Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 23 May 2018 21:28:26 +0000
From:      bugzilla-noreply@freebsd.org
To:        ports-bugs@FreeBSD.org
Subject:   [Bug 228446] security/trousers: tcsd does not shutdown if ssh-agent is left running
Message-ID:  <bug-228446-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D228446

            Bug ID: 228446
           Summary: security/trousers: tcsd does not shutdown if ssh-agent
                    is left running
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: hrs@FreeBSD.org
          Reporter: saper@saper.info
             Flags: maintainer-feedback?(hrs@FreeBSD.org)
          Assignee: hrs@FreeBSD.org

I am using the following setup:

OpenSSL is configured to use libtpm:

[openssl_def]
engines =3D engine_section

[engine_section]

foo =3D tpm_section

[tpm_section]
dynamic_path =3D /usr/local/lib/openssl/engines/libtpm.so
engine_id =3D tpm
default_algorithms =3D ALL
#default_algorithms =3D RAND,RSA
init =3D 1

SSH client is configured to use libsimple-tpm-pk11.so:

Host m
PKCS11Provider /usr/home/saper/sw/simple-tpm-pk11/.libs/libsimple-tpm-pk11.=
so
GSSAPIAuthentication yes
GSSAPIDelegateCredentials yes
ForwardAgent yes
ForwardX11 no
User xxx

I am using a vanilla /usr/local/etc/tcsd.conf

I start ssh-agent from my .xsession file as

eval `/usr/bin/ssh-agent -s`

therefore it does not die when I kill my X session.

I noticed that tcsd blocks system shutdown (gets killed eventually by the
watchdog).

Quick look at the source code and open sockets reveals, that ssh-agent
maintains   a persistent connection to tcsd.

The easiest way to reproduce the problem with my config is to start a separ=
ate
shell with

ssh-agent /bin/sh

and try to stop tcsd in another terminal:

sudo service tcsd stop

as long as the shell is running tcsd will not stop.

It is enough to exit the shell and after a second or two tcsd will shutdown.

The shutdown is immediate if ssh-agent is not running.

I think tcsd should be able to notice earlier that it is time to close its
sockets and go away.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-228446-7788>