Re: Call for testing: OpenSSH 8.9

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Fri, 18 Feb 2022, Damien Miller wrote:

> these can be a bit tricky. There are some instructions at the top of
> sandbox-seccomp.c if you want to give it a try but unfortunately the

In musl libc, you also have to comment out the…

	# include <asm/siginfo.h>

… because such a header is not shipped with it. The compilation works
without, though.

Unfortunately, dalias is very strictly against making it possible to
detect musl at compile time, so wrapping it in #ifdef __GLIBC__ or so.

There are none of the expected messages though :/

But perhaps this strace snippet helps:

write(2, "debug1: inetd sockets after dupp"..., 43debug1: inetd sockets after dupping: 3, 3
) = 43
fcntl(3, F_SETFD, FD_CLOEXEC)           = 0
fcntl(3, F_SETFD, FD_CLOEXEC)           = 0
rt_sigaction(SIGALRM, {sa_handler=SIG_DFL, sa_mask=~[RTMIN RT_1 RT_2], sa_flags=SA_RESTORER, sa_restorer=0x7f74765eea48}, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGHUP, {sa_handler=SIG_DFL, sa_mask=~[RTMIN RT_1 RT_2], sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x7f74765eea48}, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGTERM, {sa_handler=SIG_DFL, sa_mask=~[RTMIN RT_1 RT_2], sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x7f74765eea48}, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGQUIT, {sa_handler=SIG_DFL, sa_mask=~[RTMIN RT_1 RT_2], sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x7f74765eea48}, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGCHLD, {sa_handler=SIG_DFL, sa_mask=~[RTMIN RT_1 RT_2], sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x7f74765eea48}, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGINT, {sa_handler=SIG_DFL, sa_mask=~[RTMIN RT_1 RT_2], sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x7f74765eea48}, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7476566000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7476565000
getpeername(3, {sa_family=AF_INET, sin_port=htons(45850), sin_addr=inet_addr("127.0.0.1")}, [128->16]) = 0
getpeername(3, {sa_family=AF_INET, sin_port=htons(45850), sin_addr=inet_addr("127.0.0.1")}, [128->16]) = 0
getsockname(3, {sa_family=AF_INET, sin_port=htons(4242), sin_addr=inet_addr("127.0.0.1")}, [128->16]) = 0
getsockname(3, {sa_family=AF_INET, sin_port=htons(4242), sin_addr=inet_addr("127.0.0.1")}, [128->16]) = 0
getpeername(3, {sa_family=AF_INET, sin_port=htons(45850), sin_addr=inet_addr("127.0.0.1")}, [128->16]) = 0
getsockopt(3, SOL_IP, IP_OPTIONS, 0x7ffddb068c90, [200->0]) = 0
setsockopt(3, SOL_SOCKET, SO_KEEPALIVE, [1], 4) = 0
getsockname(3, {sa_family=AF_INET, sin_port=htons(4242), sin_addr=inet_addr("127.0.0.1")}, [128->16]) = 0
getpid()                                = 6833
write(2, "Connection from 127.0.0.1 port 4"..., 61Connection from 127.0.0.1 port 45850 on 127.0.0.1 port 4242
) = 61
rt_sigprocmask(SIG_UNBLOCK, [RT_1 RT_2], NULL, 8) = 0
rt_sigaction(SIGALRM, {sa_handler=0x55f8c5084f80, sa_mask=~[RTMIN RT_1 RT_2], sa_flags=SA_RESTORER, sa_restorer=0x7f74765eea48}, {sa_handler=SIG_DFL, sa_mask=~[KILL STOP RTMIN RT_1 RT_2], sa_flags=SA_RESTORER, sa_restorer=0x7f74765eea48}, 8) = 0
