Bug 164932

Summary: /etc/rc.d/init.d/sshd failures with 'restart' and 'condrestart'
Product: [Fedora] Fedora Reporter: Andreas Ott <aott01>
Component: opensshAssignee: Tomas Mraz <tmraz>
Status: CLOSED NOTABUG QA Contact: Brian Brock <bbrock>
Severity: medium Docs Contact:
Priority: medium    
Version: 4CC: antillon.maurizio
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-08-03 07:22:08 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Andreas Ott 2005-08-02 19:44:17 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20050720 Fedora/1.0.6-1.1.fc3 Firefox/1.0.6

Description of problem:
after yum update, I noticed failures with the /etc/rc.d/init.d/sshd script:

1. # /etc/rc.d/init.d/sshd condrestart
sshd: OpenSSH_4.1 on i686-pc-linux-gnu
Unknown option -t
                                                           [FAILED]
#

2. # /etc/rc.d/init.d/sshd restart
Stopping sshd:                                             [FAILED]
Starting sshd: sshd: OpenSSH_4.1 on i686-pc-linux-gnu
sshd: FATAL: Creating listener failed: port 22 probably already in use!
                                                           [FAILED]
#


to (1.):
in the script, inside the function do_restart_sanity_check() makes use of the
option '-t', see line 91.

to (2.):
in the script, the stop() function tries to determine the PID of the current
parent sshd, pointing to the function pidfileofproc() that tries to derive
the filename as '/var/run/$base.pid'. For some reason the file I see is
not /var/run/sshd.pid but 
# ls -a /var/run/*ssh*
/var/run/sshd2_22.pid
#
as you can verify by running strings on the binary
# strings /usr/sbin/sshd |grep var
/var/run/sshd2_%s.pid
[... output of strings truncated]


Version-Release number of selected component (if applicable):
openssh-server-4.1p1-3.1

How reproducible:
Always

Steps to Reproduce:
1. /etc/rc.d/init.d/sshd restart
or 

2./etc/rc.d/init.d/sshd condrestart

  

Actual Results:  # /etc/rc.d/init.d/sshd restart
Stopping sshd:                                             [FAILED]
Starting sshd: sshd: OpenSSH_4.1 on i686-pc-linux-gnu
sshd: FATAL: Creating listener failed: port 22 probably already in use!
                                                           [FAILED]


Expected Results:  # /etc/rc.d/init.d/sshd restart
Stopping sshd:                                             [  OK  ]
Starting sshd: sshd: OpenSSH_4.1 on i686-pc-linux-gnu
                                                           [  OK  ]

Note: I did a 'mv /var/run/sshd2_22.pid /var/run/sshd.pid' to make this happen :) .

Additional info:

# uname -a
Linux obfuscated.hostname 2.6.12-1.1398_FC4 #1 Fri Jul 15 00:52:32 EDT 2005 i686 i686 i386 GNU/Linux
Comment 1 Tomas Mraz 2005-08-02 21:04:20 UTC 
This is really weird - I cannot reproduce anything like this here with exactly
the same openssh package.

What rpm -V openssh and rpm -V openssh-server writes?
Comment 2 Andreas Ott 2005-08-02 23:29:22 UTC 
Sorry, I already tinkered with this a little more and in the process I happened 
to uninstall the openssh-server rpm. So, unfortunately I can no longer run the 
--verify for you.  

However, I am now unable to reinstall it: please check this out...

# rpm -ivh
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/i386/openssh-server-4.1p1-3.1.i386.rpm
Retrieving
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/i386/openssh-server-4.1p1-3.1.i386.rpm
Preparing...                ########################################### [100%]
   1:openssh-server         warning: /etc/pam.d/sshd created as
/etc/pam.d/sshd.rpmnew
warning: /etc/rc.d/init.d/sshd saved as /etc/rc.d/init.d/sshd.rpmorig
warning: /etc/ssh/sshd_config created as /etc/ssh/sshd_config.rpmnew
########################################### [100%]
error: unpacking of archive failed on file /usr/sbin/sshd: cpio: rename failed -
Operation not permitted
#

Finally: tracked down that /usr/sbin/sshd is chattr'ed with the immutable bit
(I'm pretty sure this was not done by me manually, so I really suspect a script 
out of the RPMs and/or updates, maybe selinux ? ):
# lsattr -v /usr/sbin/sshd
970694379 -u--ia------- /usr/sbin/sshd

after removing this file, re-installed the openssh-server RPM and all looks normal
Comment 3 Tomas Mraz 2005-08-03 07:22:08 UTC 
No, I don't think the immutable bit was set by script from RPM or selinux updates.
If you didn't do it yourself it is very suspicious. It seems like your computer
is compromised.
But definitely it is not a bug in the openssh package.