From owner-freebsd-hackers@FreeBSD.ORG Wed May 20 17:39:30 2009 Return-Path: Delivered-To: hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 03EED1065673; Wed, 20 May 2009 17:39:30 +0000 (UTC) (envelope-from glen.j.barber@gmail.com) Received: from mail-bw0-f165.google.com (mail-bw0-f165.google.com [209.85.218.165]) by mx1.freebsd.org (Postfix) with ESMTP id 4C3E18FC17; Wed, 20 May 2009 17:39:29 +0000 (UTC) (envelope-from glen.j.barber@gmail.com) Received: by bwz9 with SMTP id 9so564107bwz.43 for ; Wed, 20 May 2009 10:39:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=iT74WRbkEE08CcasNrFC074623Kmt9vTBEPYVWn8QJg=; b=Yl9Xhqu8KUz17rbWgkFTGM6aKtRE6At9Tdif0QWxef3SVmqBViyTptqirjrrJYSJrI yxh69TAkZ1BQ1FjtM016wd9XgIO+2XdLo7xA7Lh+nHrDrsmvPo3EKKcpxUMFMua3E4dJ i9Wpz4aJXr5eI/S6TZBcHSUtbn2bgfV6rVO6Q= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=FXtvTFhr7IYHT3M152Fqmh3UzB2Yu+TVGMsrrT6prwaxd/GKVed9SCUvyCd3A5kua6 AmaHpp7bD+x3orn1G6Nx3j9zyPEj42k53ELslQJ/Kwa0TSCjwK9r2FVQg3GxvCExB+K+ hmoZW4Okp1NQDg3uvjIEtvCKjdOrmqliehWQg= MIME-Version: 1.0 Received: by 10.204.57.79 with SMTP id b15mr1469237bkh.70.1242841168213; Wed, 20 May 2009 10:39:28 -0700 (PDT) In-Reply-To: <4A1417B3.3030303@andric.com> References: <4ad871310905181949s2874795eoa5ddf425746310bf@mail.gmail.com> <4A13E180.1040606@andric.com> <4A13E6F7.7070309@glocalnet.net> <4A13E906.7020907@andric.com> <4ad871310905200740n744f9b83j96db2a3c1a6bec43@mail.gmail.com> <4A1417B3.3030303@andric.com> Date: Wed, 20 May 2009 13:39:28 -0400 Message-ID: <4ad871310905201039nb17251cueedd11f54ad8806@mail.gmail.com> From: Glen Barber To: Dimitry Andric Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: hackers@freebsd.org, bug-followup@freebsd.org Subject: Re: bin/134694: gives false-positive when unable to obtain socket [WAS: sshd(8) - alert user when fails to execute from rc.d] X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 May 2009 17:39:30 -0000 Hi, Dimitry On Wed, May 20, 2009 at 10:46 AM, Dimitry Andric wrote= : > On 2009-05-20 16:40, Glen Barber wrote: >> sshd was listening on :25, both IPv4 and IPv6 >> sendmail was listening on :25 (because I had forgotten to disable it) >> >> The system boots, and sendmail starts before sshd. =A0When sshd starts >> (or tries to) there is no console output that it had failed. =A0The only >> way you realize it is not running, is when you cannot remotely log in. > > Yes, this is unfortunate, but normal, as I explained in an earlier post. > > The sshd process does not return any error (and thus the /etc/rc.d > script doesn't either), because it has no way to know that its forked > copy died. > > The solution to this PR is "don't run stuff on conflicting ports". :) > I absolutely agree about not running sshd on conflicting ports. After a bit more testing, I found that "most" other services will complain when they cannot obtain the requested socket, and you will see a failure notice via the rc.d script. My concern is when someone has a "definite need" to run sshd on a non-standard port less than, say 1024 for example. This is the real reason I initially created the PR and posted to hackers@ about this -- I'd like to fix it. But, I want to fix it the right way, and not hack a crude solution. Regards, --=20 Glen Barber