openssh bugs - Feb 2019 - [Bug 2973] New: Broken pipe after authentication when including coverage information

https://bugzilla.mindrot.org/show_bug.cgi?id=2973

            Bug ID: 2973
           Summary: Broken pipe after authentication when including
                    coverage information
           Product: Portable OpenSSH
           Version: 7.9p1
          Hardware: amd64
                OS: Linux
            Status: NEW
          Severity: minor
          Priority: P5
         Component: sshd
          Assignee: unassigned-bugs at mindrot.org
          Reporter: seroland86 at gmail.com

Created attachment 3246
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3246&action=edit
log

If OpenSSH is compiled with gcc using --coverage sshd returns with a
broken pipe error after authentication. The last working version is
7.1. To reproduce compile with: CFLAGS=--coverage LIBS='-lgcov'
./configure && make && make install.

Only got it working using --with-sandbox=no.

Attached are ssh and sshd debug logs.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2973

--- Comment #1 from Sebastian Roland <seroland86 at gmail.com> ---
gcc -v
Using built-in specs.
COLLECT_GCC=gcc
COLLECT_LTO_WRAPPER=/usr/lib/gcc/x86_64-pc-linux-gnu/8.2.1/lto-wrapper
Target: x86_64-pc-linux-gnu
Configured with: /build/gcc/src/gcc/configure --prefix=/usr
--libdir=/usr/lib --libexecdir=/usr/lib --mandir=/usr/share/man
--infodir=/usr/share/info --with-bugurl=https://bugs.archlinux.org/
--enable-languages=c,c++,ada,fortran,go,lto,objc,obj-c++
--enable-shared --enable-threads=posix --enable-libmpx
--with-system-zlib --with-isl --enable-__cxa_atexit
--disable-libunwind-exceptions --enable-clocale=gnu
--disable-libstdcxx-pch --disable-libssp --enable-gnu-unique-object
--enable-linker-build-id --enable-lto --enable-plugin
--enable-install-libiberty --with-linker-hash-style=gnu
--enable-gnu-indirect-function --enable-multilib --disable-werror
--enable-checking=release --enable-default-pie --enable-default-ssp
--enable-cet=auto
Thread model: posix
gcc version 8.2.1 20181127 (GCC)

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2973

Jakub Jelen <jjelen at redhat.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |jjelen at redhat.com

--- Comment #2 from Jakub Jelen <jjelen at redhat.com> ---
When compiled with coverage support, the server tries to write files
about the line coverage. This indeed fails in the net child, which is
confined with seccomp filter sandbox and chroot by default. I am not
sure why you would need to authenticate to ssh when it is compiled with
coverage support.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2973

--- Comment #3 from Sebastian Roland <seroland86 at gmail.com> ---
Jakub, thank you for your quick reply. You are right about the writing
of coverage data. I managed to get that working however it is still
only usable when compiling without sandbox support. The reason why it
is relevant is that you might want to have coverage reports about your
test cases which are failing because of the described behavior.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2973

--- Comment #4 from Jakub Jelen <jjelen at redhat.com> ---
Coverage data for integration tests (as opposed to unit tests) are not
always very helpful. It might show you what lines were not executed,
but does not give you any assurance that the executed lines did always
the right thing.

We were facing similar issue with libssh, which is using OpenSSH server
to test against. At this moment, we do not run coverage in this part of
the testsuite, but it should be possible to workaround this by
replacing these functions from LD_PRELOAD, as proposed in the following
project. Unfortunately, I was not able to make it working for coverage
so far.

Otherwise, for testing, it should be probably fine to run without the
sandbox.

https://gitlab.com/cryptomilk/priv_wrapper/tree/master

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2973

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
                 CC|                            |djm at mindrot.org
         Resolution|---                         |WONTFIX

--- Comment #5 from Damien Miller <djm at mindrot.org> ---
Yes, doing this sort of stuff almost always requires disabling
sandboxing and also sometimes patching out the chroot() calls in
sshd.c.

We don't have any concrete plans to change this, as it affects only
developers, and I don't want to leave a loaded footgun around for
everyone else.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2973

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |CLOSED

--- Comment #6 from Damien Miller <djm at mindrot.org> ---
Closing all resolved bug with release of openssh-8.2

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.