.8-3.1+deb8u1+b1
ii  libpam-runtime         1.1.8-3.1+deb8u1
ii  libpam0g               1.1.8-3.1+deb8u1+b1
ii  libselinux1            2.3-2
ii  libssl1.0.0            1.0.1t-1+deb8u2
ii  libwrap0               7.6.q-25
ii  lsb-base               4.1+Debian13+nmu1
ii  openssh-client         1:6.7p1-5+deb8u3
ii  openssh-sftp-server    1:6.7p1-5+deb8u3
ii  procps                 2:3.3.9-9
ii  zlib1g                 1:1.2.8.dfsg-2+b1

Versions of packages openssh-server recommends:
ii  ncurses-term  5.9+20140913-1
ii  xauth         1:1.0.9-1

Versions of packages openssh-server suggests:
pn  molly-guard   <none>
pn  monkeysphere  <none>
pn  rssh          <none>
pn  ssh-askpass   <none>
pn  ufw           <none>

-- debconf information:
  openssh-server/permit-root-login: false

Secure your future - Meet Newtec Dialog® <http://www.newtec.eu/product/newtec-dialog> - the platform that embraces change. With Mx-DMA™ <http://www.newtec.eu/technology/mx-dma> - Discover the WTA ‘Teleport Technology of the Year’ award winner 2015!

***mail confidentiality footer ***
 This message and any attachments thereto are confidential. They may also be privileged or otherwise protected by work product immunity or other legal rules. If you have received it by mistake, please let us know by e-mail reply and delete it from your system; you may not copy this message or disclose its contents to anyone. E-mail transmission cannot be guaranteed to be secure or error free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore is in no way liable for any errors or omissions in the content of this message, which may arise as a result of e-mail transmission. If verification is required, please request a hard copy.
Reply to:
Prev by Date: Bug#726579: Apparently fixed in the version found in testing
Next by Date: Bug#726579: Apparently fixed in the version found in testing
Previous by thread: Bug#726579: Apparently fixed in the version found in testing
Next by thread: openssh 1:7.2p2-8 MIGRATED to testing
Index(es):
- Date
- Thread