Bug 1882606

Summary: in.telnetd needs to tolerate temporary EIO errors
Product: [Fedora] Fedora Reporter: Michal Ruprich <mruprich>
Component: telnetAssignee: Michal Ruprich <mruprich>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 33CC: luhliari, mruprich, msekleta
Target Milestone: ---Keywords: Patch, Reproducer, Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: telnet-0.17-81.fc33 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-10-02 00:34:00 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Patch none

Description Michal Ruprich 2020-09-25 06:34:08 UTC 
Created attachment 1716539 [details]
Patch

This bug was initially created as a copy of Bug #1853102

I am copying this bug because: 
This needs to be fixed in Fedora as well.


Description of problem:

As described in Bug 1299351, /bin/login process temporarily closes all file descriptors when calling vhangup().
If /usr/sbin/in.telnetd reads from pty master while pty slave is temporarily closed, in.telnetd process gets EIO error.
But as a side effect of Bug 145636, in.telnetd process immediately closes connection upon EIO error.



Version-Release number of selected component (if applicable):

telnet-server-0.17-77.fc33.x86_64
Any environment which uses /bin/login which closes all file descriptors before vhangup().



How reproducible:

This race condition is timing dependent, but I think it is not difficult to reproduce.



Steps to Reproduce:

(1) Install xinetd, telnet-server, telnet and strace packages.
(2) Create /etc/xinetd.d/telnet with the following content, in order to widen this race
    window by making in.telnetd process and login process run slower.

----------
service telnet
{
        socket_type             = stream
        protocol                = tcp
        wait                    = no
        user                    = root
        server                  = /usr/bin/strace
        server_args             = -ttf -o /tmp/strace.log /usr/sbin/in.telnetd
        disable                 = no
        flags                   = IPv4
}
----------

(3) Restart xinetd service in order to reload /etc/xinetd.d/telnet file.
(4) Connect to telnet server using the following command line. Note that
    echo '' is there for sending a garbage data into this race window.

      (echo ''; sleep 3) | telnet 127.0.0.1



Actual results:

in.telnetd process closes connection before reaching login: prompt.

----------
$ (echo ''; sleep 3) | telnet 127.0.0.1
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.

Kernel 3.10.0-1127.13.1.el7.x86_64 on an x86_64

Connection closed by foreign host.
----------



Expected results:

in.telnetd process closes connection after reaching login: prompt.

----------
$ (echo ''; sleep 3) | telnet 127.0.0.1
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.

Kernel 3.10.0-1127.13.1.el7.x86_64 on an x86_64

localhost login: Connection closed by foreign host.
----------



Additional info:

If /usr/bin/strace fails to widen this race window, you can instead try /bin/login built with the following patch applied.

----------
--- a/login-utils/login.c
+++ b/login-utils/login.c
@@ -397,20 +397,21 @@ static void init_tty(struct login_contex
 	/* Kill processes left on this tty */
 	tcsetattr(0, TCSANOW, &ttt);
 
 	/*
 	 * Let's close file decriptors before vhangup
 	 * https://lkml.org/lkml/2012/6/5/145
 	 */
 	close(STDIN_FILENO);
 	close(STDOUT_FILENO);
 	close(STDERR_FILENO);
+	sleep(5);
 
 	signal(SIGHUP, SIG_IGN);	/* so vhangup() wont kill us */
 	vhangup();
 	signal(SIGHUP, SIG_DFL);
 
 	/* open stdin,stdout,stderr to the tty */
 	open_tty(cxt->tty_path);
 
 	/* restore tty modes */
 	tcsetattr(0, TCSAFLUSH, &tt);
----------
Comment 1 Fedora Update System 2020-09-25 07:19:36 UTC 
FEDORA-2020-a7234fb825 has been submitted as an update to Fedora 33. https://bodhi.fedoraproject.org/updates/FEDORA-2020-a7234fb825
Comment 2 Fedora Update System 2020-09-25 18:11:55 UTC 
FEDORA-2020-a7234fb825 has been pushed to the Fedora 33 testing repository.
In short time you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2020-a7234fb825`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-a7234fb825

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 3 Fedora Update System 2020-10-02 00:34:00 UTC 
FEDORA-2020-a7234fb825 has been pushed to the Fedora 33 stable repository.
If problem still persists, please make note of it in this bug report.