Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.

Dismiss

Signals support (RFC 4254, section 6.9)

41 views

Skip to first unread message

Dmitry V. Krivenok

unread,

Sep 10, 2009, 5:01:18 AM9/10/09

Hello!

I found that openssh-5.2p1 doesn't support signals delivery as
described in RFC 4254.
I know that this feature has been requested many years ago and some
patches were proposed (e.g. http://marc.info/?l=openssh-unix-dev&m=104300802407848&w=2).
Are you going to implement signals support in openssh?

Are there any problems with implementing this feature (maybe security
related)?
Indeed, I can't understand why it isn't implemented yet :)

I wrote the simple patch for 5.2p1.
It doesn't handle some errors, doesn't distinguish SSH versions (is
there signals delivery concept for SSHv1?) and maybe isn't portable.
However, it does the job :)

--- session.c 2009-09-10 12:27:45.000000000 +0400
+++ original/openssh-5.2p1/session.c 2009-01-28 08:29:49.000000000
+0300
@@ -2285,33 +2285,6 @@
success = session_window_change_req(s);
} else if (strcmp(rtype, "break") == 0) {
success = session_break_req(s);
- } else if (strcmp(rtype, "signal") == 0) {
- u_int len;
- char *signal = packet_get_string(&len);
- packet_check_eom();
-
- int signo = 0;
- // Signals allowed by RFC 4254 (section 6.9 and 6.10).
- if(!strcmp("ABRT", signal)) signo = SIGABRT;
- else if(!strcmp("ALRM", signal)) signo = SIGALRM;
- else if(!strcmp("FPE", signal)) signo = SIGFPE;
- else if(!strcmp("HUP", signal)) signo = SIGHUP;
- else if(!strcmp("ILL", signal)) signo = SIGILL;
- else if(!strcmp("INT", signal)) signo = SIGINT;
- else if(!strcmp("KILL", signal)) signo = SIGKILL;
- else if(!strcmp("PIPE", signal)) signo = SIGPIPE;
- else if(!strcmp("QUIT", signal)) signo = SIGQUIT;
- else if(!strcmp("SEGV", signal)) signo = SIGSEGV;
- else if(!strcmp("TERM", signal)) signo = SIGTERM;
- else if(!strcmp("USR1", signal)) signo = SIGUSR1;
- else if(!strcmp("USR2", signal)) signo = SIGUSR2;
- if(signo) {
- debug("Sending signal %d (SIG%s) to process
group %d", signo, signal, s->pid);
- kill(-s->pid, signo);
- } else {
- debug("Warning! Received unknown signal '%s'.
Ignoring it.", signal);
- }
- xfree(signal);
}

return success;

I tested signals delivery using simple client program which uses
patched libssh library.
It seems that the patch works:

Sep 10 12:43:50 develop2 sshd[23931]: debug1:
server_input_channel_req: channel 3 request signal reply 0
Sep 10 12:43:50 develop2 sshd[23931]: debug1: session_by_channel:
session 3 channel 3
Sep 10 12:43:50 develop2 sshd[23931]: debug1:
session_input_channel_req: session 3 req signal
Sep 10 12:43:50 develop2 sshd[23931]: debug1: Sending signal 15
(SIGTERM) to process group 23942
Sep 10 12:43:50 develop2 sshd[23931]: debug2: channel 3: rcvd eof
Sep 10 12:43:50 develop2 sshd[23931]: debug2: channel 3: output open -
> drain
Sep 10 12:43:50 develop2 sshd[23931]: debug2: channel 3: obuf empty
Sep 10 12:43:50 develop2 sshd[23931]: debug2: channel 3: close_write
Sep 10 12:43:50 develop2 sshd[23931]: debug2: channel 3: output drain -
> closed
Sep 10 12:43:50 develop2 sshd[23931]: debug1: Received SIGCHLD.
Sep 10 12:43:50 develop2 sshd[23931]: debug1: session_by_pid: pid
23942
Sep 10 12:43:50 develop2 sshd[23931]: debug1: session_exit_message:
session 3 channel 3 pid 23942
Sep 10 12:43:50 develop2 sshd[23931]: debug2: channel 3: request exit-
signal confirm 0
Sep 10 12:43:50 develop2 sshd[23931]: debug1: session_exit_message:
release channel 3
Sep 10 12:43:50 develop2 sshd[23931]: debug2: channel 3: read<=0 rfd 9
len 0
Sep 10 12:43:50 develop2 sshd[23931]: debug2: channel 3: read failed
Sep 10 12:43:50 develop2 sshd[23931]: debug2: channel 3: close_read
Sep 10 12:43:50 develop2 sshd[23931]: debug2: channel 3: input open ->
drain
Sep 10 12:43:50 develop2 sshd[23931]: debug2: channel 3: read 0 from
efd 13
Sep 10 12:43:50 develop2 sshd[23931]: debug2: channel 3: closing read-
efd 13
Sep 10 12:43:50 develop2 sshd[23931]: debug2: channel 3: ibuf empty
Sep 10 12:43:50 develop2 sshd[23931]: debug2: channel 3: send eof
Sep 10 12:43:50 develop2 sshd[23931]: debug2: channel 3: input drain -
> closed
Sep 10 12:43:50 develop2 sshd[23931]: debug2: channel 3: send close
Sep 10 12:43:50 develop2 sshd[23931]: debug2: notify_done: reading
Sep 10 12:43:50 develop2 sshd[23931]: debug3: channel 3: will not send
data after close
Sep 10 12:43:50 develop2 sshd[23931]: debug2: channel 3: rcvd eof
Sep 10 12:43:50 develop2 sshd[23931]: debug3: channel 3: will not send
data after close

I think that it's not very hard to add errors checking, more elegant
input validation, etc.

This feature is crucial for reliable management of remote processes.
It's especially important because of Bug 396 (sshd orphans processes
when no pty allocated), since it's not enough to close a channel (or
even close TCP connection) to terminate remote process.

I'm new to SSH.
Sorry if I was wrong or unclear.

Thank you beforehand!

P.S.
I just found that the problem is also described in Bug 1424.

0 new messages