On Tue, Mar 23, 2021 at 7:11 AM Andreas Kusalananda Kähäri <
[email protected]> wrote:
> A user contacted me about the security/sshguard port. They wanted to
> use daemon_flags with the port, which means this needs to be added to
> the pexp expression in the rc.d file.
>
> The attached patch does this in the similar manner as is done for e.g.
> sshd and unbound.
>
>
> Regards,
> Andreas (port maintainer)
>
> --
> Andreas (Kusalananda) Kähäri
> SciLifeLab, NBIS, ICM
> Uppsala University, Sweden
>
> .
>
Running current i had issue with sshguard
Note:
OpenBSD j1800 6.9 GENERIC.MP#129 amd64
# grep pexp /etc/rc.d/rc.subr
[..]
pexp="$(eval echo ${daemon}${daemon_flags:+ ${daemon_flags}})"
sshg-blocker ran full cpu load and rcctl restart did not kill it,
only kill -9 was able to stop the process.
I also notice than in 6.8 reading STDIN was broken
I was able to ktrace sshg-blocker :
# kdump -f /tmp/ktrace.out | head
83231 sshg-blocker RET sched_yield 0
83231 sshg-blocker RET sched_yield 0
83231 sshg-blocker CALL sched_yield()
83231 sshg-blocker CALL sched_yield()
83231 sshg-blocker RET sched_yield 0
# kdump -f /tmp/ktrace.out | tail
83231 sshg-blocker CALL sched_yield()
83231 sshg-blocker RET sched_yield 0
83231 sshg-blocker RET sched_yield 0
83231 sshg-blocker CALL sched_yield()
83231 sshg-blocker CALL sched_yield()
83231 sshg-blocker RET sched_yield 0
83231 sshg-blocker RET sched_yield 0
83231 sshg-blocker CALL sched_yield()
83231 sshg-blocker CALL sched_yield()
83231 sshg-blocker PSIG SIGKILL SIG_DFL
I can perform compilation and test
I will now try to run sshguard with STDIN as an input ,
I have no method to produce the problem so far.
# sshguard -v
SSHGuard 2.4.1
--
--
---------------------------------------------------------------------------------------------------------------------
Knowing is not enough; we must apply. Willing is not enough; we must do
