Re: trying to resurrect discussion about "Cannot signal a process over a channel (rfc 4254, section 6.9)"

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Hi,

So that you know, I did a pull request on the OpenSSH-portable GitHub to avoid this discussion to fall into oblivion.

Best regards,

Yonathan


> On 2 Aug 2018, at 18:57, Iain Morgan <imorgan@xxxxxxxxxxxx> wrote:
> 
> That's great news! Do you have any input regarding the implementation
> details? Any suggestions that would ease inclusion of this feature would
> be welcome.
> 
> -- 
> Iain
> 
> On Wed, Aug 01, 2018 at 10:55:52 +1000, Damien Miller wrote:
>> FWIW, now that privsep is mandatory I have no objection to including
>> signal support in sshd.
>> 
>> On Wed, 25 Jul 2018, Yonathan Bleyfuesz wrote:
>> 
>>> Hi all,
>>> 
>>> I would like to propose some ideas to revivify this subject.
>>> 
>>> -First, we could add support on the client to send signal thanks to the escape characters.
>>> (code : https://github.com/JawaGL/openssh-portable/commit/5bc9e6bc959b1b0f89d7ca7b4b04d7c37079fef0 ).
>>> 
>>> With this, in order to send a message requesting the server to send a SIGTERM to the remote process, you need to type  “~ST” which is not really invasive client-side.
>>> 
>>> But this means that the client has to enable TTY.
>>> 
>>> 
>>> -Secondly , server-side, there is a problem with the currently suggested patch : it only works when we do an ‘exec’ request to the server (eg : ssh some-host “some; commands;”).
>>> 
>>> This is because in the other possible configuration, a shell is launched by the server. Then when we launch a process, it is forked by this shell and thus it has its own group-id.
>>> 
>>> When the user launches a signal-request hoping to reach a blocking process, the pid that is used by the ‘killpg’ function is the one of the shell. So it is this shell that catches the signal resulting in it:
>>> 	- dying and leaving zombies 
>>> 	- dying and taking its child with him (SIGHUP and SIGKILL)
>>> 	- ignoring the signal (SIGINT, SIGTERM, SIGQUIT).
>>> 
>>> Example of ID’s when I connect to a server and launch the script test_signal.sh :  
>>> PID   PPID  PGID  SID
>>> 4060  1598  4060  1556 sshd            sshd: root@pts/2
>>> 4062  4060  4062  4062 bash            -bash
>>> 4075  4062  4075  4062 sh              sh test_signal.sh
>>> 4076  4075  4075  4062 sh              sh test_signal.sh
>>> 
>>> So in order to take this use case into account we could use the 'tcgetpgrp()’  function from ‘unistd.h’. 
>>> (code : https://github.com/JawaGL/openssh-portable/commit/3667c0d90688c43ac0729083f73afa65102226b4 )
>>> 
>>> Of course this would still work if there are no TTY present since we can still access the PGID of the forked child in the session attributes.
>>> 
>>> -Finally, in order to test these functionalities, we could integrate a test case in the regress folder. (code : https://github.com/JawaGL/openssh-portable/commit/02c39b15363c54d0e622e5724c721a474e1cacd6).
>>> 
>>> 
>>> I tested all these features on MacOSX and Ubuntu 18.
>>> 
>>> I hope this helps,
>>> Thanks in advance for your returns,
>>> 
>>> Yonathan
>>> 
>>> 
>>> _______________________________________________
>>> openssh-unix-dev mailing list
>>> openssh-unix-dev@xxxxxxxxxxx
>>> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>>> 
>> _______________________________________________
>> openssh-unix-dev mailing list
>> openssh-unix-dev@xxxxxxxxxxx
>> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
> 
> -- 
> Iain Morgan

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux