From owner-freebsd-hackers@freebsd.org  Thu May  2 17:17:28 2019
Return-Path: <owner-freebsd-hackers@freebsd.org>
Delivered-To: freebsd-hackers@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1A845159BB07
 for <freebsd-hackers@mailman.ysv.freebsd.org>;
 Thu,  2 May 2019 17:17:28 +0000 (UTC)
 (envelope-from amesbury@oitsec.umn.edu)
Received: from mail.oitsec.umn.edu (mail.oitsec.umn.edu [128.101.238.120])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 server-signature RSA-PSS (4096 bits)
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "mail.oitsec.umn.edu",
 Issuer "InCommon RSA Server CA" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id 02D8997D8D
 for <freebsd-hackers@freebsd.org>; Thu,  2 May 2019 17:17:26 +0000 (UTC)
 (envelope-from amesbury@oitsec.umn.edu)
Received: from mail.oitsec.umn.edu (localhost [127.0.0.1])
 by mail.oitsec.umn.edu (Postfix) with ESMTP id 61122B05C6;
 Thu,  2 May 2019 12:17:25 -0500 (CDT)
X-Virus-Scanned: amavisd-new at oitsec.umn.edu
Received: from mail.oitsec.umn.edu ([127.0.0.1])
 by mail.oitsec.umn.edu (mail.oitsec.umn.edu [127.0.0.1]) (amavisd-new,
 port 10024)
 with ESMTP id Pg6KHxiS0Qsi; Thu,  2 May 2019 12:17:24 -0500 (CDT)
Received: from optimator.uis.umn.edu (optimator.uis.umn.edu [134.84.23.1])
 (Authenticated sender: amesbury)
 by mail.oitsec.umn.edu (Postfix) with ESMTPSA id CB9A6B05E1;
 Thu,  2 May 2019 12:17:24 -0500 (CDT)
Content-Type: text/plain;
	charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.8\))
Subject: Re: SIGPIPE from ssh-keyscan [patch]
From: Alan Amesbury <amesbury@oitsec.umn.edu>
In-Reply-To: <144583E1-828D-4450-99B0-4FBF7FC35B26@netgate.com>
Date: Thu, 2 May 2019 12:17:25 -0500
Cc: FreeBSD Hackers <freebsd-hackers@freebsd.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <0FE5F47E-99EF-4B64-B6AD-E2E6A1754634@oitsec.umn.edu>
References: <047FD22B-04FB-46EB-96D1-BF6E03080F9F@oitsec.umn.edu>
 <144583E1-828D-4450-99B0-4FBF7FC35B26@netgate.com>
To: Jim Thompson <jim@netgate.com>
X-Mailer: Apple Mail (2.3445.104.8)
X-Rspamd-Queue-Id: 02D8997D8D
X-Spamd-Bar: -
Authentication-Results: mx1.freebsd.org;
 dmarc=fail reason="" header.from=umn.edu (policy=none)
X-Spamd-Result: default: False [-1.94 / 15.00]; ARC_NA(0.00)[];
 RCVD_VIA_SMTP_AUTH(0.00)[]; NEURAL_HAM_MEDIUM(-0.98)[-0.984,0];
 FROM_HAS_DN(0.00)[]; MV_CASE(0.50)[];
 NEURAL_HAM_LONG(-1.00)[-0.995,0]; MIME_GOOD(-0.10)[text/plain];
 RCVD_TLS_LAST(0.00)[]; RCVD_COUNT_THREE(0.00)[4];
 TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[];
 RCVD_IN_DNSWL_MED(-0.20)[120.238.101.128.list.dnswl.org : 127.0.11.2];
 MX_GOOD(-0.01)[cached: mail.oitsec.umn.edu];
 RCPT_COUNT_TWO(0.00)[2]; NEURAL_HAM_SHORT(-0.24)[-0.243,0];
 R_SPF_NA(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[];
 MIME_TRACE(0.00)[0:+];
 ASN(0.00)[asn:217, ipnet:128.101.0.0/16, country:US];
 MID_RHS_MATCH_FROM(0.00)[];
 IP_SCORE(-0.01)[country: US(-0.06)];
 DMARC_POLICY_SOFTFAIL(0.10)[umn.edu : No valid SPF, No valid DKIM,none]
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
 <freebsd-hackers.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers/>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 02 May 2019 17:17:28 -0000

On May 1, 2019, at 20:07 , Jim Thompson <jim@netgate.com> wrote:

> The remote closed the session for some reason before ssh-keyscan wrote =
the greening ("SSH-2.0-OpenSSH-keyscan\r\n=E2=80=9D), so you got SIGPIPE =
and ERRNO =3D 32 back from the write call.
>=20
> Arguably the right thing occurred here, with the exception that it =
killed your ssh-keyscan process.
>=20
> So perhaps instead of ignoring the signal, you should find out why the =
remote is exiting before the local can send its greeting.

I can't count on the remote side doing the write thing (yes, pun =
intended), as not all of the apparent "SSH servers" I attempt to obtain =
keys from are under my direct control.  For me it would be better if =
ssh-keyscan were simply more robust in handling unexpected input.

> Otherwise, it=E2=80=99s a bit less heavy-handed to=20
>=20
> Int set =3D 1;
> setsockopt(sd, SOL_SOCKET, SO_NOSIGPIPE, (void *)&set, sizeof(int));
>=20
> Where sd is the descriptor in question (16 in your example below).
>=20
> But other parts of ssh-keyscan seem to want to know that EPIPE has =
occurred, so neither is the correction solution here.

That's why I asked where this was a sane plan.  Again, I'm out of my =
depth here, and my solution reflects that.


--=20
Alan