Bug 2831

Summary: ProxyJump self-exec construction ignores path-to-self, exec's wrong ssh
Product: Portable OpenSSH Reporter: Phil Pennock <phil.pennock>
Component: sshAssignee: Damien Miller <djm>
Status: CLOSED FIXED    
Severity: normal CC: djm, dtucker, phil.pennock
Priority: P5    
Version: 7.6p1   
Hardware: All   
OS: All   
Bug Depends on:    
Bug Blocks: 2852    
Attachments:
Description Flags
Prefer to use argv[0] for ProxyJump ssh binary dtucker: ok+

Description Phil Pennock 2018-02-13 09:20:48 AEDT 
On a system with an older release in /usr/bin and current OpenSSH in /usr/local/bin, but for $reasons keeping /usr/bin first in the $PATH, having "ssh" exec itself using "ssh" as argv[0] will execute the wrong SSH.  That's what ProxyJump does.

Encountered via: git using core.sshCommand as a setting, and a config file using ProxyJump.  The child ssh will complain about the invalid configuration directive.


Since config can be read by "sftp" etc, I suspect that one fix is to look for a path separator in "our" argv[0] and if found, then replace the last component with "ssh" and use the result as the new process' argv[0], otherwise fall back to "ssh".
Comment 1 Damien Miller 2018-05-25 17:06:35 AEST 
Created attachment 3157 [details]
Prefer to use argv[0] for ProxyJump ssh binary
Comment 2 Phil Pennock 2018-05-26 12:14:21 AEST 
By inspection, that will break sftp because argv[0] will refer to sftp and the ProxyJump will then try to execute sftp for the proxy connection.

(Thanks for looking at this!)
Comment 3 Damien Miller 2018-05-27 12:12:47 AEST 
I don't follow - sftp exec()s ssh with argv[0] as /usr/sbin/ssh not sftp.
Comment 4 Phil Pennock 2018-05-28 15:37:30 AEST 
Sorry.  I was going from recollection that there was a scenario where something parsed an ssh_config(5) file with argv[0] not ending "/ssh".  Looking again now, I only see ssh-keysign(1) doing so, and ProxyJump clearly doesn't apply to that.

My mistake. Shutting up now.
Comment 5 Damien Miller 2018-06-01 13:12:10 AEST 
Fix applied - this will be in OpenSSH 7.8
Comment 6 Damien Miller 2018-10-19 17:17:31 AEDT 
Close RESOLVED bugs with the release of openssh-8.0