[Bug 1487] New: Race condition between monitor and unprivileged child in sshd
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Sat Jul 12 21:52:19 EST 2008
https://bugzilla.mindrot.org/show_bug.cgi?id=1487
Summary: Race condition between monitor and unprivileged child
in sshd
Classification: Unclassified
Product: Portable OpenSSH
Version: 5.0p1
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo: unassigned-bugs at mindrot.org
ReportedBy: godji at 300penguins.org
In the v2 protocol, after a connection, the accepting process forks in
privsep_preauth(). The parent executes monitor_child_preauth() to allow
certain privsep requests necessary for authentication. The unprivileged
child runs do_ssh2_kex() followed by do_authentication2().
If KEX is fast enough, do_authentication2() runs before the monitor has
a
chance to permit the necessary requests (MONITOR_REQ_PWNAM in
articular),
and therefore authentication fails on the server with:
monitor_read: unpermitted request 6
Damien Miller proposed setting up a pipe shared between the monitor and
child, and making the child wait until the monitor end closes, which
it should do after permitting the monitor calls.
I believe the pipe close (granting permission to continue) should be at
the end of monitor.c:mm_answer_sign, right after the line:
monitor_permit(mon_dispatch, MONITOR_REQ_PWNAM, 1);
Of course, I could be wrong. On the other hand, I have not been able to
figure out where to place the pipe read (waiting for permission) call.
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list