Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   ArchLinux Development (http://www.linux-archive.org/archlinux-development/)
-   -   openssh 5.4p1-2 (http://www.linux-archive.org/archlinux-development/339314-openssh-5-4p1-2-a.html)

Pierre Schmitz 03-10-2010 02:36 PM

openssh 5.4p1-2
 
So, it's me again. This time we should have an openssh package which fixes
both of these bugs:
http://bugs.archlinux.org/task/18611
http://bugs.archlinux.org/task/17138

Please sign-off,

Pierre

--

Pierre Schmitz, https://users.archlinux.de/~pierre

Pierre Schmitz 03-10-2010 03:08 PM

openssh 5.4p1-2
 
Am Mittwoch, 10. März 2010 16:36:15 schrieb Pierre Schmitz:
> So, it's me again. This time we should have an openssh package which fixes
> both of these bugs:
> http://bugs.archlinux.org/task/18611
> http://bugs.archlinux.org/task/17138
>
> Please sign-off,
>
> Pierre

This is really not my day and I already regret touching this package. :-) The
problem with using readlink /proc/$pid/exe is that during an update of a
running sshd that link will point nowhere. As a result the restart will fail.

What do you think about using /proc/$pid/cmdline instead?

--

Pierre Schmitz, https://users.archlinux.de/~pierre

Pierre Schmitz 03-10-2010 03:16 PM

openssh 5.4p1-2
 
Am Mittwoch, 10. März 2010 17:08:45 schrieb Pierre Schmitz:
> Am Mittwoch, 10. März 2010 16:36:15 schrieb Pierre Schmitz:
> > So, it's me again. This time we should have an openssh package which
> > fixes both of these bugs:
> > http://bugs.archlinux.org/task/18611
> > http://bugs.archlinux.org/task/17138
> >
> > Please sign-off,
> >
> > Pierre
>
> This is really not my day and I already regret touching this package. :-)
> The problem with using readlink /proc/$pid/exe is that during an update of
> a running sshd that link will point nowhere. As a result the restart will
> fail.
>
> What do you think about using /proc/$pid/cmdline instead?

Just found out that this wont work with ssh_args set in /ec/conf.d/sshd. My
last resort would be stripping that possible "(deleted)" fro mthe readlink
output.

--

Pierre Schmitz, https://users.archlinux.de/~pierre

Aaron Griffin 03-10-2010 03:23 PM

openssh 5.4p1-2
 
On Wed, Mar 10, 2010 at 10:16 AM, Pierre Schmitz <pierre@archlinux.de> wrote:
> Am Mittwoch, 10. März 2010 17:08:45 schrieb Pierre Schmitz:
>> Am Mittwoch, 10. März 2010 16:36:15 schrieb Pierre Schmitz:
>> > So, it's me again. This time we should have an openssh package which
>> > fixes both of these bugs:
>> > http://bugs.archlinux.org/task/18611
>> > http://bugs.archlinux.org/task/17138
>> >
>> > Please sign-off,
>> >
>> > Pierre
>>
>> This is really not my day and I already regret touching this package. :-)
>> The problem with using readlink /proc/$pid/exe is that during an update of
>> a running sshd that link will point nowhere. As a result the restart will
>> fail.
>>
>> What do you think about using /proc/$pid/cmdline instead?
>
> Just found out that this wont work with ssh_args set in /ec/conf.d/sshd. My
> last resort would be stripping that possible "(deleted)" fro mthe readlink
> output.

So what's the actual issue with pidof? "pidof -o %PPID" is supposed to
return JUST the parent process's pid, not the children. Is it
returning the wrong pid?

Hrm, checking this on an arbitrary machine at work:

$ ps ax | grep sshd
5436 ? Ss 0:16 /usr/sbin/sshd
32128 ? Ss 0:00 sshd: agriffin [priv]
32130 ? S 0:00 sshd: agriffin@pts/3
32435 pts/3 R+ 0:00 grep sshd

$ pidof -o %PPID /usr/bin/sshd
32130 32128

So... why aren't we getting the actual parent pid here?

Thomas Bächler 03-10-2010 03:31 PM

openssh 5.4p1-2
 
Am 10.03.2010 17:16, schrieb Pierre Schmitz:
>> This is really not my day and I already regret touching this package. :-)
>> The problem with using readlink /proc/$pid/exe is that during an update of
>> a running sshd that link will point nowhere. As a result the restart will
>> fail.
>>
>> What do you think about using /proc/$pid/cmdline instead?
>
> Just found out that this wont work with ssh_args set in /ec/conf.d/sshd. My
> last resort would be stripping that possible "(deleted)" fro mthe readlink
> output.

The sshd symlink is not actually a symlink, it is something weird. It
will always seem to point to the right "path" as far as I know, even
when the binary is changed or deleted.

Byron Clark 03-10-2010 03:32 PM

openssh 5.4p1-2
 
On Wed, Mar 10, 2010 at 05:16:10PM +0100, Pierre Schmitz wrote:
> Am Mittwoch, 10. März 2010 17:08:45 schrieb Pierre Schmitz:
> > Am Mittwoch, 10. März 2010 16:36:15 schrieb Pierre Schmitz:
> > This is really not my day and I already regret touching this package. :-)
> > The problem with using readlink /proc/$pid/exe is that during an update of
> > a running sshd that link will point nowhere. As a result the restart will
> > fail.
> >
> > What do you think about using /proc/$pid/cmdline instead?
>
> Just found out that this wont work with ssh_args set in /ec/conf.d/sshd. My
> last resort would be stripping that possible "(deleted)" fro mthe readlink
> output.

Here's another way to check if the pid file is valid:

if pidof sshd | grep -q $(cat /var/run/sshd.pid); then
echo "pid in /var/run/sshd.pid is valid"
else
echo "invalid pid"
fi

--
Byron Clark

Thomas Bächler 03-10-2010 03:34 PM

openssh 5.4p1-2
 
Am 10.03.2010 17:23, schrieb Aaron Griffin:
> So what's the actual issue with pidof? "pidof -o %PPID" is supposed to
> return JUST the parent process's pid, not the children. Is it
> returning the wrong pid?

<quote>
-o Tells pidof to omit processes with that process id. The
special pid %PPID can be used to name the parent process of the pidof
program, in other words the calling shell or shell script.
</quote>

There is no way we can do this with pidof.

Byron Clark 03-10-2010 04:05 PM

openssh 5.4p1-2
 
On Wed, Mar 10, 2010 at 09:32:15AM -0700, Byron Clark wrote:
> if pidof sshd | grep -q $(cat /var/run/sshd.pid); then
> echo "pid in /var/run/sshd.pid is valid"
> else
> echo "invalid pid"
> fi

Ignore that, it isn't entirely safe.

--
Byron Clark

Linas 03-10-2010 04:15 PM

openssh 5.4p1-2
 
Byron Clark wrote:

On Wed, Mar 10, 2010 at 09:32:15AM -0700, Byron Clark wrote:


if pidof sshd | grep -q $(cat /var/run/sshd.pid); then
echo "pid in /var/run/sshd.pid is valid"
else
echo "invalid pid"
fi


Ignore that, it isn't entirely safe.



You may want grep -q "^$(cat /var/run/sshd.pid)$"

__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com

Byron Clark 03-10-2010 04:24 PM

openssh 5.4p1-2
 
On Wed, Mar 10, 2010 at 06:15:32PM +0100, Linas wrote:
> Byron Clark wrote:
> >On Wed, Mar 10, 2010 at 09:32:15AM -0700, Byron Clark wrote:
> >>if pidof sshd | grep -q $(cat /var/run/sshd.pid); then
> >> echo "pid in /var/run/sshd.pid is valid"
> >>else
> >> echo "invalid pid"
> >>fi
> >Ignore that, it isn't entirely safe.
>
> You may want grep -q "^$(cat /var/run/sshd.pid)$"

Unfortunately that only works if there is only one sshd process returned
by pidof. Here's the case I'm worried about:

/var/run/sshd.pid: 343
pidof sshd: 3433

--
Byron Clark


All times are GMT. The time now is 10:02 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.