bugzilla-daemon at bugzilla.mindrot.org
2015-Dec-11 17:41 UTC
[Bug 2516] New: ssh client shouldn't trust the DNS AD bit blindly
https://bugzilla.mindrot.org/show_bug.cgi?id=2516 Bug ID: 2516 Summary: ssh client shouldn't trust the DNS AD bit blindly Product: Portable OpenSSH Version: 7.1p1 Hardware: All OS: All Status: NEW Severity: security Priority: P5 Component: ssh Assignee: unassigned-bugs at mindrot.org Reporter: scott-mindrot at shambarger.net I've been working on getting DNSSEC local validation working on OSX with ldns (see bug 2119), and I see that the code for libresolv and libldns both trust the AD bit in DNS responses for the SSHFP by default.>From RFC 4035 section 4.6,A resolver MUST disregard the meaning of the CD and AD bits in a response unless the response was obtained by using a secure channel or the resolver was specifically configured to regard the message header bits without using a secure channel. My coffee house here happily sets the AD bit on DNSSEC answers, but I wouldn't trust that they did the correct validation... which means I could easily be auto-accepting server fingerprints for MITM hosts into which I may type my password (ie "Bad(tm)") AD bit might be useful, but not in an untrusted environment, and currently openssh doesn't have any way to know if it can trust the AD bit it gets, so per the RFC, it should probably ignore it unless it's explicitly configured to do otherwise. I suggest only treating the SSHFP as secure if the DNS response is locally validated (eg with ldns and a locally stored root anchor), and perhaps supporting the AD bit only if a (new) host config indicates that it's ok. -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2015-Dec-11 22:05 UTC
[Bug 2516] ssh client shouldn't trust the DNS AD bit blindly
https://bugzilla.mindrot.org/show_bug.cgi?id=2516 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |djm at mindrot.org --- Comment #1 from Damien Miller <djm at mindrot.org> --- That RFC advice is irrelevant to OpenSSH because OpenSSH isn't a resolver. OpenSSH talks to a resolver via libc interfaces (or optionally ldns) and its up to the resolver in use to determine the trustworthyness of AD. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2015-Dec-12 00:56 UTC
[Bug 2516] ssh client shouldn't trust the DNS AD bit blindly
https://bugzilla.mindrot.org/show_bug.cgi?id=2516 --- Comment #2 from scott-mindrot at shambarger.net --- The ssh process, (through libresolv, libldns or whatever), is processing a DNS packet from an untrusted third party resolver (it sends and receives DNS packets directly with the resolv.conf server, eg coffee shop router)... not sure who else is supposed to decide that the AD bit is untrusted at that point? -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2016-Jul-08 04:26 UTC
[Bug 2516] ssh client shouldn't trust the DNS AD bit blindly
https://bugzilla.mindrot.org/show_bug.cgi?id=2516 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |WONTFIX Status|NEW |RESOLVED --- Comment #3 from Damien Miller <djm at mindrot.org> --- Like I said, it's up to the resolver code. OpenSSH doesn't implement name resolution. We couldn't implement this even if we wanted to*, as the libc resolver doesn't expose the AD information to its callers. * short of implementing a full resolver in OpenSSH, which isn't going to happen. -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2016-Aug-02 00:41 UTC
[Bug 2516] ssh client shouldn't trust the DNS AD bit blindly
https://bugzilla.mindrot.org/show_bug.cgi?id=2516 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #4 from Damien Miller <djm at mindrot.org> --- Close all resolved bugs after 7.3p1 release -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
Reasonably Related Threads
- [Bug 2119] New: SSHFP with DNSSEC – no trust anchors given, validation always fails
- sshfp/ldns still having issues in 7.6
- [Bug 2702] New: ssh compiled with --with-ldns segfaults during known_hosts parsing
- [PATCH] Add support for ldns
- [Bug 2022] New: ssh segfaults when using ldns, SSHFP, a DNSSEC-enabled resolver and a CNAME