Call for testing: OpenSSH 8.9
Thorsten Glaser
t.glaser at tarent.de
Fri Feb 18 10:35:38 AEDT 2022
On Fri, 18 Feb 2022, Damien Miller wrote:
> these can be a bit tricky. There are some instructions at the top of
> sandbox-seccomp.c if you want to give it a try but unfortunately the
In musl libc, you also have to comment out the…
# include <asm/siginfo.h>
… because such a header is not shipped with it. The compilation works
without, though.
Unfortunately, dalias is very strictly against making it possible to
detect musl at compile time, so wrapping it in #ifdef __GLIBC__ or so.
There are none of the expected messages though :/
But perhaps this strace snippet helps:
write(2, "debug1: inetd sockets after dupp"..., 43debug1: inetd sockets after dupping: 3, 3
) = 43
fcntl(3, F_SETFD, FD_CLOEXEC) = 0
fcntl(3, F_SETFD, FD_CLOEXEC) = 0
rt_sigaction(SIGALRM, {sa_handler=SIG_DFL, sa_mask=~[RTMIN RT_1 RT_2], sa_flags=SA_RESTORER, sa_restorer=0x7f74765eea48}, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGHUP, {sa_handler=SIG_DFL, sa_mask=~[RTMIN RT_1 RT_2], sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x7f74765eea48}, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGTERM, {sa_handler=SIG_DFL, sa_mask=~[RTMIN RT_1 RT_2], sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x7f74765eea48}, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGQUIT, {sa_handler=SIG_DFL, sa_mask=~[RTMIN RT_1 RT_2], sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x7f74765eea48}, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGCHLD, {sa_handler=SIG_DFL, sa_mask=~[RTMIN RT_1 RT_2], sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x7f74765eea48}, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGINT, {sa_handler=SIG_DFL, sa_mask=~[RTMIN RT_1 RT_2], sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x7f74765eea48}, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7476566000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7476565000
getpeername(3, {sa_family=AF_INET, sin_port=htons(45850), sin_addr=inet_addr("127.0.0.1")}, [128->16]) = 0
getpeername(3, {sa_family=AF_INET, sin_port=htons(45850), sin_addr=inet_addr("127.0.0.1")}, [128->16]) = 0
getsockname(3, {sa_family=AF_INET, sin_port=htons(4242), sin_addr=inet_addr("127.0.0.1")}, [128->16]) = 0
getsockname(3, {sa_family=AF_INET, sin_port=htons(4242), sin_addr=inet_addr("127.0.0.1")}, [128->16]) = 0
getpeername(3, {sa_family=AF_INET, sin_port=htons(45850), sin_addr=inet_addr("127.0.0.1")}, [128->16]) = 0
getsockopt(3, SOL_IP, IP_OPTIONS, 0x7ffddb068c90, [200->0]) = 0
setsockopt(3, SOL_SOCKET, SO_KEEPALIVE, [1], 4) = 0
getsockname(3, {sa_family=AF_INET, sin_port=htons(4242), sin_addr=inet_addr("127.0.0.1")}, [128->16]) = 0
getpid() = 6833
write(2, "Connection from 127.0.0.1 port 4"..., 61Connection from 127.0.0.1 port 45850 on 127.0.0.1 port 4242
) = 61
rt_sigprocmask(SIG_UNBLOCK, [RT_1 RT_2], NULL, 8) = 0
rt_sigaction(SIGALRM, {sa_handler=0x55f8c5084f80, sa_mask=~[RTMIN RT_1 RT_2], sa_flags=SA_RESTORER, sa_restorer=0x7f74765eea48}, {sa_handler=SIG_DFL, sa_mask=~[KILL STOP RTMIN RT_1 RT_2], sa_flags=SA_RESTORER, sa_restorer=0x7f74765eea48}, 8) = 0
write(3, "SSH-2.0-OpenSSH_8.8\r\n", 21) = 21
getpid() = 6833
write(2, "debug1: Local version string SSH"..., 50debug1: Local version string SSH-2.0-OpenSSH_8.8
) = 50
read(3, "S", 1) = 1
read(3, "S", 1) = 1
read(3, "H", 1) = 1
read(3, "-", 1) = 1
read(3, "2", 1) = 1
read(3, ".", 1) = 1
read(3, "0", 1) = 1
read(3, "-", 1) = 1
read(3, "O", 1) = 1
read(3, "p", 1) = 1
read(3, "e", 1) = 1
read(3, "n", 1) = 1
read(3, "S", 1) = 1
read(3, "S", 1) = 1
read(3, "H", 1) = 1
read(3, "_", 1) = 1
read(3, "8", 1) = 1
read(3, ".", 1) = 1
read(3, "8", 1) = 1
read(3, "\r", 1) = 1
read(3, "\n", 1) = 1
getpid() = 6833
write(2, "debug1: Remote protocol version "..., 74debug1: Remote protocol version 2.0, remote software version OpenSSH_8.8
) = 74
getpid() = 6833
write(2, "debug1: compat_banner: match: Op"..., 74debug1: compat_banner: match: OpenSSH_8.8 pat OpenSSH* compat 0x04000000
) = 74
fcntl(3, F_GETFL) = 0x2 (flags O_RDWR)
getpid() = 6833
write(2, "debug2: fd 3 setting O_NONBLOCK\r"..., 33debug2: fd 3 setting O_NONBLOCK
) = 33
fcntl(3, F_SETFL, O_RDWR|O_NONBLOCK|O_LARGEFILE) = 0
socketpair(AF_UNIX, SOCK_STREAM, 0, [4, 5]) = 0
fcntl(4, F_SETFD, FD_CLOEXEC) = 0
fcntl(5, F_SETFD, FD_CLOEXEC) = 0
pipe([6, 7]) = 0
fcntl(6, F_SETFD, FD_CLOEXEC) = 0
fcntl(7, F_SETFD, FD_CLOEXEC) = 0
getpid() = 6833
write(2, "debug3: ssh_sandbox_init: prepar"..., 52debug3: ssh_sandbox_init: preparing rlimit sandbox
) = 52
rt_sigprocmask(SIG_BLOCK, ~[RTMIN RT_1 RT_2], [], 8) = 0
rt_sigprocmask(SIG_BLOCK, ~[], ~[KILL STOP RTMIN RT_1 RT_2], 8) = 0
fork() = 6837
rt_sigprocmask(SIG_SETMASK, ~[KILL STOP RTMIN RT_1 RT_2], NULL, 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
getpid() = 6833
write(2, "debug2: Network child is on pid "..., 38debug2: Network child is on pid 6837
) = 38
getpid() = 6833
write(2, "debug3: preauth child monitor st"..., 39debug3: preauth child monitor started
) = 39
close(4) = 0
close(7) = 0
poll([{fd=5, events=POLLIN}, {fd=6, events=POLLIN}], 2, -1strace: Process 6837 attached
<unfinished ...>
[pid 6837] gettid() = 6837
[pid 6837] rt_sigprocmask(SIG_SETMASK, ~[KILL STOP RTMIN RT_1 RT_2], NULL, 8) = 0
[pid 6837] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 6837] close(5) = 0
[pid 6837] close(6) = 0
[pid 6837] getrandom("\x85\x8b\x44\xc8\x9b\xc6\x2e\x9f\xcd\x23\x8d\xb5\xb2\xd1\x34\x6a\x49\x21\x1b\x01\x68\xb0\xff\x27\xc2\x99\x9b\xfd\x10\xb1\x88\xcc"..., 40, 0) = 40
[pid 6837] getpid() = 6837
[pid 6837] getrandom("\x79\xb0\x34\x61\x78\x74\xdb\x57\x6f\xda\x0e\x03\xf2\xc1\x20\xf6\x25\x43\xaa\x37\x01\x3e\xd4\x7b\xbe\x9b\xd9\xee\x18\x30\x2e\x9e"..., 40, 0) = 40
[pid 6837] munmap(0x7f747656e000, 20480) = 0
[pid 6837] munmap(0x7f7476569000, 20480) = 0
[pid 6837] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=0, rlim_max=0}, NULL) = 0
[pid 6837] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=0, rlim_max=0}, NULL) = 0
[pid 6837] prlimit64(0, RLIMIT_NPROC, {rlim_cur=0, rlim_max=0}, NULL) = 0
[pid 6837] getpid() = 6837
[pid 6837] write(7, "\0\0\0F\0\0\0\5\0\0\0\0\0\0\0:list_hostkey_typ"..., 74 <unfinished ...>
[pid 6833] <... poll resumed>) = 1 ([{fd=6, revents=POLLIN}])
[pid 6837] <... write resumed>) = 74
[pid 6833] read(6, <unfinished ...>
[pid 6837] mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 <unfinished ...>
[pid 6833] <... read resumed>"\0\0\0F", 4) = 4
[pid 6837] <... mmap resumed>) = 0x7f7476572000
[pid 6833] read(6, "\0\0\0\5\0\0\0\0\0\0\0:list_hostkey_types: "..., 70) = 70
[pid 6837] getpid( <unfinished ...>
[pid 6833] write(2, "debug1: list_hostkey_types: ssh-"..., 78 <unfinished ...>
[pid 6837] <... getpid resumed>) = 6837
debug1: list_hostkey_types: ssh-ed25519,sk-ssh-ed25519 at openssh.com [preauth]
[pid 6833] <... write resumed>) = 78
[pid 6837] getpid( <unfinished ...>
[pid 6833] poll([{fd=5, events=POLLIN}, {fd=6, events=POLLIN}], 2, -1 <unfinished ...>
[pid 6837] <... getpid resumed>) = 6837
[pid 6837] write(7, "\0\0\0 \0\0\0\7\0\0\0\0\0\0\0\24send packet: typ"..., 36 <unfinished ...>
[pid 6833] <... poll resumed>) = 1 ([{fd=6, revents=POLLIN}])
[pid 6837] <... write resumed>) = 36
[pid 6833] read(6, <unfinished ...>
[pid 6837] getpid( <unfinished ...>
[pid 6833] <... read resumed>"\0\0\0 ", 4) = 4
[pid 6837] <... getpid resumed>) = 6837
[pid 6833] read(6, <unfinished ...>
[pid 6837] write(7, "\0\0\0!\0\0\0\5\0\0\0\0\0\0\0\25SSH2_MSG_KEXINIT"..., 37 <unfinished ...>
[pid 6833] <... read resumed>"\0\0\0\7\0\0\0\0\0\0\0\24send packet: type 20", 32) = 32
[pid 6837] <... write resumed>) = 37
[pid 6833] write(2, "debug3: send packet: type 20 [pr"..., 40 <unfinished ...>
debug3: send packet: type 20 [preauth]
[pid 6837] write(3, "\0\0\2\354\10\24\352\345t\306\f\335\217l1\f\227\252\353\vf\337\0\0\0Qcurve2"..., 752 <unfinished ...>
[pid 6833] <... write resumed>) = 40
[pid 6833] poll([{fd=5, events=POLLIN}, {fd=6, events=POLLIN}], 2, -1 <unfinished ...>
[pid 6837] <... write resumed>) = 752
[pid 6833] <... poll resumed>) = 1 ([{fd=6, revents=POLLIN}])
[pid 6833] read(6, "\0\0\0!", 4) = 4
[pid 6833] read(6, "\0\0\0\5\0\0\0\0\0\0\0\25SSH2_MSG_KEXINIT sen"..., 33) = 33
[pid 6833] write(2, "debug1: SSH2_MSG_KEXINIT sent [p"..., 41debug1: SSH2_MSG_KEXINIT sent [preauth]
) = 41
[pid 6833] poll([{fd=5, events=POLLIN}, {fd=6, events=POLLIN}], 2, -1 <unfinished ...>
[pid 6837] ppoll([{fd=3, events=POLLIN}], 1, NULL, NULL, 8) = -1 EINVAL (Invalid argument)
[pid 6837] getpid() = 6837
[pid 6837] write(7, "\0\0\0Z\0\0\0\3\0\0\0\0\0\0\0Nssh_dispatch_run"..., 94 <unfinished ...>
[pid 6833] <... poll resumed>) = 1 ([{fd=6, revents=POLLIN}])
[pid 6837] <... write resumed>) = 94
[pid 6833] read(6, "\0\0\0Z", 4) = 4
[pid 6833] read(6, "\0\0\0\3\0\0\0\0\0\0\0Nssh_dispatch_run_fat"..., 90) = 90
[pid 6833] write(2, "ssh_dispatch_run_fatal: Connecti"..., 90ssh_dispatch_run_fatal: Connection from 127.0.0.1 port 45850: Invalid argument [preauth]
) = 90
[pid 6833] poll([{fd=5, events=POLLIN}, {fd=6, events=POLLIN}], 2, -1 <unfinished ...>
[pid 6837] getpid() = 6837
[pid 6837] write(7, "\0\0\0\26\0\0\0\5\0\0\0\0\0\0\0\ndo_cleanup", 26 <unfinished ...>
[pid 6833] <... poll resumed>) = 1 ([{fd=6, revents=POLLIN}])
[pid 6837] <... write resumed>) = 26
[pid 6833] read(6, "\0\0\0\26", 4) = 4
[pid 6833] read(6, "\0\0\0\5\0\0\0\0\0\0\0\ndo_cleanup", 22) = 22
[pid 6833] write(2, "debug1: do_cleanup [preauth]\r\n", 30debug1: do_cleanup [preauth]
) = 30
[pid 6833] poll([{fd=5, events=POLLIN}, {fd=6, events=POLLIN}], 2, -1 <unfinished ...>
[pid 6837] exit_group(255) = ?
[pid 6833] <... poll resumed>) = 1 ([{fd=6, revents=POLLHUP}])
[pid 6837] +++ exited with 255 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6837, si_uid=1000, si_status=255, si_utime=0, si_stime=0} ---
read(6, "", 4) = 0
getpid() = 6833
write(2, "debug1: monitor_read_log: child "..., 47debug1: monitor_read_log: child log fd closed
) = 47
close(6) = 0
poll([{fd=5, events=POLLIN}], 1, -1) = 1 ([{fd=5, revents=POLLIN|POLLHUP}])
getpid() = 6833
write(2, "debug3: mm_request_receive: ente"..., 38debug3: mm_request_receive: entering
) = 38
read(5, "", 4) = 0
getpid() = 6833
write(2, "debug1: do_cleanup\r\n", 20debug1: do_cleanup
) = 20
getpid() = 6833
write(2, "debug1: Killing privsep child 68"..., 36debug1: Killing privsep child 6837
) = 36
kill(6837, SIGKILL) = 0
exit_group(255) = ?
+++ exited with 255 +++
bye,
//mirabilos
--
«MyISAM tables -will- get corrupted eventually. This is a fact of life. »
“mysql is about as much database as ms access” – “MSSQL at least descends
from a database” “it's a rebranded SyBase” “MySQL however was born from a
flatfile and went downhill from there” – “at least jetDB doesn’t claim to
be a database” (#nosec) ‣‣‣ Please let MySQL and MariaDB finally die!
More information about the openssh-unix-dev
mailing list