Call for testing: OpenSSH 10.4
Felix Fehlauer
felix.fehlauer at fs.ei.tum.de
Wed Jul 1 20:53:26 AEST 2026
On 7/1/26 04:01, Darren Tucker wrote:
> On Wed, 1 Jul 2026 at 10:03, Damien Miller <djm at mindrot.org> wrote:
>> On Tue, 30 Jun 2026, Felix Fehlauer via openssh-unix-dev wrote:
> [...]
>>> Besides this tests fail on Fedora Linux 44:
>>>
>>> failed copy of /bin/ls
>>> cmp: EOF on ‘/tmp/openssh/regress/copy’ which is empty
>>> corrupted copy of /bin/ls
>>> failed local and remote forwarding
> [...]
>> regress/failed*.log often has useful debugging information that can help
>> identify the cause of failures.
The last lines of the make test output are:
test -D forwarding
test -R forwarding
PermitRemoteOpen=any
PermitRemoteOpen=none
PermitRemoteOpen=explicit
PermitRemoteOpen=disallowed
ok dynamic forwarding
run test forwarding.sh ...
WARNING: Unsafe (group or world writable) directory permissions found:
/tmp
These could be abused to locally escalate privileges. If you are
sure that this is not a risk (eg there are no other users), you can
bypass this check by setting TEST_SSH_UNSAFE_PERMISSIONS=1
failed copy of /bin/ls
cmp: EOF on ‘/tmp/openssh/regress/copy’ which is empty
corrupted copy of /bin/ls
failed local and remote forwarding
make[1]: *** [Makefile:245: t-exec] Error 1
make[1]: Leaving directory '/tmp/openssh/regress'
make: *** [Makefile:830: t-exec] Error 2
Re-running with TEST_SSH_UNSAFE_PERMISSIONS=1 (as there indeed is only
one user) only makes this warning disappear, but the error remains.
Executing the tests in a different directory also does not make a
difference.
I have attached the full regress/failed*.log. It contains the following
lines that seem strange to me:
debug1: kex_exchange_identification: banner line 0: UNKNOWN COMMAND
kex_exchange_identification: Connection closed by remote host
Connection closed by 127.0.0.1 port 3322
All the other log files referenced in these logs unfortunately don't exist.
> I've run it here on Fedora 44 so it's possible for it to work. My
> guess is that something is preventing you from reading /bin/ls. maybe
> selinux? is /bin/ls world-readable?
Yes, it is world-readable:
-rwxr-xr-x. 1 root root 153400 Jun 11 02:00 /bin/ls
I cannot find any SELinux denials.
Thanks for the help!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: failed-ssh.log
Type: text/x-log
Size: 5794 bytes
Desc: not available
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20260701/97555aac/attachment-0003.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: failed-sshd.log
Type: text/x-log
Size: 92 bytes
Desc: not available
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20260701/97555aac/attachment-0004.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: failed-regress.log
Type: text/x-log
Size: 3484 bytes
Desc: not available
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20260701/97555aac/attachment-0005.bin>
More information about the openssh-unix-dev
mailing list