On 12/14/2016 02:22 AM, The Doctor wrote:> run test forwarding.sh ... > failed copy of /bin/ls > cmp: EOF on /usr/source/openssh-SNAP-20161214/regress/copy > corrupted copy of /bin/ls > Exit request sent. > failed local and remote forwarding > *** Error code 1 > > Stop. > make[1]: stopped in /usr/source/openssh-SNAP-20161214/regress > *** Error code 1 > > Stop. > make: stopped in /usr/source/openssh-SNAP-20161214I see very similar failures with vanilla openssh snapshot on Fedora 25. Should be quite fairly reproducible: # tar -xf openssh-SNAP-20161214.tar.gz && cd openssh && ./configure && make tests [...] test connection multiplexing: forward cmp: EOF on /root/openssh/regress/copy ssh: corrupted copy of /root/openssh/regress/data /root/openssh/regress/multiplex.sh: line 96: 18570 Terminated $NC -N -Ul $OBJ/unix-1.fwd < ${DATA} > /dev/null [...] request remote forward failed connect to remote forwarded path failed test connection multiplexing: cmd exit test connection multiplexing: cmd stop failed connection multiplexing Makefile:198: recipe for target 't-exec' failed make[1]: *** [t-exec] Error 1 make[1]: Leaving directory '/root/openssh/regress' Makefile:568: recipe for target 'tests' failed make: *** [tests] Error 2 I will have a look into that if I will have a minute today. -- Jakub Jelen Software Engineer Security Technologies Red Hat
On Wed, Dec 14, 2016 at 10:09:52AM +0100, Jakub Jelen wrote:> On 12/14/2016 02:22 AM, The Doctor wrote: > > run test forwarding.sh ... > > failed copy of /bin/ls > > cmp: EOF on /usr/source/openssh-SNAP-20161214/regress/copy > > corrupted copy of /bin/ls > > Exit request sent. > > failed local and remote forwarding > > *** Error code 1 > > > > Stop. > > make[1]: stopped in /usr/source/openssh-SNAP-20161214/regress > > *** Error code 1 > > > > Stop. > > make: stopped in /usr/source/openssh-SNAP-20161214 > I see very similar failures with vanilla openssh snapshot on Fedora 25. > Should be quite fairly reproducible: > > # tar -xf openssh-SNAP-20161214.tar.gz && cd openssh && ./configure && > make tests > [...] > test connection multiplexing: forward > cmp: EOF on /root/openssh/regress/copy > ssh: corrupted copy of /root/openssh/regress/data > /root/openssh/regress/multiplex.sh: line 96: 18570 > Terminated $NC -N -Ul $OBJ/unix-1.fwd < ${DATA} > /dev/null > [...] > request remote forward failed > connect to remote forwarded path failed > test connection multiplexing: cmd exit > test connection multiplexing: cmd stop > failed connection multiplexing > Makefile:198: recipe for target 't-exec' failed > make[1]: *** [t-exec] Error 1 > make[1]: Leaving directory '/root/openssh/regress' > Makefile:568: recipe for target 'tests' failed > make: *** [tests] Error 2 > > I will have a look into that if I will have a minute today. >Isn't Fedora 25 in beta?> -- > Jakub Jelen > Software Engineer > Security Technologies > Red Hat >-- Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! http://www.fullyfollow.me/rootnl2k Look at Psalms 14 and 53 on Atheism Merry Christmas 2016 and Happy New Year 2017
On 12/14/2016 04:05 PM, The Doctor wrote:> Isn't Fedora 25 in beta?Nope, Fedora 25 was released three weeks ago [1] [1] https://fedoraproject.org/wiki/Releases/25/Schedule -- Jakub Jelen Software Engineer Security Technologies Red Hat
