bugzilla-daemon at bugzilla.mindrot.org
2019-Aug-14 08:14 UTC
[Bug 3057] New: Fork-bomb when misconfiguring a host to ProxyJump onto itself
https://bugzilla.mindrot.org/show_bug.cgi?id=3057
Bug ID: 3057
Summary: Fork-bomb when misconfiguring a host to ProxyJump onto
itself
Product: Portable OpenSSH
Version: 7.9p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh
Assignee: unassigned-bugs at mindrot.org
Reporter: andrej at kacian.sk
Following configuration causes ssh to spawn endless copies of itself
when user tries to connect to the specified host.
Host foo
ProxyJump foo
# or more generic
Host *
ProxyJump %h
I have reproduced this on 7.9p1 on Suse Linux Enterprise Server 15 and
on 7.4p1 on Debian Stretch (currently oldstable).
Depending on limits configured on the server, this, like any other
forkbomb, can cause all kinds of fun behavior on the local server.
Perhaps the client could check for this edge case and avoid trying to
make an impossible proxy connection.
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2019-Dec-21 10:28 UTC
[Bug 3057] Fork-bomb when misconfiguring a host to ProxyJump onto itself
https://bugzilla.mindrot.org/show_bug.cgi?id=3057
petoju at gmail.com changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |petoju at gmail.com
--- Comment #1 from petoju at gmail.com ---
*** Bug 3107 has been marked as a duplicate of this bug. ***
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2020-Feb-18 08:53 UTC
[Bug 3057] Fork-bomb when misconfiguring a host to ProxyJump onto itself
https://bugzilla.mindrot.org/show_bug.cgi?id=3057
Darren Tucker <dtucker at dtucker.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |dtucker at dtucker.net
--- Comment #2 from Darren Tucker <dtucker at dtucker.net> ---
Created attachment 3356
--> https://bugzilla.mindrot.org/attachment.cgi?id=3356&action=edit
Detect simple proxyjump loops
We have just committed the follow patch which should address this issue
(at least for the simple case) and will be in the 8.3 release. Thanks
for the report.
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2020-Feb-18 08:53 UTC
[Bug 3057] Fork-bomb when misconfiguring a host to ProxyJump onto itself
https://bugzilla.mindrot.org/show_bug.cgi?id=3057
Darren Tucker <dtucker at dtucker.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |FIXED
Status|NEW |RESOLVED
Blocks| |3117
Referenced Bugs:
https://bugzilla.mindrot.org/show_bug.cgi?id=3117
[Bug 3117] Tracking bug for 8.2 release
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2020-Jul-29 20:05 UTC
[Bug 3057] Fork-bomb when misconfiguring a host to ProxyJump onto itself
https://bugzilla.mindrot.org/show_bug.cgi?id=3057
woodwardj at jaos.org changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |woodwardj at jaos.org
--- Comment #3 from woodwardj at jaos.org ---
Shouldn't this check also verify it is not the same user? I often use
-J <un-privileged-user>@<same host> <privileged-user>@<same
host>.
