+++ This bug was initially created as a clone of Bug #446112 +++ +++ This bug was initially created as a clone of Bug #205129 +++ Description of problem: When tcp wrappers try to query a remote ident server, which is blocked (e.g. by iptables), it leaves SIGALRM blocked. This is especially bad for sshd, because then whole session then runs with SIGALRM blocked. Version-Release number of selected component (if applicable): tcp_wrappers-7.6-37.4 How reproducible: 100% Steps to Reproduce: 1. on ssh client: "iptables -I INPUT -p tcp --dport ident -j DROP" 2. on ssh server: configure TCP wrappers to do an ident lookup (e.g. add "sshd: ALL@ALL" line to /etc/hosts.allow) 3a. on ssh client: "ssh user@server 'ps xs|grep $$|grep -v grep'" or 3b. on ssh client: "ssh user@server", and in the ssh session run something like this: perl -e '$SIG{ALRM}=sub{print"ALARM\n";}; alarm 1; sleep 5' Actual results: 3a: the "BLOCKED" column of SSH output contains SIGALRM (BLOCKED & 0x2000 is 0x2000 on Linux/x86_64 and Linux/i386). 3b: no message is printed. Expected results: 3a: BLOCKED & 0x2000 should be zero 3b: the "ALARM\n" message should be printed. Patches are already in Fedora (originally from Debian), see tcp_wrappers-7.6-restore_sigalarm.patch and tcp_wrappers-7.6-siglongjmp.patch
*** This bug has been marked as a duplicate of 446103 ***