[Bug 3107] New: Mistake in config can result in fork bomb

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Sat Dec 21 21:25:36 AEDT 2019


https://bugzilla.mindrot.org/show_bug.cgi?id=3107

            Bug ID: 3107
           Summary: Mistake in config can result in fork bomb
           Product: Portable OpenSSH
           Version: 8.1p1
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: ssh
          Assignee: unassigned-bugs at mindrot.org
          Reporter: petoju at gmail.com

Created attachment 3343
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3343&action=edit
ssh_config causing fork bomb

When writing ssh_config, an innocuous mistake in ssh_config leads to a
fork bomb.
One example is this config, use it when connecting to any host:

Host proxy
        Hostname doesnotmatter.example.com
Host *
        ProxyJump proxy

OpenSSH client tries to connect to the proxy first. To connect to the
proxy, it has to connect to the very same proxy. It could be more
complicated, but the issue is in the cycle.

Why is it annoying: one can effectively kill own system like this by
mistake. No warning is provided.

What could OpenSSH do about it: warn that there is a cycle, recommend
excluding "proxy" from ProxyJump and bail out.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list