Call for testing: OpenSSH 7.7

Darren Tucker dtucker at dtucker.net
Sat Mar 24 06:42:27 AEDT 2018 

On 24 March 2018 at 03:03, Corinna Vinschen <vinschen at redhat.com> wrote:
[...]
>   session opened for local user corinna from [UNKNOWN]
>   received client version 3
>   debug2: Permitting whitelisted realpath request
>   debug3: request 1: realpath
>   realpath "."
>   debug1: request 1: sent names count 1
>   Refusing non-whitelisted statvfs request
>   debug3: request 2: sent status 3
>   sent status Permission denied
>   debug1: read eof
>   session closed for local user corinna from [UNKNOWN]
>
> Can you please explain what's going on there?

Adding a "set -x" to test-exec.sh shows the failing command is:



The log from the sftp client is:
/home/builder/openssh/sftp -q -S
/home/builder/openssh/regress/ssh-log-wrapper.sh -F
/home/builder/openssh/regress/ssh_config -b /dev/stdin
sftp://builder@somehost:4242//home/builder/openssh/regress/copy.dd/

and it gets the commands "version" and ""put ${DATA} copy" on its
stdin.  The client log says:

debug2: Remote version: 3
debug2: Server supports extension "posix-rename at openssh.com" revision 1
debug2: Server supports extension "statvfs at openssh.com" revision 2
debug2: Server supports extension "fstatvfs at openssh.com" revision 2
debug2: Server supports extension "hardlink at openssh.com" revision 1
debug2: Server supports extension "fsync at openssh.com" revision 1
debug3: Sent message fd 6 T:16 I:1
debug3: SSH_FXP_REALPATH . -> /home/builder/openssh/regress size 0
sftp> df /
debug3: Received statvfs reply T:101 I:2
debug1: Couldn't statvfs: Permission denied

so according to the log, the server is refusing the statvfs request.
I don't understand where the "df /" command is coming from or why the
server refuses it.

FWIW the df works OK with the standalone sftp-server, though.

$ ./sftp -vvv -D ./sftp-server localhost
debug2: Remote version: 3
debug2: Server supports extension "posix-rename at openssh.com" revision 1
debug2: Server supports extension "statvfs at openssh.com" revision 2
debug2: Server supports extension "fstatvfs at openssh.com" revision 2
debug2: Server supports extension "hardlink at openssh.com" revision 1
debug2: Server supports extension "fsync at openssh.com" revision 1
Attached to ./sftp-server.
debug3: Sent message fd 6 T:16 I:1
debug3: SSH_FXP_REALPATH . -> /home/builder/openssh size 0
sftp> df /
debug3: 'Received statvfs reply T:201 I:2
        Size         Used        Avail       (root)    %Capacity
    20457468     12423640      8033828      8033828          60%

-- 
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860  37F4 9357 ECEF 11EA A6FA (new)
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

More information about the openssh-unix-dev mailing list