write(3, "SSH-2.0-OpenSSH_8.8\r\n", 21) = 21
getpid()                                = 6833
write(2, "debug1: Local version string SSH"..., 50debug1: Local version string SSH-2.0-OpenSSH_8.8
) = 50
read(3, "S", 1)                         = 1
read(3, "S", 1)                         = 1
read(3, "H", 1)                         = 1
read(3, "-", 1)                         = 1
read(3, "2", 1)                         = 1
read(3, ".", 1)                         = 1
read(3, "0", 1)                         = 1
read(3, "-", 1)                         = 1
read(3, "O", 1)                         = 1
read(3, "p", 1)                         = 1
read(3, "e", 1)                         = 1
read(3, "n", 1)                         = 1
read(3, "S", 1)                         = 1
read(3, "S", 1)                         = 1
read(3, "H", 1)                         = 1
read(3, "_", 1)                         = 1
read(3, "8", 1)                         = 1
read(3, ".", 1)                         = 1
read(3, "8", 1)                         = 1
read(3, "\r", 1)                        = 1
read(3, "\n", 1)                        = 1
getpid()                                = 6833
write(2, "debug1: Remote protocol version "..., 74debug1: Remote protocol version 2.0, remote software version OpenSSH_8.8
) = 74
getpid()                                = 6833
write(2, "debug1: compat_banner: match: Op"..., 74debug1: compat_banner: match: OpenSSH_8.8 pat OpenSSH* compat 0x04000000
) = 74
fcntl(3, F_GETFL)                       = 0x2 (flags O_RDWR)
getpid()                                = 6833
write(2, "debug2: fd 3 setting O_NONBLOCK\r"..., 33debug2: fd 3 setting O_NONBLOCK
) = 33
fcntl(3, F_SETFL, O_RDWR|O_NONBLOCK|O_LARGEFILE) = 0
socketpair(AF_UNIX, SOCK_STREAM, 0, [4, 5]) = 0
fcntl(4, F_SETFD, FD_CLOEXEC)           = 0
fcntl(5, F_SETFD, FD_CLOEXEC)           = 0
pipe([6, 7])                            = 0
fcntl(6, F_SETFD, FD_CLOEXEC)           = 0
fcntl(7, F_SETFD, FD_CLOEXEC)           = 0
getpid()                                = 6833
write(2, "debug3: ssh_sandbox_init: prepar"..., 52debug3: ssh_sandbox_init: preparing rlimit sandbox
) = 52
rt_sigprocmask(SIG_BLOCK, ~[RTMIN RT_1 RT_2], [], 8) = 0
rt_sigprocmask(SIG_BLOCK, ~[], ~[KILL STOP RTMIN RT_1 RT_2], 8) = 0
fork()                                  = 6837
rt_sigprocmask(SIG_SETMASK, ~[KILL STOP RTMIN RT_1 RT_2], NULL, 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
getpid()                                = 6833
write(2, "debug2: Network child is on pid "..., 38debug2: Network child is on pid 6837
) = 38
getpid()                                = 6833
write(2, "debug3: preauth child monitor st"..., 39debug3: preauth child monitor started
) = 39
close(4)                                = 0
close(7)                                = 0
poll([{fd=5, events=POLLIN}, {fd=6, events=POLLIN}], 2, -1strace: Process 6837 attached
 <unfinished ...>
[pid  6837] gettid()                    = 6837
[pid  6837] rt_sigprocmask(SIG_SETMASK, ~[KILL STOP RTMIN RT_1 RT_2], NULL, 8) = 0
[pid  6837] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid  6837] close(5)                    = 0
[pid  6837] close(6)                    = 0
[pid  6837] getrandom("\x85\x8b\x44\xc8\x9b\xc6\x2e\x9f\xcd\x23\x8d\xb5\xb2\xd1\x34\x6a\x49\x21\x1b\x01\x68\xb0\xff\x27\xc2\x99\x9b\xfd\x10\xb1\x88\xcc"..., 40, 0) = 40
[pid  6837] getpid()                    = 6837
[pid  6837] getrandom("\x79\xb0\x34\x61\x78\x74\xdb\x57\x6f\xda\x0e\x03\xf2\xc1\x20\xf6\x25\x43\xaa\x37\x01\x3e\xd4\x7b\xbe\x9b\xd9\xee\x18\x30\x2e\x9e"..., 40, 0) = 40
[pid  6837] munmap(0x7f747656e000, 20480) = 0
[pid  6837] munmap(0x7f7476569000, 20480) = 0
[pid  6837] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=0, rlim_max=0}, NULL) = 0
[pid  6837] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=0, rlim_max=0}, NULL) = 0
[pid  6837] prlimit64(0, RLIMIT_NPROC, {rlim_cur=0, rlim_max=0}, NULL) = 0
[pid  6837] getpid()                    = 6837
[pid  6837] write(7, "\0\0\0F\0\0\0\5\0\0\0\0\0\0\0:list_hostkey_typ"..., 74 <unfinished ...>
[pid  6833] <... poll resumed>)         = 1 ([{fd=6, revents=POLLIN}])
[pid  6837] <... write resumed>)        = 74
[pid  6833] read(6,  <unfinished ...>
[pid  6837] mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 <unfinished ...>
[pid  6833] <... read resumed>"\0\0\0F", 4) = 4
[pid  6837] <... mmap resumed>)         = 0x7f7476572000
[pid  6833] read(6, "\0\0\0\5\0\0\0\0\0\0\0:list_hostkey_types: "..., 70) = 70
[pid  6837] getpid( <unfinished ...>
[pid  6833] write(2, "debug1: list_hostkey_types: ssh-"..., 78 <unfinished ...>
[pid  6837] <... getpid resumed>)       = 6837
debug1: list_hostkey_types: ssh-ed25519,sk-ssh-ed25519@xxxxxxxxxxx [preauth]
[pid  6833] <... write resumed>)        = 78
[pid  6837] getpid( <unfinished ...>
[pid  6833] poll([{fd=5, events=POLLIN}, {fd=6, events=POLLIN}], 2, -1 <unfinished ...>
[pid  6837] <... getpid resumed>)       = 6837
[pid  6837] write(7, "\0\0\0 \0\0\0\7\0\0\0\0\0\0\0\24send packet: typ"..., 36 <unfinished ...>
[pid  6833] <... poll resumed>)         = 1 ([{fd=6, revents=POLLIN}])
[pid  6837] <... write resumed>)        = 36
[pid  6833] read(6,  <unfinished ...>
[pid  6837] getpid( <unfinished ...>
[pid  6833] <... read resumed>"\0\0\0 ", 4) = 4
[pid  6837] <... getpid resumed>)       = 6837
[pid  6833] read(6,  <unfinished ...>
[pid  6837] write(7, "\0\0\0!\0\0\0\5\0\0\0\0\0\0\0\25SSH2_MSG_KEXINIT"..., 37 <unfinished ...>
[pid  6833] <... read resumed>"\0\0\0\7\0\0\0\0\0\0\0\24send packet: type 20", 32) = 32
[pid  6837] <... write resumed>)        = 37
[pid  6833] write(2, "debug3: send packet: type 20 [pr"..., 40 <unfinished ...>
debug3: send packet: type 20 [preauth]
[pid  6837] write(3, "\0\0\2\354\10\24\352\345t\306\f\335\217l1\f\227\252\353\vf\337\0\0\0Qcurve2"..., 752 <unfinished ...>
[pid  6833] <... write resumed>)        = 40
[pid  6833] poll([{fd=5, events=POLLIN}, {fd=6, events=POLLIN}], 2, -1 <unfinished ...>
[pid  6837] <... write resumed>)        = 752
[pid  6833] <... poll resumed>)         = 1 ([{fd=6, revents=POLLIN}])
[pid  6833] read(6, "\0\0\0!", 4)       = 4
