Call for testing: OpenSSH 7.4

Jakub Jelen jjelen at redhat.com
Tue Dec 20 19:39:26 AEDT 2016


On 12/19/2016 06:10 PM, Jakub Jelen wrote:
> On 12/14/2016 10:09 AM, Jakub Jelen wrote:
>> On 12/14/2016 02:22 AM, The Doctor wrote:
>>> run test forwarding.sh ...
>>> failed copy of /bin/ls
>>> cmp: EOF on /usr/source/openssh-SNAP-20161214/regress/copy
>>> corrupted copy of /bin/ls
>>> Exit request sent.
>>> failed local and remote forwarding
>>> *** Error code 1
>>>
>>> Stop.
>>> make[1]: stopped in /usr/source/openssh-SNAP-20161214/regress
>>> *** Error code 1
>>>
>>> Stop.
>>> make: stopped in /usr/source/openssh-SNAP-20161214
>> I see very similar failures with vanilla openssh snapshot on Fedora 
>> 25. Should be quite fairly reproducible:
>>
>> # tar -xf openssh-SNAP-20161214.tar.gz && cd openssh && ./configure 
>> && make tests
>> [...]
>> test connection multiplexing: forward
>> cmp: EOF on /root/openssh/regress/copy
>> ssh: corrupted copy of /root/openssh/regress/data
>> /root/openssh/regress/multiplex.sh: line 96: 18570 
>> Terminated              $NC -N -Ul $OBJ/unix-1.fwd < ${DATA} > /dev/null
>> [...]
>> request remote forward failed
>> connect to remote forwarded path failed
>> test connection multiplexing: cmd exit
>> test connection multiplexing: cmd stop
>> failed connection multiplexing
>> Makefile:198: recipe for target 't-exec' failed
>> make[1]: *** [t-exec] Error 1
>> make[1]: Leaving directory '/root/openssh/regress'
>> Makefile:568: recipe for target 'tests' failed
>> make: *** [tests] Error 2
>>
>> I will have a look into that if I will have a minute today.
> Further investigation so far showed, that the multiplex is failing to 
> create the remote port forward socket:
>
> mux_client_forward: forwarding request failed: remote port forwarding 
> failed for listen path /root/openssh/regress/unix-3.fwd
This is obviously related to the commit (fix for CVE-2016-10010):

     https://github.com/openssh/openssh-portable/commit/b737e4

preventing running the multiplex.sh test (remote port forwarding is 
failing) with root permissions (stops using privilege separation at

https://github.com/openssh/openssh-portable/blob/master/sshd.c#L640

Regards,

-- 
Jakub Jelen
Software Engineer
Security Technologies
Red Hat



More information about the openssh-unix-dev mailing list