Bug#152250: [debian@onerussian.com: /usr/sbin/sshd: wrong DISPLAY is due to hijacking someone other's one...]
Now that I am aware about openssh bsd vs openssh portable ( ;-) ), I looked at
the CVS of portable SSH (following [1]) to see what/when it really happened -
so it wasn't a BSD specific patch, it was only adopted by bsd team in 2002 but
was in portable ssh since 1.2.2p1 (Mar 2000). I am not sure on either I
should ask for help from openssh-unix-dev@mindrot.org or let openssh maintainer
to resolve the issue in the best way.
,-----
| revision 1.17
| date: 2000/03/03 11:35:33; author: damien; state: Exp; lines: +9 -1
| - Don't permanently fail on bind() if getaddrinfo has more choices left for
| us. Needed to work around messy IPv6 on Linux. Patch from Arkadiusz
| Miskiewicz <misiek@pld.org.pl>
`---
So it IPv6 still messy? if not, then probably this patch indeed could be safely
deapplied I guess ;-)
,------
| RCS file: /cvs/openssh/channels.c,v
| retrieving revision 1.16
| retrieving revision 1.17
| diff -u -r1.16 -r1.17
| --- channels.c 17 Jan 2000 02:22:55 -0000 1.16
| +++ channels.c 3 Mar 2000 11:35:33 -0000 1.17
| @@ -16,7 +16,7 @@
| */
|
| #include "includes.h"
| -RCSID("$Id: channels.c,v 1.16 2000/01/17 02:22:55 damien Exp $");
| +RCSID("$Id: channels.c,v 1.17 2000/03/03 11:35:33 damien Exp $");
|
| #include "ssh.h"
| #include "packet.h"
| @@ -935,7 +935,11 @@
| /* Bind the socket to the address. */
| if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
| /* address can be in use ipv6 address is already bound */
| - verbose("bind: %.100s", strerror(errno));
| + if (!ai->ai_next)
| + error("bind: %.100s", strerror(errno));
| + else
| + verbose("bind: %.100s", strerror(errno));
| +
| close(sock);
| continue;
| }
| @@ -1199,6 +1203,10 @@
| debug("bind port %d: %.100s", port, strerror(errno));
| shutdown(sock, SHUT_RDWR);
| close(sock);
| +
| + if (ai->ai_next)
| + continue;
| +
| for (n = 0; n < num_socks; n++) {
| shutdown(socks[n], SHUT_RDWR);
| close(socks[n]);
|
|
`---
[1] http://www.openssh.com/portable.html
On Sat, 03 Mar 2007, Yaroslav Halchenko wrote:
> Hi Ben,
> Thank you for the help. FWIW, I confirm that it indeed fixes an issue on
> my box.
> 1.
> unfortunately it probably implies that I was wrong in my estimate of
> connection of this issue to original old #152250. It was reported
> on 1:3.4p1-0.0woody1, which came out on 26 Jun 2002 whenever the patch
> you've mention is from Oct 2002... Heh - now I need to go to snapshots
> to verify if that line wasn't there in debian's release.. I wish we had
> CVS for all the projects ;-)
> hm - got
> 459c1d0262e939d6432f193c7a4ba8a8 openssh_3.4p1.orig.tar.gz
> and that one has already that condition in:
> and Changelog states release of 20020626
> so I don't get it... may be there was some custom patch to
> openssh_3.4p1.orig.tar.gz from debian? (not in diff.gz?) which later on
> was applied upstream in 1.183
> so where am I wrong or am I right?
> 2.
> ok - looking sober look at the list of occupied ports now I see why the
> heck it happened at the first place here.
> VNC occupied localhost:6013 but left ip6-localhost:6013 free. There was
> one other VNC running on port 10 (so the one which could interfere with
> sshd), BUT there was already one victim who ran ssh with forwarded X,
> but probably never used any X app to discover that he can't ;-) :
> ,---
> | sshd 4566 kuzey 8u IPv6 121986047 TCP ip6-localhost:6010 (LISTEN)
> | Xvnc4 11957 bart 0u IPv4 110812220 TCP *:6010 (LISTEN)
> `---
> and the next VNC was on :13, so whenever less salient user hit a but,
> she reported it to me, so I became investigating the issue.
> Meanwhile I was running main sshd with -4, so all new connections occupy
> only localhost:60XX, while old ones go for both {ip6-,}localhost:
> ,---
> | sshd 27484 yoh 8u IPv4 125284718 TCP localhost:6020 (LISTEN)
> | sshd 27484 yoh 9u IPv6 125284719 TCP ip6-localhost:6020 (LISTEN)
> | sshd 21917 arielle 8u IPv4 127502258 TCP localhost:6021 (LISTEN)
> `---
> without the problems-giving break, sshd allowed to ipv6 also occupies
> both (reporting FWIW)
> ,------------------------------------------------------------------------------
> | $> sudo lsof -i :6024
> | COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
> | sshd 441 yoh 8u IPv4 127627340 TCP localhost:6024 (LISTEN)
> | sshd 441 yoh 9u IPv6 127627341 TCP ip6-localhost:6024 (LISTEN)
> `---
> On Fri, 02 Mar 2007, Ben Hutchings wrote:
> > On Thu, 2007-03-01 at 17:44 -0500, Yaroslav Halchenko wrote:
> > <snip>
> > > | if (ai->ai_next)
> > > | continue;
> > <snip>
> > I believe these two lines are the source of the bug. Here's the change
> > that introduced it:
> > http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/channels.c#rev1.183
> > The commit message cites:
> > http://mail-index.netbsd.org/current-users/2002/09/16/0005.html
> > which says that binding to the wildcard IPv6 address fails if no
> > interfaces have IPv6 addresses assigned. I think that's a BSD kernel
> > bug that we don't need to pander to (and has probably been fixed in the
> > mean time).
> > Ben.
--
Yaroslav Halchenko
Research Assistant, Psychology Department, Rutgers-Newark
Student Ph.D. @ CS Dept. NJIT
Office: (973) 353-5440x263 | FWD: 82823 | Fax: (973) 353-1171
101 Warren Str, Smith Hall, Rm 4-105, Newark NJ 07102
WWW: http://www.linkedin.com/in/yarik
Reply to: