Date: Thu, 08 May 2003 13:05:23 +0200 From: "Ian Freislich" <ianf@za.uu.net> To: Lars =?iso-8859-1?Q?K=F6ller?= <Lars.Koeller@Uni-Bielefeld.DE> Cc: freebsd-net@freebsd.org Subject: Re: Please, Urgent: Need ideas/help to solve PR bin/51586 Message-ID: <40144.1052391923@wcom.com> References: <200305051311.h45DBJq26003@rayadm.hrz.uni-bielefeld.de>
next in thread | previous in thread | raw e-mail | index | archive | help
Lars =?iso-8859-1?Q?K=F6ller?= wrote: > -------- > > Dear experts, > > i've discussed the reported problem with our experts here at the = > computing center, and we don't have a clue for the problem reported in = > PR 51586. It seems that your problem relates to rshd using privileged ports to create the stderr socket back to the originating rsh client. The interesting log message is in the messages file of the server running the remote shell daemon: May 8 12:45:11 brane rshd[13988]: can't get stderr port: Can't assign requested address rresvport_af(3) returns this error because I suspect that it thinks this address is already in use, perhaps because the address/port pair is in TIME_WAIT, although I don't have time to test this suspicion and my network programming and protocol experience is not good enough to say this is the case outright without testing. It seems that this problem is further compounded by inetd terminating the shell service when one of the rshd programs it ran returns an exit status other than 0, which rshd does when it encounters this error. This simple patch to rshd.c (which is an unholy cludge until someone can fix the rresvport_af(3) function) makes rshd return an exit status of 0 on this particular error so at least inetd doesn't stop the service requiring a SIGHUP to restart it. You can then test the return status of your rsh ($?) for a value of 1 and 'select: protocol failure in circuit setup' on stderr and retry that test. (/usr/src/libexec/rshd, apply this, make and make install the patched rshd) --- rshd.c.orig Thu May 8 12:55:46 2003 +++ rshd.c Thu May 8 12:43:31 2003 @@ -296,7 +296,7 @@ s = rresvport_af(&lport, af); if (s < 0) { syslog(LOG_ERR, "can't get stderr port: %m"); - exit(1); + exit(0); } if (port >= IPPORT_RESERVED || port < IPPORT_RESERVED/2) { I know this is a horrible solution and shouldn't be committed, but at least you have a work-around so you can get your virus scanner farm up in the mean time while someone fixes this propperly. Ian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?40144.1052391923>