openssh bugs - Apr 2018 - [Bug 2856] New: key-options.sh fails when pty /dev/ttyp1 is not owned by testing user

https://bugzilla.mindrot.org/show_bug.cgi?id=2856

            Bug ID: 2856
           Summary: key-options.sh fails when pty /dev/ttyp1 is not owned
                    by testing user
           Product: Portable OpenSSH
           Version: 7.6p1
          Hardware: ix86
                OS: NetBSD
            Status: NEW
          Severity: minor
          Priority: P5
         Component: Regression tests
          Assignee: unassigned-bugs at mindrot.org
          Reporter: openssh at vega.pgw.jp

This is report for OpenSSH-7.7p1, but the version dropbox lacks this
version. Probably also applicable for other versions.

Running "make t-exec" test on NetBSD as non-root.

This OS doesn't have /dev/ptmx, and relies on sshd(running as root) 
to chown the pty's ownership, so
chown("/dev/ttyp1", myuid, ttygid) by sshd invoked by user privilege
during the test will fail, unless
/dev/ttyp1 had been chown'ed to the user by previous ssh login.

run test key-options.sh seems to stumble on this:
======run test key-options.sh ...
key option command="echo bar"
key option no-pty,command="echo bar"
key option pty default
key option failed default
key option pty no-pty
key option pty restrict
key option pty restrict,pty
key option failed restrict,pty
key option environment
key option from="127.0.0.1"
key option from="127.0.0.0/8"
key option expiry-time default
key option expiry-time invalid
key option expiry-time expired
key option expiry-time valid
failed key options
*** Error code 1

=======regress/failed-sshd.log:
...
debug1: session_new: session 0
chown(/dev/ttyp1, 901, 4) failed: Operation not permitted
debug1: do_cleanup
debug1: session_pty_cleanup: session 0 release /dev/ttyp1
Attempt to write login records by non-root user (aborting)
...

======steps to reproduce:
- ssh otheruser at localhost, then logout, or
  just "chown root:tty /dev/ttyp1", to make next vacant pty slot
  to not be owned by the user.
- make t-exec ;# the test

======Workaround: Do "ssh localhost", then logout to fill the 
next vacant pty slot to be owned by myself.
This made key-options.sh (and perhaps other tests) to pass.
Running the test as root also works (but unrecommended for obvious
reasons).

I wonder whether this could be "fixed" or not.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2856

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |djm at mindrot.org
            Version|7.6p1                       |7.7p1

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2856

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Blocks|                            |2852

--- Comment #1 from Damien Miller <djm at mindrot.org> ---
Maybe we skip this pty bits of test on platforms that are known to
break


Referenced Bugs:

https://bugzilla.mindrot.org/show_bug.cgi?id=2852
[Bug 2852] Tracking bug for OpenSSH 7.8 release
-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2856

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Assignee|unassigned-bugs at mindrot.org |djm at mindrot.org
             Status|NEW                         |ASSIGNED
                 CC|                            |dtucker at dtucker.net
   Attachment #3149|                            |ok?(dtucker at dtucker.net)
              Flags|                            |

--- Comment #2 from Damien Miller <djm at mindrot.org> ---
Created attachment 3149
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3149&action=edit
Skip pty tests on platforms without openpty(3)

This skips the pty parts of the test on platforms that lack openpty(3).

The intent of this section of the test is solely to verify the options
processing logic wrt "strict" and positive/negative options, so it
doesn't need to run on every possible platform.

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2856

Darren Tucker <dtucker at dtucker.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #3149|ok?(dtucker at dtucker.net)    |ok+
              Flags|                            |

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2856

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|ASSIGNED                    |RESOLVED
         Resolution|---                         |FIXED

--- Comment #3 from Damien Miller <djm at mindrot.org> ---
Patch applied - will be in OpenSSH 7.8

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2856

Taketo Kabe <openssh at vega.pgw.jp> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |REOPENED
         Resolution|FIXED                       |---

--- Comment #4 from Taketo Kabe <openssh at vega.pgw.jp> ---
Tried out the OpenSSH-7.8;
I'm still bitten by this bug/feature.
Steps to reproduce: make t-exec
Workaround: Do "ssh localhost", logout, then run the tests

The longer output of the regress/failed-sshd.log:
===debug3: receive packet: type 98
debug1: server_input_channel_req: channel 0 request pty-req reply 1
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req pty-req
debug1: Allocating pty.
debug3: mm_request_send entering: type 28
debug3: mm_request_receive entering
debug3: monitor_read: checking request 28
debug3: mm_answer_pty entering
debug2: session_new: allocate (allocated 0 max 10)
debug3: session_unused: session id 0 unused
debug1: session_new: session 0
chown(/dev/ttyp2, 901, 4) failed: Operation not permitted
===
The pty_setowner() is called from monitor.c:mm_answer_pty() route.

I have found out that my OS do have openpty(3), so the 
test exclusion fix wasn't working.
I get some feeling that this couldn't be easily fixed, so
I will use the workaround for now.

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2856

--- Comment #5 from Damien Miller <djm at mindrot.org> ---
Is this still broken? AFAIK we regularly run integration tests on
NetBSD and it they are working okay.

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2856

--- Comment #6 from Taketo Kabe <openssh at vega.pgw.jp> ---
Lend me some time, I'm having trouble getting OpenSSL 3.0 build on my
old box.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2856

--- Comment #7 from Taketo Kabe <openssh at vega.pgw.jp> ---
openssh-9.5p1 still has trouble when testing on my old, old box
(NetBSD-1.6.2)

% make SHELL=/bin/ksh TEST_SHELL=/bin/ksh LTESTS=key-options t-exec
...
 key option command="echo bar"
 key option no-pty,command="echo bar"
 key option pty default
 key option failed default
 key option pty no-pty
 key option pty restrict
 key option pty restrict,pty
 key option failed restrict,pty
 key option environment
 key option from="127.0.0.1"
 key option from="127.0.0.0/8"
 key option expiry-time default
 key option expiry-time invalid
 key option expiry-time expired
 key option expiry-time valid
 failed key options
 *** Error code 1

==== regress/failed-sshd.log
debug2: session_new: allocate (allocated 0 max 10)
debug3: session_unused: session id 0 unused
debug1: session_new: session 0
chown(/dev/ttyp3, 901, 4) failed: Operation not permitted
debug1: do_cleanup
debug1: session_pty_cleanup2: session 0 release /dev/ttyp3
Attempt to write login records by non-root user (aborting)
debug3: mm_pty_allocate: waiting for MONITOR_ANS_PTY
debug3: mm_request_receive_expect: entering, type 29
debug3: mm_request_receive: entering
debug1: do_cleanup
FAIL: key option failed restrict,pty
...
===

This box has openpty(3), so $skip_pty in regress/key-options.sh is
not set, and tries to run failing tests and fail.

Local workaround:
===== regress/key-options.sh
# Allocating ptys can require privileges on some platforms.
skip_pty=""
if ! config_defined HAVE_OPENPTY && [ "x$SUDO" = "x"
]; then
        skip_pty="no openpty(3) and SUDO not set"
fi
skip_pty="have openpty, but sshd cannot chown" #<<<< add
this line
====
Of course this is not a fix. This box does not have sudo either.
I don't think complete support of this box in current OpenSSH is
feasible.

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.