Re: agent-ptrace regression test failing in Ubuntu 22.04

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



I'm also seeing a similar issue with the test agent-getpeereid.
Under Ubuntu 20.04 the test to add user nobody has a return value of 2 which indicates that it wasn't able to attach. In Ubuntu 22.04 I'm getting a return value of 1. This is with the V_9_0_P1 branch.

Specifically here:
        if test -z "$sudo" ; then
                # doas
                ${SUDO} -n -u ${UNPRIV} ${SSHADD} -l 2>/dev/null
        else
                # sudo
< /dev/null ${SUDO} -S -u ${UNPRIV} ${SSHADD} -l 2>/dev/null
        fi
        r=$?
        if [ $r -lt 2 ]; then
                fail "ssh-add did not fail for ${UNPRIV}: $r < 2"
        fi

Under Ubuntu 22.04 it does fail but the return value seems to be different.

If I get rid of the redirects to /dev/null and print the value of r I get the following on 22.04:
run test agent-getpeereid.sh ...
The agent has no identities.
r is 1
Sorry, user parallels is not allowed to execute '/home/parallels/openssh-portable/ssh-add -l' as nobody on parallels-Parallels-Virtual-Platform.
r is 1
ssh-add did not fail for nobody: 1 < 2
failed disallow agent attach from other uid

Under 20.04 I get the following:
run test agent-getpeerid.sh ...
The agent has no identities.
r is 1
Could not open a connection to your authentication agent.
r is 2
ok disallow agent attach from other uid

Again, it looks there was a change in the wording and exit codes. Possibly related to sudo? On 20.04 sudo is version 1.8.31. Under 22.04 it's version 1.9.9. Seems like it might also be causing problems in agent-restrict.

Chris


On 10/26/22 11:26 AM, Chris Rapier wrote:
I'm having the agent-ptrace consistently fail under Ubuntu 22.04. This is under a pristine Ubuntu 22.04 VM. If I set the envar SUDO=sudo I get:

make[1]: Entering directory '/home/parallels/openssh-portable/regress'
run test agent-ptrace.sh ...
ptrace succeeded?: exit code 1
failed disallow agent ptrace attach

The contents of gdb.out are:

GNU gdb (Ubuntu 12.0.90-0ubuntu1) 12.0.90
Copyright (C) 2022 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
     <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /home/parallels/openssh-portable/ssh-agent...
Attaching to program: /home/parallels/openssh-portable/ssh-agent, process 54674
Could not attach to process.  If your uid matches the uid of the target
process, check the setting of /proc/sys/kernel/yama/ptrace_scope, or try
again as the root user.  For more details, see /etc/sysctl.d/10-ptrace.conf
ptrace: Inappropriate ioctl for device.
/home/parallels/openssh-portable/regress/54674: No such file or directory.
(gdb)

I don't know if GDB changed their wording but it certainly seems like the test should pass. If I update the egrep then it does pass but I'm not sure if that's legit. Anyway, I used the following:

diff --git a/regress/agent-ptrace.sh b/regress/agent-ptrace.sh
index feef5241..e5e5d32f 100644
--- a/regress/agent-ptrace.sh
+++ b/regress/agent-ptrace.sh
@@ -54,7 +54,7 @@ EOF
         if [ $r -ne 0 ]; then
                 fail "gdb failed: exit code $r"
         fi
-       egrep 'ptrace: Operation not permitted.|procfs:.*Permission denied.|ttrace.*Permission denied.|procfs:.*: Invalid argument.|Unable to access task ' >/dev/null ${OBJ}/gdb.out +       egrep 'ptrace: Operation not permitted.|procfs:.*Permission denied.|ttrace.*Permission denied.|procfs:.*: Invalid argument.|Unable to access task |Could not attach to process.' >/dev/null ${OBJ}/gdb.out
         r=$?
         rm -f ${OBJ}/gdb.out
         if [ $r -ne 0 ]; then


Chris
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux