Bug#152250: [debian@onerussian.com: /usr/sbin/sshd: wrong DISPLAY is due to hijacking someone other's one...]
I am sorry: it is me again with probably the final question: stracing revealed
the difference which I can't resolve myself due to lack of knowledge in socket
programming and IPv6
for port 6012 ssh fails to allocate DISPLAY since it is taken (so it is
normal):
,----
| 31886 socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP) = 8
| 31886 connect(8, {sa_family=AF_INET6, sin6_port=htons(6012), inet_pton(AF_INET6, "::1", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, 28) = 0
| 31886 getsockname(8, {sa_family=AF_INET6, sin6_port=htons(58464), inet_pton(AF_INET6, "::1", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, [28]) = 0
| 31886 close(8) = 0
| 31886 socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 8
| 31886 connect(8, {sa_family=AF_INET, sin_port=htons(6012), sin_addr=inet_addr("127.0.0.1")}, 16) = 0
| 31886 getsockname(8, {sa_family=AF_INET, sin_port=htons(58464), sin_addr=inet_addr("127.0.0.1")}, [16]) = 0
| 31886 close(8) = 0
| 31886 socket(PF_INET, SOCK_STREAM, IPPROTO_TCP) = 8
| 31886 setsockopt(8, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0
| 31886 bind(8, {sa_family=AF_INET, sin_port=htons(6012), sin_addr=inet_addr("127.0.0.1")}, 16) = -1 EADDRINUSE (Address already in use)
| 31886 write(2, "debug2: bind port 6012: Address "..., 48) = 48
| 31886 close(8) = 0
`---
whenever for 6013 it succeeds using IPv6 (although I believe I never set
it up on that box)
,---
| 31886 socket(PF_INET6, SOCK_DGRAM, IPPROTO_IP) = 8
| 31886 connect(8, {sa_family=AF_INET6, sin6_port=htons(6013), inet_pton(AF_INET6, "::1", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, 28) = 0
| 31886 getsockname(8, {sa_family=AF_INET6, sin6_port=htons(58464), inet_pton(AF_INET6, "::1", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, [28]) = 0
| 31886 close(8) = 0
| 31886 socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 8
| 31886 connect(8, {sa_family=AF_INET, sin_port=htons(6013), sin_addr=inet_addr("127.0.0.1")}, 16) = 0
| 31886 getsockname(8, {sa_family=AF_INET, sin_port=htons(58464), sin_addr=inet_addr("127.0.0.1")}, [16]) = 0
| 31886 close(8) = 0
| 31886 socket(PF_INET, SOCK_STREAM, IPPROTO_TCP) = 8
| 31886 setsockopt(8, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0
| 31886 bind(8, {sa_family=AF_INET, sin_port=htons(6013), sin_addr=inet_addr("127.0.0.1")}, 16) = -1 EADDRINUSE (Address already in use)
| 31886 write(2, "debug2: bind port 6013: Address "..., 48) = 48
| 31886 close(8) = 0
| 31886 socket(PF_INET6, SOCK_STREAM, IPPROTO_TCP) = 8
| 31886 setsockopt(8, SOL_IPV6, IPV6_V6ONLY, [1], 4) = 0
| 31886 setsockopt(8, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0
| 31886 bind(8, {sa_family=AF_INET6, sin6_port=htons(6013), inet_pton(AF_INET6, "::1", &sin6_addr), sin6_flowinfo=0, sin6_scope_id=0}, 28) = 0
| 31886 listen(8, 128) = 0
| 31886 ioctl(8, SNDCTL_TMR_TIMEBASE or TCGETS, 0x7ffffff10a50) = -1 EINVAL (Invalid argument)
| 31886 ioctl(8, SNDCTL_TMR_TIMEBASE or TCGETS, 0x7ffffff10a50) = -1 EINVAL (Invalid argument)
| 31886 fcntl(8, F_GETFL) = 0x2 (flags O_RDWR)
| 31886 write(2, "debug2: fd 8 setting O_NONBLOCK\r"..., 33) = 33
| 31886 fcntl(8, F_SETFL, O_RDWR|O_NONBLOCK) = 0
| 31886 fcntl(8, F_GETFL) = 0x802 (flags O_RDWR|O_NONBLOCK)
| 31886 write(2, "debug3: fd 8 is O_NONBLOCK\r\n", 28) = 28
| 31886 write(2, "debug1: channel 1: new [X11 inet"..., 44) = 44
| 31886 uname({sys="Linux", node="ravana", ...}) = 0
| 31886 write(2, "debug1: server_input_channel_req"..., 88) = 88
| 31886 write(2, "debug1: session_by_channel: sess"..., 49) = 49
| 31886 write(2, "debug1: session_input_channel_re"..., 77) = 77
| .......
`---
Corresponding piece of code from sshd:
,----
|
| for (display_number = x11_display_offset;
| display_number < MAX_DISPLAYS;
| display_number++) {
| port = 6000 + display_number;
| memset(&hints, 0, sizeof(hints));
| hints.ai_family = IPv4or6;
| hints.ai_flags = x11_use_localhost ? 0: AI_PASSIVE;
| hints.ai_socktype = SOCK_STREAM;
| snprintf(strport, sizeof strport, "%d", port);
| if ((gaierr = getaddrinfo(NULL, strport, &hints, &aitop)) != 0) {
| error("getaddrinfo: %.100s", gai_strerror(gaierr));
| return -1;
| }
| for (ai = aitop; ai; ai = ai->ai_next) {
| if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
| continue;
| sock = socket(ai->ai_family, ai->ai_socktype,
| ai->ai_protocol);
| if (sock < 0) {
| if ((errno != EINVAL) && (errno != EAFNOSUPPORT)
| #ifdef EPFNOSUPPORT
| && (errno != EPFNOSUPPORT)
| #endif
| ) {
| error("socket: %.100s", strerror(errno));
| freeaddrinfo(aitop);
| return -1;
| } else {
| debug("x11_create_display_inet: Socket family %d not supported",
| ai->ai_family);
| continue;
| }
| }
| #ifdef IPV6_V6ONLY
| if (ai->ai_family == AF_INET6) {
| int on = 1;
| if (setsockopt(sock, IPPROTO_IPV6, IPV6_V6ONLY, &on, sizeof(on)) < 0)
| error("setsockopt IPV6_V6ONLY: %.100s", strerror(errno));
| }
| #endif
| channel_set_reuseaddr(sock);
| if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
| debug2("bind port %d: %.100s", port, strerror(errno));
| close(sock);
|
| if (ai->ai_next)
| continue;
|
| for (n = 0; n < num_socks; n++) {
| close(socks[n]);
| }
| num_socks = 0;
| break;
| }
| socks[num_socks++] = sock;
| #ifndef DONT_TRY_OTHER_AF
| if (num_socks == NUM_SOCKS)
| break;
| #else
| if (x11_use_localhost) {
| if (num_socks == NUM_SOCKS)
| break;
| } else {
| break;
| }
| #endif
| }
| freeaddrinfo(aitop);
| if (num_socks > 0)
| break;
| }
`---
Complete logging is under the same url
http://www.onerussian.com/Linux/bugs/ssh.display/
in .2 files
On Thu, 01 Mar 2007, Yaroslav Halchenko wrote:
> Here you can see how it looks from client and server sides running in
> verbose/debug modes. May be it would give a hint to a knowledgeable
> person
> http://www.onerussian.com/Linux/bugs/ssh.display/
--
.-.
=------------------------------ /v\ ----------------------------=
Keep in touch // \\ (yoh@|www.)onerussian.com
Yaroslav Halchenko /( )\ ICQ#: 60653192
Linux User ^^-^^ [175555]
Reply to: