This service will be undergoing maintenance at 00:00 UTC, 2016-09-28. It is expected to last about 1 hours
Bug 139372 - ssh-agent left running after gnome window manger closes
ssh-agent left running after gnome window manger closes
Status: CLOSED DUPLICATE of bug 138747
Product: Fedora
Classification: Fedora
Component: gnome-desktop (Show other bugs)
3
i386 Linux
medium Severity low
: ---
: ---
Assigned To: Mark McLoughlin
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-11-15 12:02 EST by Thaddeus Nielsen
Modified: 2007-11-30 17:10 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-02-21 14:07:02 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Thaddeus Nielsen 2004-11-15 12:02:36 EST
Description of problem:
Fedora Core 3 on i686, fully updated as of 15 Nov 04 morning.  Boots
into runlevel 3.  Login to command prompt.  This issue occurs on all
users.  If icewm is run, upon exiting there is no ssh-agent left
running.  If the default gnome window manager runs, after exiting to
command prompt there is a ssh-agent process left running.  If we run
the gnome window manager again, and exit to command prompt, another
ssh-agent is left running.  These will never terminate except by kill
-15.  Should these exit when the gnome window manager exits?

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Sitsofe Wheeler 2004-11-24 04:08:59 EST
This looks like a dup of bug 138747
Comment 2 Thaddeus Nielsen 2004-11-24 07:52:38 EST
Yes, I would agree that these report the same problem.
Comment 3 Sitsofe Wheeler 2004-11-24 15:43:12 EST
Your report says that this is limited only to GNOME. I shall try and
test that tomorrow and add that information to my report...
Comment 4 Thaddeus Nielsen 2004-11-24 19:15:03 EST
I can add that this also occurs with KDE (my wife uses KDE).  But not
with icewm (which is my preference because it is lighter and faster).
 Sorry, but I don't know much about the configuration of window managers.
Comment 5 Sitsofe Wheeler 2004-11-29 03:36:56 EST
I suspect you don't see this in icewm because unlike the other environments its
start up scripts have not been told to start ssh-agent.

On KDE, GNOME, XFCE I can start a shell and type "echo $SSH_AGENT_PID" and see
that an ssh-agent has been started for me. I suspect because icewm is a third
party package echo $SSH_AGENT_PID will not show anything...
Comment 6 Thaddeus Nielsen 2004-11-29 07:14:20 EST
This is a good point, I think.  Your testing shows this is not limited to Gnome
but that the ssh-agent is also started by Kde and Xfce.  I wonder what exactly
starts the ssh-agent: is it each of those three or something else that is common
to them all?  I seems reasonable that once the process is found which starts the
ssh-agent, then it should be fairly easy to add a way to close the ssh-agent
when the window manager closes.  Thanks for pursuing this. 
Comment 7 Sitsofe Wheeler 2004-12-01 13:13:25 EST
I have answered some of your questions over in bug 138747
Comment 8 Paul Iadonisi 2004-12-09 11:40:49 EST
I can't seem to find it, but I seem to remember an xinitrc bug that this bug
should really be marked a duplicate of, in addition to bug 138747.

Anyhow, the change that causes this problem was required due to a bad security
configuration that was fixed in openssh.  The ssh-agent binary now has its sgid
bit set to eliminate the strace-ability (I believe) of the process.  The problem
is that glibc (or is it ld-linux.so?) strips TMPDIR from the environment when
running suid/sgid binaries.  This caused problems with either gnome itself or
dbus-launch, I forgot which.

I think I have a possible solution to this, but would like feedback.  It so
simple that there *must* be something I'm missing.  Try this:

ssh-agent /bin/env TMPDIR=$TMPDIR /bin/bash
echo $TMPDIR

This basically sets the TMPDIR in defiance of glibc unsetting it when launching
ssh-agent ;-)

I don't know if this has any security implications, or even if it solves the
problems mentioned in the bug on xinitrc (sorry, I don't have the bug number),
which is what I'm looking for feedback on.

Basically what I'm saying is that it may be possible to revert the
xinitrc-common changes (well, not all of them as there were some cleanups) to at
least prepend "/usr/bin/ssh-agent /bin/env TMPDIR=$TMPDIR" before the
dbus-launch invocation.
Comment 9 Sitsofe Wheeler 2004-12-09 13:50:54 EST
Hmm interesting stuff. After lots of scouring I think the changes began in bug
#134494
Comment 10 Paul Iadonisi 2004-12-10 01:08:44 EST
Um, skip that 'solution' I suggested.  Tried it.  Doesn't work.  I'll see if I
can  come up with something that works.  Seems like a hairier problem than I
thought.
Comment 11 Mark McLoughlin 2004-12-14 05:28:10 EST
Marking as a dup of bug #138747 which I'll move to xinitrc where the
changes in bug #134494 were originally made

*** This bug has been marked as a duplicate of 138747 ***
Comment 12 Red Hat Bugzilla 2006-02-21 14:07:02 EST
Changed to 'CLOSED' state since 'RESOLVED' has been deprecated.

Note You need to log in before you can comment on or make changes to this bug.