[pid  6833] read(6, "\0\0\0\5\0\0\0\0\0\0\0\25SSH2_MSG_KEXINIT sen"..., 33) = 33
[pid  6833] write(2, "debug1: SSH2_MSG_KEXINIT sent [p"..., 41debug1: SSH2_MSG_KEXINIT sent [preauth]
) = 41
[pid  6833] poll([{fd=5, events=POLLIN}, {fd=6, events=POLLIN}], 2, -1 <unfinished ...>
[pid  6837] ppoll([{fd=3, events=POLLIN}], 1, NULL, NULL, 8) = -1 EINVAL (Invalid argument)
[pid  6837] getpid()                    = 6837
[pid  6837] write(7, "\0\0\0Z\0\0\0\3\0\0\0\0\0\0\0Nssh_dispatch_run"..., 94 <unfinished ...>
[pid  6833] <... poll resumed>)         = 1 ([{fd=6, revents=POLLIN}])
[pid  6837] <... write resumed>)        = 94
[pid  6833] read(6, "\0\0\0Z", 4)       = 4
[pid  6833] read(6, "\0\0\0\3\0\0\0\0\0\0\0Nssh_dispatch_run_fat"..., 90) = 90
[pid  6833] write(2, "ssh_dispatch_run_fatal: Connecti"..., 90ssh_dispatch_run_fatal: Connection from 127.0.0.1 port 45850: Invalid argument [preauth]
) = 90
[pid  6833] poll([{fd=5, events=POLLIN}, {fd=6, events=POLLIN}], 2, -1 <unfinished ...>
[pid  6837] getpid()                    = 6837
[pid  6837] write(7, "\0\0\0\26\0\0\0\5\0\0\0\0\0\0\0\ndo_cleanup", 26 <unfinished ...>
[pid  6833] <... poll resumed>)         = 1 ([{fd=6, revents=POLLIN}])
[pid  6837] <... write resumed>)        = 26
[pid  6833] read(6, "\0\0\0\26", 4)     = 4
[pid  6833] read(6, "\0\0\0\5\0\0\0\0\0\0\0\ndo_cleanup", 22) = 22
[pid  6833] write(2, "debug1: do_cleanup [preauth]\r\n", 30debug1: do_cleanup [preauth]
) = 30
[pid  6833] poll([{fd=5, events=POLLIN}, {fd=6, events=POLLIN}], 2, -1 <unfinished ...>
[pid  6837] exit_group(255)             = ?
[pid  6833] <... poll resumed>)         = 1 ([{fd=6, revents=POLLHUP}])
[pid  6837] +++ exited with 255 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6837, si_uid=1000, si_status=255, si_utime=0, si_stime=0} ---
read(6, "", 4)                          = 0
getpid()                                = 6833
write(2, "debug1: monitor_read_log: child "..., 47debug1: monitor_read_log: child log fd closed
) = 47
close(6)                                = 0
poll([{fd=5, events=POLLIN}], 1, -1)    = 1 ([{fd=5, revents=POLLIN|POLLHUP}])
getpid()                                = 6833
write(2, "debug3: mm_request_receive: ente"..., 38debug3: mm_request_receive: entering
) = 38
read(5, "", 4)                          = 0
getpid()                                = 6833
write(2, "debug1: do_cleanup\r\n", 20debug1: do_cleanup
)  = 20
getpid()                                = 6833
write(2, "debug1: Killing privsep child 68"..., 36debug1: Killing privsep child 6837
) = 36
kill(6837, SIGKILL)                     = 0
exit_group(255)                         = ?
+++ exited with 255 +++


bye,
//mirabilos
-- 
«MyISAM tables -will- get corrupted eventually. This is a fact of life. »
“mysql is about as much database as ms access” – “MSSQL at least descends
from a database” “it's a rebranded SyBase” “MySQL however was born from a
flatfile and went downhill from there” – “at least jetDB doesn’t claim to
be a database”	(#nosec)    ‣‣‣ Please let MySQL and MariaDB finally die!
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux