Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.

Bug 139372

Summary:	ssh-agent left running after gnome window manger closes
Product:	[Fedora] Fedora	Reporter:	Thaddeus Nielsen <paroikos>
Component:	gnome-desktop	Assignee:	Mark McLoughlin <markmc>
Status:	CLOSED DUPLICATE	QA Contact:
Severity:	low	Docs Contact:
Priority:	medium
Version:	3	CC:	pri.rhl1, sitsofe
Target Milestone:	---
Target Release:	---
Hardware:	i386
OS:	Linux
Whiteboard:
Fixed In Version:		Doc Type:	Bug Fix
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2006-02-21 19:07:02 UTC	Type:	---
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description Thaddeus Nielsen 2004-11-15 17:02:36 UTC

Description of problem:
Fedora Core 3 on i686, fully updated as of 15 Nov 04 morning.  Boots
into runlevel 3.  Login to command prompt.  This issue occurs on all
users.  If icewm is run, upon exiting there is no ssh-agent left
running.  If the default gnome window manager runs, after exiting to
command prompt there is a ssh-agent process left running.  If we run
the gnome window manager again, and exit to command prompt, another
ssh-agent is left running.  These will never terminate except by kill
-15.  Should these exit when the gnome window manager exits?

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:

Comment 1 Sitsofe Wheeler 2004-11-24 09:08:59 UTC

This looks like a dup of bug 138747

Comment 2 Thaddeus Nielsen 2004-11-24 12:52:38 UTC

Yes, I would agree that these report the same problem.

Comment 3 Sitsofe Wheeler 2004-11-24 20:43:12 UTC

Your report says that this is limited only to GNOME. I shall try and
test that tomorrow and add that information to my report...

Comment 4 Thaddeus Nielsen 2004-11-25 00:15:03 UTC

I can add that this also occurs with KDE (my wife uses KDE).  But not
with icewm (which is my preference because it is lighter and faster).
 Sorry, but I don't know much about the configuration of window managers.

Comment 5 Sitsofe Wheeler 2004-11-29 08:36:56 UTC

I suspect you don't see this in icewm because unlike the other environments its
start up scripts have not been told to start ssh-agent.

On KDE, GNOME, XFCE I can start a shell and type "echo $SSH_AGENT_PID" and see
that an ssh-agent has been started for me. I suspect because icewm is a third
party package echo $SSH_AGENT_PID will not show anything...

Comment 6 Thaddeus Nielsen 2004-11-29 12:14:20 UTC

This is a good point, I think.  Your testing shows this is not limited to Gnome
but that the ssh-agent is also started by Kde and Xfce.  I wonder what exactly
starts the ssh-agent: is it each of those three or something else that is common
to them all?  I seems reasonable that once the process is found which starts the
ssh-agent, then it should be fairly easy to add a way to close the ssh-agent
when the window manager closes.  Thanks for pursuing this.

Comment 7 Sitsofe Wheeler 2004-12-01 18:13:25 UTC

I have answered some of your questions over in bug 138747

Comment 8 Paul Iadonisi 2004-12-09 16:40:49 UTC

I can't seem to find it, but I seem to remember an xinitrc bug that this bug
should really be marked a duplicate of, in addition to bug 138747.

Anyhow, the change that causes this problem was required due to a bad security
configuration that was fixed in openssh.  The ssh-agent binary now has its sgid
bit set to eliminate the strace-ability (I believe) of the process.  The problem
is that glibc (or is it ld-linux.so?) strips TMPDIR from the environment when
running suid/sgid binaries.  This caused problems with either gnome itself or
dbus-launch, I forgot which.

I think I have a possible solution to this, but would like feedback.  It so
simple that there *must* be something I'm missing.  Try this:

ssh-agent /bin/env TMPDIR=$TMPDIR /bin/bash
echo $TMPDIR

This basically sets the TMPDIR in defiance of glibc unsetting it when launching
ssh-agent ;-)

I don't know if this has any security implications, or even if it solves the
problems mentioned in the bug on xinitrc (sorry, I don't have the bug number),
which is what I'm looking for feedback on.

Basically what I'm saying is that it may be possible to revert the
xinitrc-common changes (well, not all of them as there were some cleanups) to at
least prepend "/usr/bin/ssh-agent /bin/env TMPDIR=$TMPDIR" before the
dbus-launch invocation.

Comment 9 Sitsofe Wheeler 2004-12-09 18:50:54 UTC

Hmm interesting stuff. After lots of scouring I think the changes began in bug
#134494

Comment 10 Paul Iadonisi 2004-12-10 06:08:44 UTC

Um, skip that 'solution' I suggested.  Tried it.  Doesn't work.  I'll see if I
can  come up with something that works.  Seems like a hairier problem than I
thought.

Comment 11 Mark McLoughlin 2004-12-14 10:28:10 UTC

Marking as a dup of bug #138747 which I'll move to xinitrc where the
changes in bug #134494 were originally made

*** This bug has been marked as a duplicate of 138747 ***

Comment 12 Red Hat Bugzilla 2006-02-21 19:07:02 UTC

Changed to 'CLOSED' state since 'RESOLVED' has been deprecated.