tailscale

mirror of https://github.com/tailscale/tailscale.git synced 2026-06-11 21:02:39 +08:00

History

Kristoffer Dalby 9e547221a7 ssh/tailssh: deliver SIGHUP to the user shell, not just the incubator The earlier SIGHUP work signalled cmd.Process.Pid, which is the incubator. The user's shell is a grandchild and never saw the signal, so any HUP-trapping cleanup the user installed was silently skipped. - newIncubatorCommand sets Setpgid:true so the incubator and any children it spawns share a process group. The PTY path overrides this in startWithPTY with Setsid, which also creates a new pgrp, so PTY sessions get the property without further changes. - new helper terminateSession (per-OS) sends the signal to the negated PID so the kernel delivers it to every process in the group; ESRCH maps to nil because that just means the session already exited. - plan9 lacks Unix-style process groups, so terminateSession there falls back to Process.Signal. - killProcessOnContextDone routes through terminateSession and logs any error. TestIntegrationSIGHUP was also broken: t.TempDir creates a /tmp/<TestName>/NNN pair, both root-owned, with the parent at 0700 and the leaf at 0755. The incubator drops privileges to the test user before running the trap, so the > redirect couldn't traverse the parent or write the leaf; the trap fired but left no marker. chmod the parent to 0755 and the leaf to 0777 so the dropped shell can reach and write it. Cleanup stays with t.TempDir. Updates #18256 Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>	2026-05-27 14:15:47 +00:00
..
tailssh	ssh/tailssh: deliver SIGHUP to the user shell, not just the incubator	2026-05-27 14:15:47 +00:00

Kristoffer Dalby 9e547221a7 ssh/tailssh: deliver SIGHUP to the user shell, not just the incubator

The earlier SIGHUP work signalled cmd.Process.Pid, which is the
incubator. The user's shell is a grandchild and never saw the
signal, so any HUP-trapping cleanup the user installed was silently
skipped.

  - newIncubatorCommand sets Setpgid:true so the incubator and any
    children it spawns share a process group. The PTY path overrides
    this in startWithPTY with Setsid, which also creates a new pgrp,
    so PTY sessions get the property without further changes.
  - new helper terminateSession (per-OS) sends the signal to the
    negated PID so the kernel delivers it to every process in the
    group; ESRCH maps to nil because that just means the session
    already exited.
  - plan9 lacks Unix-style process groups, so terminateSession there
    falls back to Process.Signal.
  - killProcessOnContextDone routes through terminateSession and
    logs any error.

TestIntegrationSIGHUP was also broken: t.TempDir creates a
/tmp/<TestName>/NNN pair, both root-owned, with the parent at 0700
and the leaf at 0755. The incubator drops privileges to the test
user before running the trap, so the > redirect couldn't traverse
the parent or write the leaf; the trap fired but left no marker.
chmod the parent to 0755 and the leaf to 0777 so the dropped
shell can reach and write it. Cleanup stays with t.TempDir.

Updates #18256

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

2026-05-27 14:15:47 +00:00

tailssh

ssh/tailssh: deliver SIGHUP to the user shell, not just the incubator

2026-05-27 14:15:47 +00:00