search for: privsep_preauth

...drot.org/attachment.cgi?id=2368&action=edit A patch which seems to solve this problem. I got "sshd[$pid]: fatal: fork of unprivileged child failed" in /var/log/secure but the connection with ssh client remained. I examined the cause and found that this problem happens when fork() in privsep_preauth()/privsep_postauth() fails. You can easily reproduce this problem by replacing fork() in privsep_preauth()/privsep_postauth() with -1. I don't know what is the right fix, but at least forcibly closing all sockets before exit() seems to solve this problem. I'm using RHEL 6.4's openssh-...

Hello, This bug exists in 5.0p1. I apologize that I couldn't test against HEAD. I _believe_ I have found a race condition in sshd. In the v2 protocol, after a connection, the accepting process forks in privsep_preauth(). The parent executes monitor_child_preauth() to allow certain privsep requests necessary for authentication. The unprivileged child runs do_ssh2_kex() followed by do_authentication2(). I am working on a new KEX algorithm whose primary feature is performance. It is fast enough that do_authent...

...: socketpair: %s") at ../../../../../../src/crypto/openssh/fatal.c:42 #2 0x08065779 in monitor_openfds (mon=0x80eb5c0, do_logfds=1) at ../../../../../../src/crypto/openssh/monitor.c:1877 #3 0x080658ee in monitor_init () at ../../../../../../src/crypto/openssh/monitor.c:1903 #4 0x080507fd in privsep_preauth (authctxt=0x0) at ../../../../../../src/crypto/openssh/sshd.c:669 #5 0x08051f72 in main (ac=903248, av=0xc811cc00) at ../../../../../../src/crypto/openssh/sshd.c:2014 Here the pmonitor is NULL inside "privsep_preauth", which calls "monitor_init". "monitor_init" allo...

...ange our root directory and drop privileges */ + if (chroot(".") < 0) + fatal("chroot(): %s\n", strerror(errno)); debug3("privsep user:group %u:%u", (u_int)pw->pw_uid, (u_int)pw->pw_gid); do_setusercontext(pw); @@ -561,6 +556,7 @@ static Authctxt* privsep_preauth(void) { + char emptydir[] = "/var/tmp/sshd.XXXXXXXXXX"; Authctxt *authctxt = NULL; int status; pid_t pid; @@ -570,12 +566,31 @@ /* Store a pointer to the kex for later rekeying */ pmonitor->m_pkex = &xxx_kex; + /* + * We create a safe environment for the child by crea...

...rocess call stack In the `sshd.c` file, the `grace_alarm_handler()` signal handling function calls `sigdie()`, which in turn calls `sshsigdie()`, and within this call, functions such as `shlogv()`, `do_log()`, `{openlog(), syslog(), closelog()}` are invoked. Similarly, within the main thread, the `privsep_preauth()` function calls `monitor_child_preauth()`, which then calls `auth_log()`, and this also results in calls to `{openlog(), syslog(), closelog()}`. Since these functions are not async-signal-safe and they utilize a global lock named `syslog_lock`, this can lead to a recursive deadlock (AA lock). As...

...;XXXXXXXX") at auth-passwd.c:140 #2 0x380fc in mm_answer_authpassword (socket=9, m=0xffbeef28) at monitor.c:608 #3 0x376c4 in monitor_read (pmonitor=0x8bec0, ent=0x84150, pent=0xffbeefbc) at monitor.c:371 #4 0x37244 in monitor_child_preauth (pmonitor=0x8bec0) at monitor.c:280 #5 0x1aaac in privsep_preauth () at sshd.c:603 #6 0x1d45c in main (ac=3, av=0xffbefaac) at sshd.c:1497 At first, I simply tried to add the stock Kerberos prompter to krb5_get_init_creds_password: problem = krb5_get_init_creds_password(authctxt->krb5_ctx, &creds, authctxt->krb5_user, (char *)password, krb5_...

..., u_int *, u_char *, u_int); Index: sshd.c =================================================================== RCS file: /var/cvs/openssh/sshd.c,v retrieving revision 1.404 diff -u -p -r1.404 sshd.c --- sshd.c 5 May 2011 04:15:09 -0000 1.404 +++ sshd.c 2 Jun 2011 03:58:14 -0000 @@ -636,10 +636,8 @@ privsep_preauth(Authctxt *authctxt) } else if (pid != 0) { debug2("Network child is on pid %ld", (long)pid); - close(pmonitor->m_recvfd); pmonitor->m_pid = pid; monitor_child_preauth(authctxt, pmonitor); - close(pmonitor->m_sendfd); /* Sync memory */ monitor_sync(pmonitor)...

...gidset[2]; + + gidset[0] = pw->pw_gid; + if (setgid(pw->pw_gid) < 0) + fatal("setgid failed for %u", pw->pw_gid ); + if (setgroups(1, gidset) < 0) + fatal("setgroups: %.100s", strerror(errno)); + permanently_set_uid(pw); + } +#endif } static Authctxt* privsep_preauth(void) { Authctxt *authctxt = NULL; int status; pid_t pid; /* Set up unprivileged child process to deal with network data */ --- session.c.orig Tue Jun 25 13:28:07 2002 +++ session.c Tue Jun 25 13:33:16 2002 @@ -1154,22 +1154,26 @@ { #ifdef HAVE_CYGWIN if (is_winnt) { #else /* HAVE_C...

...rm: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: unassigned-bugs at mindrot.org ReportedBy: godji at 300penguins.org In the v2 protocol, after a connection, the accepting process forks in privsep_preauth(). The parent executes monitor_child_preauth() to allow certain privsep requests necessary for authentication. The unprivileged child runs do_ssh2_kex() followed by do_authentication2(). If KEX is fast enough, do_authentication2() runs before the monitor has a chance to permit the necessary reque...

...p -r1.405 sshd.c --- sshd.c 20 Jun 2011 04:42:23 -0000 1.405 +++ sshd.c 22 Jun 2011 09:17:44 -0000 @@ -118,6 +118,7 @@ #endif #include "monitor_wrap.h" #include "roaming.h" +#include "sandbox.h" #include "version.h" #ifdef LIBWRAP @@ -624,18 +625,23 @@ privsep_preauth(Authctxt *authctxt) { int status; pid_t pid; + struct ssh_sandbox *box = NULL; /* Set up unprivileged child process to deal with network data */ pmonitor = monitor_init(); /* Store a pointer to the kex for later rekeying */ pmonitor->m_pkex = &xxx_kex; + if (use_privsep == P...

Hello, I pulled the latest from cvs today and ran several tests and added more options to the CFLAGS in the Makefile. To start with, I ran valgrind against sshd & it comes up with this: ==24959== 112 bytes in 1 blocks are definitely lost in loss record 297 of 310 ==24959== at 0x40164650: malloc (vg_clientfuncs.c:100) ==24959== by 0x807A0D1: compat_init_setproctitle (setproctitle.c:236)

...key; /* ephemeral server key */ Key *ssh1_host_key; /* ssh1 host key */ Key **host_keys; /* all private host keys */ + Key **host_pubkeys; /* all public host keys */ Key **host_certificates; /* all public host certificates */ int have_ssh1_key; int have_ssh2_key; @@ -652,11 +657,18 @@ privsep_preauth(Authctxt *authctxt) } else if (pid != 0) { debug2("Network child is on pid %ld", (long)pid); + auth_conn = ssh_get_authentication_connection(); + pmonitor->m_pid = pid; if (box != NULL) ssh_sandbox_parent_preauth(box, pid); monitor_child_preauth(authctxt, pmonitor)...

...tor_wrap.c:110 #11 0x0001c290 in monitor_read (pmonitor=0x403540, ent=0x633c4, pent=0xbffff030) at /tmp/OpenSSH.roots/OpenSSH/openssh/monitor.c:446 #12 0x0001bda8 in monitor_child_preauth (_authctxt=0x4034e0, pmonitor=0x403540) at /tmp/OpenSSH.roots/OpenSSH/openssh/monitor.c:343 #13 0x000039dc in privsep_preauth (authctxt=0x4034e0) at /tmp/OpenSSH.roots/OpenSSH/openssh/sshd.c:607 #14 0x000061c0 in main (ac=3, av=0x400f10) at /tmp/OpenSSH.roots/OpenSSH/openssh/sshd.c:1544 (gdb) info threads 2 process 26589 thread 0x1103 0x90013bcc in read () * 1 process 26589 thread 0x203 0x9002cf88 in semaphore_wait...

...=192.168.131.254 Connection from 192.168.131.254 port 57218 ?before signal ?before sshd_exchange_identificationsock_in=6, sock_out=6 ?after sshd_exchange_identificationsock_in=6, sock_out=6 ?after packet_set_nonblocking in buffer_init ?after buffer_init ?before use_privsep=0',use_privsep before privsep_preauth in authctxt_new in buffer_init ?authenticate user and start session ?in do_ssh2_kex ?compat_cipher_proposal ?compat_cipher_proposal ?in list_hostkey_types in buffer_init in buffer_len ?in key_ssh_name ?in KEY_RSA in buffer_append in buffer_append_space in buffer_len in buffer_append in buffer_appen...

...=192.168.131.254 Connection from 192.168.131.254 port 57218 before signal before sshd_exchange_identificationsock_in=6, sock_out=6 after sshd_exchange_identificationsock_in=6, sock_out=6 after packet_set_nonblocking in buffer_init after buffer_init before use_privsep=0',use_privsep before privsep_preauth in authctxt_new in buffer_init authenticate user and start session in do_ssh2_kex compat_cipher_proposal compat_cipher_proposal in list_hostkey_types in buffer_init in buffer_len in key_ssh_name in KEY_RSA in buffer_append in buffer_append_space in buffer_len in buffer_append in buffer_appen...

...ter in this file. */ void destroy_sensitive_data(void); void demote_sensitive_data(void); @@ -1500,6 +1503,9 @@ #endif /* AFS */ packet_set_nonblocking(); + + /* prepare buffers to collect authentication messages */ + buffer_init(&loginmsg); if (use_privsep) if ((authctxt = privsep_preauth()) != NULL) Index: openbsd-compat/port-aix.c =================================================================== RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/openbsd-compat/port-aix.c,v retrieving revision 1.10 diff -u -r1.10 port-aix.c --- openbsd-compat/port-aix.c 3 Jun 2003 02:45:27...

Hi, I am happy to (re)send a set of patches for compiling OpenSSH 4.7p1 with FIPS 140-2 OpenSSL. These are based on previously reported patches by Steve Marquess <marquess at ieee.org> and Ben Laurie <ben at algroup.co.uk>, for ver. OpenSSH 3.8. Note that these patches are NOT OFFICIAL, and MAY be used freely by anyone. Issues [partially] handled: SSL FIPS Self test. RC4,

https://bugzilla.mindrot.org/show_bug.cgi?id=1974 Zev Weiss <zev at bewilderbeest.net> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |zev at bewilderbeest.net Attachment #2125|0 |1 is obsolete|

...g; /* Prototypes for various functions defined later in this file. */ void destroy_sensitive_data(void); @@ -1506,6 +1507,7 @@ /* prepare buffers to collect authentication messages */ buffer_init(&loginmsg); + buffer_init(&expiremsg); if (use_privsep) if ((authctxt = privsep_preauth()) != NULL)

...g; /* Prototypes for various functions defined later in this file. */ void destroy_sensitive_data(void); @@ -1495,6 +1496,7 @@ /* prepare buffers to collect authentication messages */ buffer_init(&loginmsg); + buffer_init(&expiremsg); if (use_privsep) if ((authctxt = privsep_preauth()) != NULL)