[ssh_x509] poll compatibility issues in sandbox Was: select() vs poll() in client and server main loop

ssh_x509 at roumenpetrov.info ssh_x509 at roumenpetrov.info
Sat Feb 26 14:16:58 EET 2022


Hello,

Sorry for spelling error poll is correct.

ssh_x509 at roumenpetrov.info wrote:
> Hello,
>
> Perhaps you note that in current OpenBSD repository secure shell uses pool.
>
> PKIX-SSH will keep "old" select() based implementation at least for two OpenBSD release periods, i.e about one year.
> The reasons are simple.
> Various regression tests fail after commit "prepare for conversion of ssh, sshd mainloop from select() to poll() by moving FD_SET construction out of channel handlers into separate functions" done in OpenBSD repository.
> Next point is direct compare between code in repositories. There is a number of suspicious moves of FD_SET to "bit flags" used poll based loop. Also some initialization of "bit flags" are questionable.
>
> Regards,
> Roumen Petrov
[]

So PKIX-SSH project does not switch to poll all code.

Part of code uses poll since long time, but there is a number of other issues.
Switch shows design issues in sandbox code.

For instance selinux fail on 32 linux and new kernels. This failure requires code modification.

As work around in PKIH-SSH only you could exclude temporary privilege separation in test environment, i.e. to set UsePrivilegeSeparation no in daemon configuration.


Correction of issue is trivial - to allow 64-bits time compatible ppoll and soon will be pushed to repository.

Please use above mentioned work-around instead.

Regard,
Roumen Petrov




More information about the ssh_x509 mailing list