[PATCH] close stderr of persistent proxy command if not in debug mode

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Hello,

This is my first patch to OpenSSH.  Apologies if the format is not as expected.  Let me know if I should submit in a different format.

---
From 48393827a9d335a77c6c9bc96d33cc7aa234bbd3 Mon Sep 17 00:00:00 2001
From: Steffen Prohaska <prohaska@xxxxxx>
Date: Sat, 27 Oct 2018 16:52:57 +0200
Subject: [PATCH] close stderr of persistent proxy command if not in debug mode

The patch should likely be first applied to upstream.

If the parent becomes a new persistent connection master daemon, stderr
of the proxy command should be detached, too, similar to the master
daemon's stderr, as changed in
openssh-portable@d2d6bf864e52af8491a60dd507f85b74361f5da3,
upstream@4fb726f0fdcb155ad419913cea10dc4afd409d24 and discussed in
bz#1988.

Signed-off-by: Steffen Prohaska <prohaska@xxxxxx>
---

You can view a signed commit at GitHub:

   https://github.com/sprohaska/openssh-portable/tree/pr/proxy-detach-stderr
   https://github.com/sprohaska/openssh-portable/commit/48393827a9d335a77c6c9bc96d33cc7aa234bbd3

or pull with:

   git pull https://github.com/sprohaska/openssh-portable.git pr/proxy-detach-stderr


sshconnect.c | 38 ++++++++++++++++++++++++++++++++------
1 file changed, 32 insertions(+), 6 deletions(-)

diff --git a/sshconnect.c b/sshconnect.c
index 52c32811..5266b2af 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -78,6 +78,7 @@ static int matching_host_key_dns = 0;
static pid_t proxy_command_pid = 0;

/* import */
+extern int debug_flag;
extern Options options;
extern char *__progname;

@@ -99,6 +100,33 @@ expand_proxy_command(const char *proxy_command, const char *user,
	return ret;
}

+/*
+ * If the parent may become a new master daemon in `control_persist_detach()`,
+ * keep stderr of the proxy command in debug mode, so that error messages get
+ * printed on the user's terminal.  But detach stderr in non-debug mode,
+ * because the proxy command will run as a daemon.
+ */
+static void
+prepare_proxy_stderr()
+{
+	int devnull;
+
+	if (!options.control_persist || debug_flag) {
+		return;
+	}
+
+	if ((devnull = open(_PATH_DEVNULL, O_RDWR)) == -1) {
+		error("%s: open(\"/dev/null\"): %s", __func__,
+		    strerror(errno));
+		return;
+	}
+
+	if (dup2(devnull, STDERR_FILENO) == -1)
+		error("%s: dup2: %s", __func__, strerror(errno));
+	if (devnull > STDERR_FILENO)
+		close(devnull);
+}
+
/*
 * Connect to the given ssh server using a proxy command that passes a
 * a connected fd back to us.
@@ -140,10 +168,8 @@ ssh_proxy_fdpass_connect(struct ssh *ssh, const char *host, u_short port,
		if (sp[0] >= 2)
			close(sp[0]);

-		/*
-		 * Stderr is left as it is so that error messages get
-		 * printed on the user's terminal.
-		 */
+		prepare_proxy_stderr();
+
		argv[0] = shell;
		argv[1] = "-c";
		argv[2] = command_string;
@@ -219,8 +245,8 @@ ssh_proxy_connect(struct ssh *ssh, const char *host, u_short port,
		/* Cannot be 1 because pin allocated two descriptors. */
		close(pout[1]);

-		/* Stderr is left as it is so that error messages get
-		   printed on the user's terminal. */
+		prepare_proxy_stderr();
+
		argv[0] = shell;
		argv[1] = "-c";
		argv[2] = command_string;
--
2.19.0.212.gdb50a52598


Attachment: signature.asc
Description: Message signed with OpenPGP

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux