Re: Call for testing: OpenSSH 7.4

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 

On 12/19/2016 06:10 PM, Jakub Jelen wrote:

On 12/14/2016 10:09 AM, Jakub Jelen wrote:

On 12/14/2016 02:22 AM, The Doctor wrote:

run test forwarding.sh ...
failed copy of /bin/ls
cmp: EOF on /usr/source/openssh-SNAP-20161214/regress/copy
corrupted copy of /bin/ls
Exit request sent.
failed local and remote forwarding
*** Error code 1

Stop.
make[1]: stopped in /usr/source/openssh-SNAP-20161214/regress
*** Error code 1

Stop.
make: stopped in /usr/source/openssh-SNAP-20161214
I see very similar failures with vanilla openssh snapshot on Fedora 25. Should be quite fairly reproducible:
# tar -xf openssh-SNAP-20161214.tar.gz && cd openssh && ./configure && make tests 
[...]
test connection multiplexing: forward
cmp: EOF on /root/openssh/regress/copy
ssh: corrupted copy of /root/openssh/regress/data
/root/openssh/regress/multiplex.sh: line 96: 18570 Terminated $NC -N -Ul $OBJ/unix-1.fwd < ${DATA} > /dev/null 
[...]
request remote forward failed
connect to remote forwarded path failed
test connection multiplexing: cmd exit
test connection multiplexing: cmd stop
failed connection multiplexing
Makefile:198: recipe for target 't-exec' failed
make[1]: *** [t-exec] Error 1
make[1]: Leaving directory '/root/openssh/regress'
Makefile:568: recipe for target 'tests' failed
make: *** [tests] Error 2

I will have a look into that if I will have a minute today.
Further investigation so far showed, that the multiplex is failing to create the remote port forward socket:
mux_client_forward: forwarding request failed: remote port forwarding failed for listen path /root/openssh/regress/unix-3.fwd 
This is obviously related to the commit (fix for CVE-2016-10010):

    https://github.com/openssh/openssh-portable/commit/b737e4
preventing running the multiplex.sh test (remote port forwarding is failing) with root permissions (stops using privilege separation at 

https://github.com/openssh/openssh-portable/blob/master/sshd.c#L640

Regards,

--
Jakub Jelen
Software Engineer
Security Technologies
Red Hat

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux