1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
|
From 93f2ce8c050a7a2a628646c00b40b9b53fef93ef Mon Sep 17 00:00:00 2001
From: "djm@openbsd.org" <djm@openbsd.org>
Date: Fri, 16 Dec 2022 06:56:47 +0000
Subject: [PATCH] upstream: Clear signal mask early in main(); sshd may have
been
started with one or more signals masked (sigprocmask(2) is not cleared
on fork/exec) and this could interfere with various things, e.g. the
login grace timer.
Execution environments that fail to clear the signal mask before running
sshd are clearly broken, but apparently they do exist.
Reported by Sreedhar Balasubramanian; ok dtucker@
OpenBSD-Commit-ID: 77078c0b1c53c780269fc0c416f121d05e3010ae
Conflict:NA
Reference:https://anongit.mindrot.org/openssh.git/commit?id=93f2ce8c050a7a2a628646c00b40b9b53fef93ef
---
sshd.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/sshd.c b/sshd.c
index 6bb3a962..72525525 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.589 2022/07/01 03:39:44 dtucker Exp $ */
+/* $OpenBSD: sshd.c,v 1.594 2022/12/16 06:56:47 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1546,13 +1546,17 @@ main(int ac, char **av)
int keytype;
Authctxt *authctxt;
struct connection_info *connection_info = NULL;
+ sigset_t sigmask;
#ifdef HAVE_SECUREWARE
(void)set_auth_parameters(ac, av);
#endif
__progname = ssh_get_progname(av[0]);
+ sigemptyset(&sigmask);
+ sigprocmask(SIG_SETMASK, &sigmask, NULL);
+
OpenSSL_add_all_algorithms();
/* Save argv. Duplicate so setproctitle emulation doesn't clobber it */
saved_argc = ac;
rexec_argc = ac;
--
2.27.0
|
