Bug 745

Summary: agent-ptrace.sh fails
Product: Portable OpenSSH Reporter: Martin Mokrejs <mmokrejs>
Component: Build systemAssignee: OpenSSH Bugzilla mailing list <openssh-bugs>
Status: CLOSED FIXED    
Severity: normal    
Priority: P2    
Version: -current   
Hardware: All   
OS: OSF/1   
Attachments:
Description Flags
Set sgid bit on ssh-agent and fix agent test
none
Set sgid bit on ssh-agent and fix agent test (minus bogus sshd_config changes) none

Description Martin Mokrejs 2003-10-17 21:35:39 AEST 
This is a minor bug I believe. I get in 3.7.1p2:

run test agent-ptrace.sh ...
ptrace succeeded?: exit code 1
failed disallow agent ptrace attach
make[1]: *** [t-exec] Error 1
make[1]: Leaving directory `/usr/local/scratch/openssh-3.7.1p2/regress'
make: *** [tests] Error 2
serow# ptrace
bash: ptrace: command not found
serow# 

I believe the test failed because the command does not exist on osf1.
You might use /usr/opt/svr4/bin/truss on this platform, if user has installed
the package(shown default location).
Comment 1 Darren Tucker 2003-10-18 11:16:19 AEST 
The test uses gdb to attach to a running agent.  ssh-agent on OpenBSD can 
prevent this but not many (any?) other platforms have this capability.

Please tell me what "uname" reports on your system and I'll add it to the list 
of systems that skip this test.

Actually, does anyone know any platforms apart from OpenBSD support this?  Maybe 
we should only run it on the platform(s) that it's know to work on?
Comment 2 Damien Miller 2003-10-18 15:05:43 AEST 
I thought that disallow ptrace after set[ug]ig was fairly common. Linux does it,
in any case.
Comment 3 Darren Tucker 2003-10-18 16:04:54 AEST 
Are you sure about Linux?  It's on my "skip" list and the test fails on RH8 
here when told not to skip:

$ PATH=`pwd`:$PATH SUDO=sudo sh ../regress/test-exec.sh `pwd` ../regress/agent-
ptrace.sh
ptrace succeeded?: exit code 1
failed disallow agent ptrace attach
Comment 4 Damien Miller 2003-10-18 18:36:32 AEST 
Is the ssh-agent sgid? It needs to be for the ptrace defeat code to work.
Comment 5 Darren Tucker 2003-10-18 19:26:57 AEST 
Created attachment 485 [details]
Set sgid bit on ssh-agent and fix agent test

No, there's nothing in the current regression tests to set the sgid bit on the
agent.	Martin, can you please try this patch?	It'll either make ssh-agent
sgid root (if SUDO is set) or skip the test.
Comment 6 Darren Tucker 2003-10-18 19:29:37 AEST 
Created attachment 486 [details]
Set sgid bit on ssh-agent and fix agent test (minus bogus sshd_config changes)

Oops, didn't mean to have those changes to the config files.
Comment 7 Martin Mokrejs 2003-10-20 20:46:13 AEST 
uname reports "OSF1" string.
Comment 8 Martin Mokrejs 2003-10-20 21:45:57 AEST 
With your patch I get:

run test agent-ptrace.sh ...
skipped (SUDO not set)

and tests happily continue
Comment 9 Darren Tucker 2003-10-21 22:30:25 AEST 
Patch applied, thanks for the report.

The regression tests normally run as a normal user, running with:
$ SUDO=sudo make tests
will run the appropriate parts as root (assuming you have sudo and it's
correctly configured, that is.)
Comment 10 Damien Miller 2004-04-14 12:24:19 AEST 
Mass change of RESOLVED bugs to CLOSED