Bladt Norbert
2000-May-12 13:42 UTC
Patch: OpenSSH 2.1.0 under Solaris 8, Solaris 7 and other systems , too
Hi ! Karsten Thygesen wrote:>>>>> "carl" == carl <carl at bl.echidna.id.au> writes:> carl> Marc, I'm seeing the same problem if I use the inbuilt entropy > carl> generator, but if I use SUNWski's /dev/random, it's fine.> carl> ssh also coredumps if I use the built in entropy generator if I > carl> run it in verbose mode.> carl> This is on a Sun SPARC 10 running Solaris 8> The same goes for Solaris-7. I also switched to SUNWski and it works > just fine.I found some time debugging the problem with using the built-in entropy generator in openssh-2.1.0. In the current condition, it should crash on every reasonable (?) system. The problem is in entropy.c in a debug call with a string argument (%s) of 0, if the command in ssh_prng_commands has no arg. Interesting enough, there is a "#if 1" in front of the offending statement and there is a note "FIXME: turn this off later", too. Why turn it off, it should work now and is a useful information in debug mode. Patch is following here - it works for me and my ssh_prng_cmds, YMMV: *** entropy.c.orig Tue May 2 01:56:41 2000 --- entropy.c Fri May 12 15:25:57 2000 *************** *** 225,233 **** --- 225,238 ---- } else { /* FIXME: turn this off later */ #if 1 + if (entropy_sources[c].args[2] != 0) debug("Command '%s %s %s' disabled (badness %d)", entropy_sources[c].path, entropy_sources[c].args[1], entropy_sources[c].args[2], entropy_sources[c].badness); + else + debug("Command '%s %s' disabled (badness %d)", + entropy_sources[c].path, entropy_sources[c].args[1], + entropy_sources[c].badness); #endif if (entropy_sources[c].badness > 0) -- Norbert Bladt ATAG debis Informatik, TZ1 - Z364 Industriestrasse 1, CH 3052-Zollikofen E-Mail: norbert.bladt at adi.ch Tel.: +41 31 915 3964 Fax: +41 31 915 3640
Andre Lucas
2000-May-12 14:36 UTC
Patch: OpenSSH 2.1.0 under Solaris 8, Solaris 7 and other systems, too
Well spotted. Doh. I think an even better way to fix this would be to save the string as parsed from ssh_prng_cmds in the command's entropy_source_t, and print that in debug messages. It's a tiny amount of memory for what is, as you say, useful debugging info. So useful, in fact, that the bug occurred when I added the second parameter to Damien's prng code, likely as a temporary measure, and left it in... -Andre Bladt Norbert wrote:> > Hi ! > > Karsten Thygesen wrote: > >>>>> "carl" == carl <carl at bl.echidna.id.au> writes: > > > carl> Marc, I'm seeing the same problem if I use the inbuilt entropy > > carl> generator, but if I use SUNWski's /dev/random, it's fine. > > > carl> ssh also coredumps if I use the built in entropy generator if I > > carl> run it in verbose mode. > > > carl> This is on a Sun SPARC 10 running Solaris 8 > > > The same goes for Solaris-7. I also switched to SUNWski and it works > > just fine. > > I found some time debugging the problem with using the built-in entropy > generator in openssh-2.1.0. In the current condition, it should crash on > every reasonable (?) system. > > The problem is in entropy.c in a debug call with a string argument > (%s) of 0, if the command in ssh_prng_commands has no arg. > Interesting enough, there is a "#if 1" in front of the offending > statement and there is a note "FIXME: turn this off later", too. > Why turn it off, it should work now and is a useful information > in debug mode. > > Patch is following here - it works for me and my ssh_prng_cmds, YMMV: > > *** entropy.c.orig Tue May 2 01:56:41 2000 > --- entropy.c Fri May 12 15:25:57 2000 > *************** > *** 225,233 **** > --- 225,238 ---- > } else { > /* FIXME: turn this off later */ > #if 1 > + if (entropy_sources[c].args[2] != 0) > debug("Command '%s %s %s' disabled (badness > %d)", > entropy_sources[c].path, > entropy_sources[c].args[1], > entropy_sources[c].args[2], > entropy_sources[c].badness); > + else > + debug("Command '%s %s' disabled (badness > %d)", > + entropy_sources[c].path, > entropy_sources[c].args[1], > + entropy_sources[c].badness); > #endif > > if (entropy_sources[c].badness > 0) > > -- > Norbert Bladt > ATAG debis Informatik, TZ1 - Z364 > Industriestrasse 1, CH 3052-Zollikofen > E-Mail: norbert.bladt at adi.ch Tel.: +41 31 915 3964 Fax: +41 31 915 3640
Possibly Parallel Threads
- Solved: on Solaris, "couldn't wait for child '...' completion: No child processes"
- Patch: OpenSSH 2.1.0 under Solaris 8, Solaris 7 and other sys tems, too
- OpenSSH on Reliant UNIX
- Rhosts-RSA authentication broken
- X11-Forwarding for Reliant UNIX (formerly SINIX)