tailscale/ssh/tailssh
Joe Tsai 61886e031e
ssh/tailssh: fix double race condition with non-pty command (#8405)
There are two race conditions in output handling.

The first race condition is due to a misuse of exec.Cmd.StdoutPipe.
The documentation explicitly forbids concurrent use of StdoutPipe
with exec.Cmd.Wait (see golang/go#60908) because Wait will
close both sides of the pipe once the process ends without
any guarantees that all data has been read from the pipe.
To fix this, we allocate the os.Pipes ourselves and
manage cleanup ourselves when the process has ended.

The second race condition is because sshSession.run waits
upon exec.Cmd to finish and then immediately proceeds to call ss.Exit,
which will close all output streams going to the SSH client.
This may interrupt any asynchronous io.Copy still copying data.
To fix this, we close the write-side of the os.Pipes after
the process has finished (and before calling ss.Exit) and
synchronously wait for the io.Copy routines to finish.

Fixes #7601

Signed-off-by: Joe Tsai <joetsai@digital-static.net>
Co-authored-by: Maisem Ali <maisem@tailscale.com>
2023-06-21 19:57:45 -07:00
..
incubator.go ssh/tailssh: fix double race condition with non-pty command (#8405) 2023-06-21 19:57:45 -07:00
incubator_linux.go all: update copyright and license headers 2023-01-27 15:36:29 -08:00
privs_test.go ssh/tailssh: fix privilege dropping on FreeBSD; add tests 2023-03-20 16:09:18 -04:00
tailssh.go ssh/tailssh: fix double race condition with non-pty command (#8405) 2023-06-21 19:57:45 -07:00
tailssh_test.go ssh/tailssh: fix double race condition with non-pty command (#8405) 2023-06-21 19:57:45 -07:00
user.go ssh/tailssh: Max Username Length 256 for linux 2023-06-05 18:04:30 -07:00