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2020-Jul-31 03:52 UTC
[Bug 3057] Fork-bomb when misconfiguring a host to ProxyJump onto itself
https://bugzilla.mindrot.org/show_bug.cgi?id=3057 --- Comment #4 from Darren Tucker <dtucker at dtucker.net> --- Created attachment 3436 --> https://bugzilla.mindrot.org/attachment.cgi?id=3436&action=edit Also check jumphost user I hadn't considered that use case but we could do that too. -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2020-Jul-31 03:53 UTC
[Bug 3057] Fork-bomb when misconfiguring a host to ProxyJump onto itself
https://bugzilla.mindrot.org/show_bug.cgi?id=3057
Darren Tucker <dtucker at dtucker.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |djm at mindrot.org
Attachment #3436| |ok?(djm at mindrot.org)
Flags| |
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2020-Jul-31 04:13 UTC
[Bug 3057] Fork-bomb when misconfiguring a host to ProxyJump onto itself
https://bugzilla.mindrot.org/show_bug.cgi?id=3057
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #3436|ok?(djm at mindrot.org) |ok+
Flags| |
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2020-Jul-31 04:20 UTC
[Bug 3057] Fork-bomb when misconfiguring a host to ProxyJump onto itself
https://bugzilla.mindrot.org/show_bug.cgi?id=3057 --- Comment #5 from Darren Tucker <dtucker at dtucker.net> --- Patch applied, thanks. It will be in the 8.4 release. -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2021-Apr-23 05:01 UTC
[Bug 3057] Fork-bomb when misconfiguring a host to ProxyJump onto itself
https://bugzilla.mindrot.org/show_bug.cgi?id=3057
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |CLOSED
--- Comment #6 from Damien Miller <djm at mindrot.org> ---
closing resolved bugs as of 8.6p1 release
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2021-Oct-13 14:40 UTC
[Bug 3057] Fork-bomb when misconfiguring a host to ProxyJump onto itself
https://bugzilla.mindrot.org/show_bug.cgi?id=3057
Ahmed Sayeed <ahmedsayeed1982 at yahoo.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |ahmedsayeed1982 at yahoo.com
--- Comment #7 from Ahmed Sayeed <ahmedsayeed1982 at yahoo.com> ---
$ ../gdb -nx --data-directory=../data-directory
(gdb) set osabi GNU/Linux
http://www.compilatori.com/category/technology/
(gdb) set sysroot /home/simark/build/binutils-gdb/gdb/repo
(gdb) file Foo http://www.acpirateradio.co.uk/category/technology/
Reading symbols from Foo...
(gdb) core-file Foo-core
warning: Can't open file /media/mmcblk0p1/install/usr/bin/Foo during
file-backed mapping note processing
http://www.logoarts.co.uk/category/technology/
warning: Can't open file /lib/libm-2.21.so during file-backed mapping
note processing
warning: Can't open file /lib/libpthread-2.21.so during file-backed
mapping note processing http://www.slipstone.co.uk/category/technology/
warning: Can't open file /lib/libgcc_s.so.1 during file-backed mapping
note processing
warning: Can't open file
/media/mmcblk0p1/install/usr/lib/libstdc++.so.6 during file-backed
mapping note processing http://embermanchester.uk/category/technology/
warning: Can't open file /lib/libc-2.21.so during file-backed mapping
note processing
warning: Can't open file /lib/ld-2.21.so during file-backed mapping
note processing http://connstr.net/category/technology/
[New LWP 29367]
[New LWP 29368] http://joerg.li/category/technology/
warning: Could not load shared library symbols for 5 libraries, e.g.
/lib/libc.so.6.
Use the "info sharedlibrary" command to see the complete listing.
http://www.jopspeech.com/category/technology/
Do you need "set solib-search-path" or "set sysroot"?
warning: Unable to find libthread_db matching inferior's thread
library, thread debugging will not be available.
http://www.wearelondonmade.com/category/technology/
warning: Unable to find libthread_db matching inferior's thread
library, thread debugging will not be available.
https://waytowhatsnext.com/category/shopping/
Core was generated by `./Foo'.
Program terminated with signal SIGABRT, Aborted.
http://www.iu-bloomington.com/category/shopping/
#0 0xb6c3809c in pthread_cond_wait () from
/home/simark/build/binutils-gdb/gdb/repo/lib/libpthread.so.0
https://komiya-dental.com/category/shopping/
[Current thread is 1 (LWP 29367)]
(gdb) bt http://www-look-4.com/category/technology/
/home/simark/src/binutils-gdb/gdb/arm-tdep.c:1551:30: runtime error:
shift exponent 32 is too large for 32-bit type 'unsigned int'
https://www.webb-dev.co.uk/category/shopping/
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
Apparently Analagous Threads
- [Bug 2744] New: ProxyJump causes "Killed by signal 1" to be printed in terminal.
- Host key verification (known_hosts) with ProxyJump/ProxyCommand
- Host key verification (known_hosts) with ProxyJump/ProxyCommand
- [Bug 3163] New: teach ssh-keyscan to use ssh_config (plus options like ProxyJump)
- ProxyJump may construct erroneous ProxyCommand