259 – UsePrivilegeSeparation crashed sshd under Linux 2.2

Bug 259 - UsePrivilegeSeparation crashed sshd under Linux 2.2

Summary: UsePrivilegeSeparation crashed sshd under Linux 2.2

Status:	CLOSED FIXED

Alias:	None

Product:	Portable OpenSSH
Classification:	Unclassified
Component:	sshd (show other bugs)
Version:	-current
Hardware:	ix86 Linux

Importance:	P2 major
Assignee:	OpenSSH Bugzilla mailing list

URL:
Keywords:

Depends on:
Blocks:

Reported:	2002-05-28 21:32 AEST by Mathias Koerber
Modified:	2004-04-14 12:24 AEST (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Mathias Koerber 2002-05-28 21:32:03 AEST

I just upgraded to OpenSSH3.2.3p1 as it seemed that
	UsePrivilegeSeparation yes
might help with my problem (connections forwarded
are owned by root instead of the user I logged in as
on the server), but instead, sshd barfs on receiving
a connection. Without UsePrivilegeSeparation
the server works fine.


# strace -o /tmp/sshd.str sshd -d
debug1: sshd version OpenSSH_3.2.3p1
debug1: private host key: #0 type 0 RSA1
debug1: read PEM private key done: type RSA
debug1: private host key: #1 type 1 RSA
debug1: read PEM private key done: type DSA
debug1: private host key: #2 type 2 DSA
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
Generating 768 bit RSA key.
RSA key generation complete.
debug1: Server will not fork when running in debugging mode.
Connection from 202.42.176.138 port 2483
debug1: Client protocol version 2.0; client software version 3.3.1 SecureCRT
debug1: no match: 3.3.1 SecureCRT
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-1.99-OpenSSH_3.2.3p1
mmap(65536)
debug1: Calling cleanup 0x806a470(0x0)
root@matjes:/usr/local/etc


Here is the tail of the strace:

write(2, "debug1: Client protocol version "..., 78) = 78
write(2, "debug1: no match: 3.3.1 SecureCR"..., 35) = 35
write(2, "Enabling compatibility mode for "..., 46) = 46
write(2, "debug1: Local version string SSH"..., 55) = 55
fcntl(5, F_SETFL, O_RDONLY|O_NONBLOCK)  = 0
socketpair(PF_UNIX, SOCK_STREAM, , 0, [4, 8]) = 0
fcntl(4, F_SETFD, FD_CLOEXEC)           = 0
fcntl(8, F_SETFD, FD_CLOEXEC)           = 0
mmap(0, 65536, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_ANONYMOUS, -1, 0) = -1
EINVAL (Invalid argument)
write(2, "mmap(65536)\r\n", 13)         = 13
write(2, "debug1: Calling cleanup 0x806a47"..., 40) = 40
shutdown(5, 2 /* send and receive */)   = 0
close(5)                                = 0
_exit(255)                              = ?


The kernel is a somewhat older Linux 2.2.13.

regards

Comment 1 Al Smith 2002-06-25 18:09:38 AEST

Linux 2.2 defines MAP_ANON in <bits/mman.h>, however it can seen in
/usr/src/linux/mm/mmap.c (lines 200 onwards) that if MAP_ANON is used
then the system call will return -EINVAL.

The following is a quick hack to get openssh to compile on linux 2.2:

diff -ur openssh-3.3p1-orig/monitor_mm.c openssh-3.3p1/monitor_mm.c
--- openssh-3.3p1-orig/monitor_mm.c     Fri Jun  7 03:57:25 2002
+++ openssh-3.3p1/monitor_mm.c  Tue Jun 25 10:06:06 2002
@@ -84,6 +84,7 @@
         */
        mm->mmalloc = mmalloc;
 
+#undef MAP_ANON
 #if  defined(HAVE_MMAP) && defined(MAP_ANON)
        address = mmap(NULL, size, PROT_WRITE|PROT_READ, MAP_ANON|MAP_SHARED,
            -1, 0);
diff -ur openssh-3.3p1-orig/servconf.c openssh-3.3p1/servconf.c
--- openssh-3.3p1-orig/servconf.c       Fri Jun 21 08:20:44 2002
+++ openssh-3.3p1/servconf.c    Tue Jun 25 10:06:02 2002
@@ -257,6 +257,7 @@
        if (use_privsep == -1)
                use_privsep = 1;
 
+#undef MAP_ANON
 #if !defined(HAVE_MMAP) || !defined(MAP_ANON)
        if (use_privsep && options->compression == 1) {
                error("This platform does not support both privilege "

Comment 2 Ben Lindstrom 2002-07-18 07:04:12 AEST

Fixed in CVS tree.

Comment 3 Damien Miller 2004-04-14 12:24:18 AEST

Mass change of RESOLVED bugs to CLOSED