On 12/14/2016 10:09 AM, Jakub Jelen wrote:> On 12/14/2016 02:22 AM, The Doctor wrote: >> run test forwarding.sh ... >> failed copy of /bin/ls >> cmp: EOF on /usr/source/openssh-SNAP-20161214/regress/copy >> corrupted copy of /bin/ls >> Exit request sent. >> failed local and remote forwarding >> *** Error code 1 >> >> Stop. >> make[1]: stopped in /usr/source/openssh-SNAP-20161214/regress >> *** Error code 1 >> >> Stop. >> make: stopped in /usr/source/openssh-SNAP-20161214 > I see very similar failures with vanilla openssh snapshot on Fedora > 25. Should be quite fairly reproducible: > > # tar -xf openssh-SNAP-20161214.tar.gz && cd openssh && ./configure && > make tests > [...] > test connection multiplexing: forward > cmp: EOF on /root/openssh/regress/copy > ssh: corrupted copy of /root/openssh/regress/data > /root/openssh/regress/multiplex.sh: line 96: 18570 > Terminated $NC -N -Ul $OBJ/unix-1.fwd < ${DATA} > /dev/null > [...] > request remote forward failed > connect to remote forwarded path failed > test connection multiplexing: cmd exit > test connection multiplexing: cmd stop > failed connection multiplexing > Makefile:198: recipe for target 't-exec' failed > make[1]: *** [t-exec] Error 1 > make[1]: Leaving directory '/root/openssh/regress' > Makefile:568: recipe for target 'tests' failed > make: *** [tests] Error 2 > > I will have a look into that if I will have a minute today.Further investigation so far showed, that the multiplex is failing to create the remote port forward socket: mux_client_forward: forwarding request failed: remote port forwarding failed for listen path /root/openssh/regress/unix-3.fwd I see the same results with RHEL7, with different user, and also with the openssh-SNAP-20161220.tar.gz. I will see tomorrow. Regards, -- Jakub Jelen Software Engineer Security Technologies Red Hat
On 12/19/2016 06:10 PM, Jakub Jelen wrote:> On 12/14/2016 10:09 AM, Jakub Jelen wrote: >> On 12/14/2016 02:22 AM, The Doctor wrote: >>> run test forwarding.sh ... >>> failed copy of /bin/ls >>> cmp: EOF on /usr/source/openssh-SNAP-20161214/regress/copy >>> corrupted copy of /bin/ls >>> Exit request sent. >>> failed local and remote forwarding >>> *** Error code 1 >>> >>> Stop. >>> make[1]: stopped in /usr/source/openssh-SNAP-20161214/regress >>> *** Error code 1 >>> >>> Stop. >>> make: stopped in /usr/source/openssh-SNAP-20161214 >> I see very similar failures with vanilla openssh snapshot on Fedora >> 25. Should be quite fairly reproducible: >> >> # tar -xf openssh-SNAP-20161214.tar.gz && cd openssh && ./configure >> && make tests >> [...] >> test connection multiplexing: forward >> cmp: EOF on /root/openssh/regress/copy >> ssh: corrupted copy of /root/openssh/regress/data >> /root/openssh/regress/multiplex.sh: line 96: 18570 >> Terminated $NC -N -Ul $OBJ/unix-1.fwd < ${DATA} > /dev/null >> [...] >> request remote forward failed >> connect to remote forwarded path failed >> test connection multiplexing: cmd exit >> test connection multiplexing: cmd stop >> failed connection multiplexing >> Makefile:198: recipe for target 't-exec' failed >> make[1]: *** [t-exec] Error 1 >> make[1]: Leaving directory '/root/openssh/regress' >> Makefile:568: recipe for target 'tests' failed >> make: *** [tests] Error 2 >> >> I will have a look into that if I will have a minute today. > Further investigation so far showed, that the multiplex is failing to > create the remote port forward socket: > > mux_client_forward: forwarding request failed: remote port forwarding > failed for listen path /root/openssh/regress/unix-3.fwdThis is obviously related to the commit (fix for CVE-2016-10010): https://github.com/openssh/openssh-portable/commit/b737e4 preventing running the multiplex.sh test (remote port forwarding is failing) with root permissions (stops using privilege separation at https://github.com/openssh/openssh-portable/blob/master/sshd.c#L640 Regards, -- Jakub Jelen Software Engineer Security Technologies Red Hat