bugzilla-daemon at mindrot.org
2003-Apr-19 06:26 UTC
[Bug 544] sshd w/privsep fails on Linux 2.0, mm_receive_fd: expected type 1 got 1074276337
http://bugzilla.mindrot.org/show_bug.cgi?id=544 Summary: sshd w/privsep fails on Linux 2.0, mm_receive_fd: expected type 1 got 1074276337 Product: Portable OpenSSH Version: -current Platform: ix86 OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-unix-dev at mindrot.org ReportedBy: dtucker at zip.com.au I'm attempting to reproduce some of the reported bugs on early Linuxes and I've found the following problem with privsep enabled (Debian slink, kernel 2.0.38, libc6 2.0.7). It seems to be related to file descriptor passing. $ ./sshd -ddd -p 2022 [snip] debug3: mm_answer_pty entering debug1: session_new: init debug1: session_new: session 0 debug3: mm_pty_allocate: waiting for MONITOR_ANS_PTY debug3: mm_request_receive_expect entering: type 26 debug3: mm_request_receive entering debug3: mm_request_send entering: type 26 mm_receive_fd: expected type 1 got 1074276337 It seems to be a bug in 2.0 kernels, cmsg_level and cmsg_type returned by recvmsg() make no sense. I built a test program (which I will attach) from code from monitor_fdpass.c. After the fd pass, a 2.0.38 kernel gives: (gdb) print *cmsg $1 = {cmsg_len = 16, cmsg_level = 134514016, cmsg_type = -1073742828, __cmsg_data = 0xbffffc08 "\005"} A 2.4.18 kernel gives: (gdb) print *cmsg $1 = {cmsg_len = 16, cmsg_level = 1, cmsg_type = 1, __cmsg_data = 0xbffff5fc "\a"} If you comment out the "if (cmsg->cmsg_type != SCM_RIGHTS)" test in mm_receive_fd(), privsep seems to work OK on 2.0 kernels. I will reduce the test program to an autoconf test, add "#ifndef BROKEN_CMSG_TYPE" and attach the resulting patch. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-Apr-19 06:33 UTC
[Bug 544] sshd w/privsep fails on Linux 2.0, mm_receive_fd: expected type 1 got 1074276337
http://bugzilla.mindrot.org/show_bug.cgi?id=544 ------- Additional Comments From dtucker at zip.com.au 2003-04-19 16:33 ------- Created an attachment (id=271) --> (http://bugzilla.mindrot.org/attachment.cgi?id=271&action=view) fdpasstest.c: test for descriptor-passing bug on Linux 2.0 Quick hacked-together test for fd passing bug. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-Apr-20 12:34 UTC
[Bug 544] sshd w/privsep fails on Linux 2.0, mm_receive_fd: expected type 1 got 1074276337
http://bugzilla.mindrot.org/show_bug.cgi?id=544 ------- Additional Comments From dtucker at zip.com.au 2003-04-20 22:34 ------- Created an attachment (id=272) --> (http://bugzilla.mindrot.org/attachment.cgi?id=272&action=view) Define BROKEN_CMSG_TYPE for Linux 2.0 kernels I couldn't get the test case to work with compiler optimization on (ie the default CFLAGS). Not sure why. Gave up and added a test for Linux 2.0 in configure.ac. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-Apr-20 12:34 UTC
[Bug 544] sshd w/privsep fails on Linux 2.0, mm_receive_fd: expected type 1 got 1074276337
http://bugzilla.mindrot.org/show_bug.cgi?id=544 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED Keywords| |patch ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-May-02 10:52 UTC
[Bug 544] sshd w/privsep fails on Linux 2.0, mm_receive_fd: expected type 1 got 1074276337
http://bugzilla.mindrot.org/show_bug.cgi?id=544 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |FIXED ------- Additional Comments From dtucker at zip.com.au 2003-05-02 20:52 ------- Fix applied. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.