Package: openssh-client Version: 1:6.2p2-5 Severity: wishlist Tags: patch Hi, when becoming multiplex master and not closing stderr processes can hand as described in #708296. This happens since Python's subprocess module won't terminate Popen.communicate() when the chield dies but only when it receives EOF on the fd.
While this is arguably a bug in python's subprocess module [1] being "half" a daemon and closing most file descriptors like ssh currently does is bad either. I'm happy to modify the patch to not close stderr e.g. in case of running in debug mode but wanted to get your feedback first. Cheers, -- Guido [1] http://bugs.python.org/issue4216 -- System Information: Debian Release: jessie/sid APT prefers stable APT policy: (990, 'stable'), (500, 'testing'), (50, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 3.2.0-4-686-pae (SMP w/2 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages openssh-client depends on: ii adduser 3.113+nmu3 ii dpkg 1.16.10 ii libc6 2.17-3 ii libedit2 2.11-20080614-6 ii libgssapi-krb5-2 1.10.1+dfsg-5+deb7u1 ii libselinux1 2.1.13-2 ii libssl1.0.0 1.0.1e-3 ii passwd 1:4.1.5.1-1 ii zlib1g 1:1.2.8.dfsg-1 Versions of packages openssh-client recommends: ii xauth 1:1.0.7-1 Versions of packages openssh-client suggests: pn keychain <none> pn libpam-ssh <none> pn monkeysphere <none> ii openssh-blacklist 0.4.1+nmu1 ii openssh-blacklist-extra 0.4.1+nmu1 ii ssh-askpass 1:1.2.4.1-9 -- no debconf information -- debsums errors found: debsums: changed file /usr/bin/ssh (from openssh-client package)
>From e10183e072dd2e815ffbc4d82e59a03cfa029099 Mon Sep 17 00:00:00 2001 Message-Id: <e10183e072dd2e815ffbc4d82e59a03cfa029099.1372597574.git....@sigxcpu.org> From: =?UTF-8?q?Guido=20G=C3=BCnther?= <[email protected]> Date: Sun, 30 Jun 2013 15:04:11 +0200 Subject: [PATCH] Close stderr iff multiplex master When we're becoming the multiplex master we should close all file descriptors by default including stderr. Everything else might yield surprises to the user like: http://bugs.debian.org/708296 While this is arguably a bug in python's subprocess being "half" a daemon and closing most file descriptors is bad either. --- ssh.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ssh.c b/ssh.c index 5ec89f2..4552151 100644 --- a/ssh.c +++ b/ssh.c @@ -990,7 +990,8 @@ control_persist_detach(void) strerror(errno)); } else { if (dup2(devnull, STDIN_FILENO) == -1 || - dup2(devnull, STDOUT_FILENO) == -1) + dup2(devnull, STDOUT_FILENO) == -1 || + dup2(devnull, STDERR_FILENO) == -1) error("%s: dup2: %s", __func__, strerror(errno)); if (devnull > STDERR_FILENO) close(devnull); -- 1.8.3.1
