[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[debian@onerussian.com: /usr/sbin/sshd: wrong DISPLAY is due to hijacking someone other's one...]

Dear Developers,

I think I've hit a really old bug (woody time) in ssh, and that
system is in the state when I could debug it a bit more to localize the
problem.

Please see my report below and original url to bug is of cause
http://bugs.debian.org/152250

Please advise on what to look for... for now I am going to check the
trace in channels.c:x11_create_display_inet which is the one handing out
DISPLAYs

----- Forwarded message from Yaroslav Halchenko <debian@onerussian.com> -----

Date: Thu, 01 Mar 2007 16:59:29 -0500
From: Yaroslav Halchenko <debian@onerussian.com>
To: Debian Bug Tracking System <152250@bugs.debian.org>
Subject: /usr/sbin/sshd: wrong DISPLAY is due to hijacking someone other's one...

Package: openssh-server
Version: 1:4.3p2-8
Followup-For: Bug #152250

It might be the same issue (just with 1 difference I will mention) or a
new one... I am not sure... 

today a user reported that forwarding X fails, ie she can't run X
application after being logged in.
sshd was assigning DISPLAY=localhost:13.0 whenever there is another user
using :13 in VNC:

cat      11990  0.0  0.2  32472 20836 ?        S    Feb12   0:27 Xvnc4 :13 -desktop ravana:13 (cat) -auth /home/cat/.Xauthority -geometry 1200x900 -depth 16 -rfbwait 30000 -rfbauth /home/cat/.vnc/passwd -rfbport 5913 -pn -fp /usr/share/fonts/X11/Type1,/usr/lib/X11/fonts/Type1,/usr/lib/X11/fonts/Speedo,/usr/share/fonts/X11/misc,/usr/lib/X11/fonts/misc,/usr/share/fonts/X11/cyrillic,/usr/lib/X11/fonts/cyrillic,/usr/share/fonts/X11/100dpi,/usr/lib/X11/fonts/100dpi,/usr/share/fonts/X11/75dpi,/usr/lib/X11/fonts/75dpi -co /etc/X11/rgb

ok - so I had to leave that terminal opened (with :13) and  minimized so sshd
would not try to assign it to any other new connection.  Meanwhile I've
tried to debug it in gdb but unfortunately gdb asserted me away - now building
a backport from sid - may be it would help ;-)

*  a bit more details about PID 11990 (VNC with :13): it seems to be ok and has reported multiple attempt to abuse its display:

 AUDIT: Thu Mar  1 12:45:35 2007: 11990 Xvnc4: client 20 rejected from IP 127.0.0.1 port 42522
  Auth name: MIT-MAGIC-COOKIE-1 ID: -1

* and bash which got :13 has environ:
USER=arielleLOGNAME=arielleHOME=/home/rumba/ariellePATH=/usr/local/bin:/usr/bin:/bin:/usr/bin/X11:/usr/gamesMAIL=/var/mail/arielleSHELL=/bin/bashSSH_CLIENT=192.168.22.23 35385 22SSH_CONNECTION=192.168.22.23 35385 192.168.22.16 22SSH_TTY=/dev/pts/53TERM=xtermDISPLAY=localhost:13.0LANG=en_US.UTF-8SSH_AUTH_SOCK=/tmp/ssh-VdHkb14243/agent.14243
  
as you can see both of them compete for the same DISPLAY:

$> lsof -i :6013
COMMAND   PID    USER   FD   TYPE    DEVICE SIZE NODE NAME
Xvnc4   11990     cat    0u  IPv4 107557584       TCP *:6013 (LISTEN)
sshd    14243 arielle   10u  IPv6 125115132       TCP ip6-localhost:6013 (LISTEN)

I hope this would be of any help... if anyone requests rapidly for more information I would be glad to provide it

-- System Information:
Debian Release: 4.0
  APT prefers testing-proposed-updates
  APT policy: (500, 'testing-proposed-updates'), (500, 'testing')
Architecture: amd64 (x86_64)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.16-2-amd64-generic
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)

Versions of packages openssh-server depends on:
ii  adduser  3.102                           Add and remove users and groups
ii  debconf  1.5.11                          Debian configuration management sy
ii  dpkg     1.13.25                         package maintenance system for Deb
ii  libc6    2.3.6.ds1-8                     GNU C Library: Shared libraries
ii  libcomer 1.39+1.40-WIP-2006.11.14+dfsg-1 common error description library
ii  libkrb53 1.4.4-6                         MIT Kerberos runtime libraries
ii  libpam-m 0.79-4                          Pluggable Authentication Modules f
ii  libpam-r 0.79-4                          Runtime support for the PAM librar
ii  libpam0g 0.79-4                          Pluggable Authentication Modules l
ii  libselin 1.32-3                          SELinux shared libraries
ii  libssl0. 0.9.8c-4                        SSL shared libraries
ii  libwrap0 7.6.dbs-12                      Wietse Venema's TCP wrappers libra
ii  openssh- 1:4.3p2-8                       Secure shell client, an rlogin/rsh
ii  zlib1g   1:1.2.3-13                      compression library - runtime

openssh-server recommends no packages.

-- debconf information:
  ssh/insecure_rshd:
* ssh/insecure_telnetd:
  ssh/new_config: true
* ssh/use_old_init_script: true
  ssh/disable_cr_auth: false
  ssh/encrypted_host_key_but_no_keygen:


----- End forwarded message -----

-- 
Yaroslav Halchenko
Research Assistant, Psychology Department, Rutgers-Newark
Student  Ph.D. @ CS Dept. NJIT
Office: (973) 353-5440x263 | FWD: 82823 | Fax: (973) 353-1171
        101 Warren Str, Smith Hall, Rm 4-105, Newark NJ 07102
WWW:     http://www.linkedin.com/in/yarik
Reply to: