freebsd stable - Jun 2013 - Another bug in SSH in FreeBSD 8.4 (sftp cannot create relative symlinks)

Beside my previous complaint about sshd not starting after upgrade from 
FreeBSD 8.3 to 8.4 due to incompatible change in parsing sshd_config 
with empty VersionAddendum [1], there is another more serious bug in 
newly imported SSH in base (OpenSSH_6.1p1) which I am not able to fix / 
workaround.

In short: OpenSSH 6.1 is creating broken symlinks with sftp command on 
OpenSSH 5.4 server with chrooted account.
It will always creates symlinks with pseudo absolute path instead of 
relative.


SSH server (OpenSSH 5.4 on FreeBSD 8.3) is configured with the following 
settings for chrooting:

Match User devel
         ChrootDirectory /usr/home
         ForceCommand internal-sftp

And again, it was working fine with older version of FreeBSD / OpenSSH 
5.4 client (sftp command).
It is working with WinSCP too.

The sftp command used for creating the symlink is:

     symlink temp temp_symlink

Expected result shown by ls -l /usr/home/devel on server side is:

     temp_symlink -> temp
	
Broken links by OpenSSH 6.1 client:

     temp_symlink -> /devel/temp
	
So the symlink is not working outside of the sftp chrooted session (for 
example, Apache cannot read files from symlinked directory because only 
user "devel" is chrooted)

I tried to enable DEBUG logging in sshd_config on the server side with 
following results:

Expected behavior with OpenSSH 5.4 as sftp client

subsystem request for sftp
session opened for local user devel from [y.y.y.y]
received client version 3
realpath "."
symlink old "temp" new "/usr/home/devel/temp_symlink"
sent status Success
session closed for local user devel from [y.y.y.y]


Broken behavior with OpenSSH 6.1 as sftp client

subsystem request for sftp
session opened for local user devel from [x.x.x.x]
received client version 3
realpath "."
opendir "/usr/home/devel"
sent status End of file
closedir "/usr/home/devel"
sent status Success
symlink old "/usr/home/devel/temp" new
"/usr/home/devel/temp_symlink"
sent status Success

In both cases the sftp command is executed from simplified shellscript 
simulating much larger script for our application deployment:

echo "symlink temp temp_symlink
quit
" | sftp devel at x.x.x.x


The above debug output is the same with sftp-server and internal-sftp 
(in sshd_config). It does not matter if user account is chrooted or not 
- sftp command always creates symlink with an absolute path (with 
OpenSSH 6.1).

With OpenSSH 5.4 client, it will create relative path symlinks as expected.


So my questions are:

1) Is there some way to create relative symlinks with OpenSSH 6.1?

2) Was OpenSSH 6.1 tested before importing in to the base of FreeBSD 8.4 
release? These two bugs seems serious to me.

3) Is there any chance to fix these bugs in FreeBSD repository, or do we 
need to be "bug to bug" compatible with other systems using OpenSSH
6.x?

Miroslav Lachman

[1] sshd didn't run after upgrade to FreeBSD 8.4
http://lists.freebsd.org/pipermail/freebsd-stable/2013-June/073898.html

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 06/21/13 16:04, Miroslav Lachman wrote:
> 1) Is there some way to create relative symlinks with OpenSSH 6.1?
No.  It seems like a regression and can not be worked around.  I do
have a patch (attached; against crypto/openssh/), and my test shows
that it would fix the problem.
> 2) Was OpenSSH 6.1 tested before importing in to the base of
> FreeBSD 8.4 release? These two bugs seems serious to me.
This code is not new: it was in OpenBSD 3 years ago, and in FreeBSD
for more than 2 years (r221420 or 2011-05-04); OpenSSH 6.1 was
imported last September.  This issue you have just raised have been
there since FreeBSD 9.0-RELEASE.

So to me it seems like that the two issues are either rarely hit by
the general public (counting myself in: I have never used sftp to
create symbolic link remotely and have thus learned something new
today), or those who hit this have choose to keep silent about it.
Fortunately we have you noticed and reported the problem.

As a community effort, we really *need* people to grab in-development
snapshots and provide us the feedback.
> 3) Is there any chance to fix these bugs in FreeBSD repository, or
> do we need to be "bug to bug" compatible with other systems using
> OpenSSH 6.x?
I can not make a promise as I am not the maintainer.  However, I have
already reported this issue to upstream OpenBSD developers, so if this
was accepted by the upstream, we will commit the change locally to fix
the issue.

Unfortunately, it is too late to fix this for 8.4-RELEASE, and unless
we see widespread complain, I don't think the problem would affect a
significant amount of users to warrant a "errata" for supported
release (8.4-RELEASE, 9.1-RELEASE), however, if it would be fixed, the
fix would be merged to 8-STABLE and 9-STABLE and will be shipped with
future releases, if the fix enters the development branch before them.

Cheers,
- -- 
Xin LI <delphij at delphij.net>    https://www.delphij.net/
FreeBSD - The Power to Serve!           Live free or die
-----BEGIN PGP SIGNATURE-----

iQEcBAEBCgAGBQJRxPXUAAoJEG80Jeu8UPuzzRAH/AnNKnmsb6vX9LCNRsLtb2SG
bk2J4lx5XLK3sCYEeSL/npBtpwShGLMRnfTeb7oAPBU0skzpppHDpvwp8aIZUAGB
uMwMrln2YPKYfUJvtkPdUC+5Jm8OHnxwoYepOXkZSQy8R3ii1Q2Kpk9uGbez1i2i
iFaP+bQoCJxX8NdTRE/WrPjpfgq8KvUOowBn21dGLZ+MGUL5RlffvrOgth8Py4rp
ByekHuvwNz0i5wxILmriPKg04MhI8Ljy6Y8KxjZhn6v3fjEO7D5FvVlJP8us9iu0
AsFbnkBOvaYxJFDCmlh7u4fumCcsvtwmsmNbiqFRdQVbDuyMdvf880kNrmgCb5k=vS/U
-----END PGP SIGNATURE-----
-------------- next part --------------
Index: usr.bin/ssh/sftp.c
==================================================================RCS file:
/home/openbsd/src/usr.bin/ssh/sftp.c,v
retrieving revision 1.143
diff -u -p -u -r1.143 sftp.c
--- usr.bin/ssh/sftp.c	18 Apr 2013 02:16:07 -0000	1.143
+++ usr.bin/ssh/sftp.c	22 Jun 2013 00:26:00 -0000
@@ -1313,7 +1313,6 @@ parse_dispatch_command(struct sftp_conn 
 	case I_SYMLINK:
 		sflag = 1;
 	case I_LINK:
-		path1 = make_absolute(path1, *pwd);
 		path2 = make_absolute(path2, *pwd);
 		err = (sflag ? do_symlink : do_hardlink)(conn, path1, path2);
 		break;

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

FYI, Dag-Erling have committed the upstream fix to -HEAD today and we
will make sure that this gets merged before 9.2-RELEASE.

Author: des
Date: Tue Aug 13 09:06:18 2013
New Revision: 254278
URL: http://svnweb.freebsd.org/changeset/base/254278

Log:
  Apply upstream revision 1.151 (fix relative symlinks)

  MFC after:	3 days

Modified:
  head/crypto/openssh/sftp.c
Directory Properties:
  head/crypto/openssh/   (props changed)

Modified: head/crypto/openssh/sftp.c
=============================================================================-
--- head/crypto/openssh/sftp.c	Tue Aug 13 09:04:20 2013	(r254277)
+++ head/crypto/openssh/sftp.c	Tue Aug 13 09:06:18 2013	(r254278)
@@ -1328,7 +1328,8 @@ parse_dispatch_command(struct sftp_conn
 	case I_SYMLINK:
 		sflag = 1;
 	case I_LINK:
- -		path1 = make_absolute(path1, *pwd);
+		if (!sflag)
+			path1 = make_absolute(path1, *pwd);
 		path2 = make_absolute(path2, *pwd);
 		err = (sflag ? do_symlink : do_hardlink)(conn, path1, path2);
 		break;

Cheers,
- -- 
Xin LI <delphij at delphij.net>    https://www.delphij.net/
FreeBSD - The Power to Serve!           Live free or die
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.20 (FreeBSD)

iQEcBAEBCgAGBQJSCrEpAAoJEG80Jeu8UPuzOsMIALKkg0+g2IhX5dAxGL9UU6AT
7/f/iEfDIYmTv1QRwZQ1B544Mf02NmSztEmVz5pwQCsSmw+rmF27t6iBbN6q5ipM
XUB+A3VsAGRmI8j/2ixwzs3AXTAdC/uhgswVMQyiuS35cYaArGAirZWxUESGIiqk
K7Hnc8vYDWZ+hbNIpPFNNvsdunltq42BJ5kHh07X3elqR7lJaGC7qQM8IoHo90nG
R4GPagM6tbuXdB/UzrW0ozgRf4VqE+SFCC8UAnnE/E61h7Fb0/GkD0XlsdTFrl3f
0Aadhs+jfwxV7UJgyGvuep9RsFuM/mUMHXAw8K3vuPbF6KA9U7XI1KmS8ym5G3A=ERoe
-----END PGP SIGNATURE-----