Bug 449090 - TCP wrappers leave SIGALRM blocked when ident fails
TCP wrappers leave SIGALRM blocked when ident fails
Status: CLOSED DUPLICATE of bug 446103
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: tcp_wrappers (Show other bugs)
5.2
All Linux
medium Severity medium
: rc
: ---
Assigned To: Jan Safranek
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-05-30 07:25 EDT by Jan Safranek
Modified: 2008-06-02 01:22 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-06-02 01:22:05 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Jan Safranek 2008-05-30 07:25:32 EDT
+++ This bug was initially created as a clone of Bug #446112 +++
+++ This bug was initially created as a clone of Bug #205129 +++

Description of problem:
When tcp wrappers try to query a remote ident server, which is blocked (e.g. by
iptables), it leaves SIGALRM blocked. This is especially bad for sshd, because
then whole session then runs with SIGALRM blocked.


Version-Release number of selected component (if applicable):
tcp_wrappers-7.6-37.4


How reproducible:
100%


Steps to Reproduce:
1. on ssh client: "iptables -I INPUT -p tcp --dport ident -j DROP"
2. on ssh server: configure TCP wrappers to do an ident lookup (e.g. add "sshd:
ALL@ALL" line to /etc/hosts.allow)
3a. on ssh client: "ssh user@server 'ps xs|grep $$|grep -v grep'"
or 3b. on ssh client: "ssh user@server", and in the ssh session run something
like this:

perl -e '$SIG{ALRM}=sub{print"ALARM\n";}; alarm 1; sleep 5'


Actual results:
3a: the "BLOCKED" column of SSH output contains SIGALRM (BLOCKED & 0x2000
is 0x2000 on Linux/x86_64 and Linux/i386).
3b: no message is printed.


Expected results:
3a: BLOCKED & 0x2000 should be zero
3b: the "ALARM\n" message should be printed.

Patches are already in Fedora (originally from Debian), see
tcp_wrappers-7.6-restore_sigalarm.patch and tcp_wrappers-7.6-siglongjmp.patch
Comment 1 Jan Safranek 2008-06-02 01:22:05 EDT

*** This bug has been marked as a duplicate of 446103 ***

Note You need to log in before you can comment on or make changes to this bug.