From owner-freebsd-bugs  Thu Jul 25 16: 0:20 2002
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 8431A37B405
	for <freebsd-bugs@hub.freebsd.org>; Thu, 25 Jul 2002 16:00:13 -0700 (PDT)
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 46A0243E31
	for <freebsd-bugs@hub.freebsd.org>; Thu, 25 Jul 2002 16:00:13 -0700 (PDT)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.12.4/8.12.4) with ESMTP id g6PN0CJU054302
	for <freebsd-bugs@freefall.freebsd.org>; Thu, 25 Jul 2002 16:00:12 -0700 (PDT)
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.12.4/8.12.4/Submit) id g6PN0C7B054301;
	Thu, 25 Jul 2002 16:00:12 -0700 (PDT)
Date: Thu, 25 Jul 2002 16:00:12 -0700 (PDT)
Message-Id: <200207252300.g6PN0C7B054301@freefall.freebsd.org>
To: freebsd-bugs@FreeBSD.org
Cc: 
From: Jan Srzednicki <winfried@expro.pl>
Subject: Re: bin/40894: OpenSSH weird delays
Reply-To: Jan Srzednicki <winfried@expro.pl>
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-bugs.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-bugs>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-bugs>
X-Loop: FreeBSD.org

The following reply was made to PR bin/40894; it has been noted by GNATS.

From: Jan Srzednicki <winfried@expro.pl>
To: Peter Pentchev <roam@ringlet.net>
Cc: FreeBSD-gnats-submit@FreeBSD.org
Subject: Re: bin/40894: OpenSSH weird delays
Date: Fri, 26 Jul 2002 00:51:27 +0200 (CEST)

 On Tue, 23 Jul 2002, Peter Pentchev wrote:
 
 > > But.. of course. It doesn't happen when I turn off the
 > > UsePrivilegeSeparation. chroot()ed unprivileged process does not have
 > > access to /etc/resolv.conf, so it tries to ask on local interface.. and
 > > waits for a timeout. 
 > 
 > How is this 'strange'? :)
 
 OK, it was strange at first. Now it does not seem strange.
 
 > You seem to have found the reason for the
 > delays yourself.  From there, it is only a little step to the idea of
 > copying your /etc/resolv.conf into the privilege separation's tree; that
 > is, mkdir -p /var/empty/etc && cp -p /etc/resolv.conf /var/empty/etc/
 > 
 > Does this help?
 
 Yes.
 But it's rather tricky thing, so my suggestion is to turn IP resolving off
 whenever UsePrivilegeSeparation is on. Or maybe I should write to the
 OpenSSH developpers directly about that?
 
 -- 
 Jan 'Winfried' Srzednicki
 winfried@expro.pl
 
 

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message