https://bugzilla.mindrot.org/show_bug.cgi?id=2615
--- Comment #1 from Tomas Kuthan <[email protected]> --- Created attachment 2875 --> https://bugzilla.mindrot.org/attachment.cgi?id=2875&action=edit watchdog process backing-up login_grace_time alarm I have implemented and successfully tested a candidate fix - a single purpose watchdog process backing up login_grace_time alarm in the main process. If the main process doesn't authenticate or exit in login_grace_time seconds, the watchdog kills it by SIGTERM (or eventually SIGKILL). Patch attached. I have rejected several other fix ideas: - threads - unlikely to be accepted upstream - main sshd process keeping track of unauthenticated children - too much logic in process listening for new connection - allow preauth child to send signal to the monitor - too much privs to unprivileged process - wouldn't work w/o privilege separation -- You are receiving this mail because: You are watching the assignee of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
