According to SSH File Transfer Protocol draft-ietf-secsh-filexfer-13 the usage of stderr may not harm the transfer. The chapter 3.1 says: "Data sent on stderr by the server SHOULD be considered free format debug or supplemental error information, and MAY be displayed to the user." Actually any try to write to stderr causes immediate server hangup. The test case is use bash as the login shell of the user and add line echo "Hello" >&2 into ~/.bashrc In the openssh with session.c before version 1.237 it works, later it hangs.
When you say "session.c before version 1.237" do you mean that 1.237 is affected? Also, are you using the version from portable OpenSSH CVS or from OpenBSD CVS?
(In reply to comment #1) > When you say "session.c before version 1.237" do you mean that 1.237 is > affected? yes all versions from 1.237 are affected, all older aren't Also, are you using the version from portable OpenSSH CVS or > from OpenBSD CVS? portable openssh. The problem is in this chunk of the patch: @@ -507,6 +507,10 @@ */ if (compat20) { session_set_fds(s, inout[1], inout[1], s->is_subsystem ? -1 : err[1]); + /* close err[1] to not leak the socket if this inside a subsystem */ + if (s->is_subsystem) { + close(err[1]); + } } else { server_loop(pid, inout[1], inout[1], err[1]); /* server_loop has closed inout[1] and err[1]. */ and another one for pipes also. the stderr is closed and any attempt to write to it causes the hang.
Created attachment 1840 [details] session-subsys-stderr-devnull.diff set stderr to /dev/null for subsystems
This should fix it.
patch applied - will be in 5.6. Thanks!
This solutions is not 100% correct because breaks the chroot environment with internal-sftp. Typical setup: subsystem sftp internal-sftp match group sftponly chroot directory /home/%u x11forwarding no allowtcpforwarding no forcecommand internal-sftp the /home/%u directories are root owned with some subdirs owned by an user, but there should not be the copy of dev directory inside. The patch wants to have at least /dev/null inside the chroot.
The possible sollution is to open /dev/null before chroot.
Created attachment 1884 [details] /home/djm/sshd-ignore-subsys-stderr.diff Ignore stderr from subsystems in channels code (warning: completely untested diff)
Seems to be working for me, thx.
Created attachment 1885 [details] /home/djm/sshd-ignore-subsys-stderr.diff improved patch
patch applied - will be in 5.6. Thanks.
*** Bug 1755 has been marked as a duplicate of this bug. ***
Move resolved bugs to CLOSED after 5.7 release