Bug 2653 - Including files without read access in ssh configuration fails without error
Summary: Including files without read access in ssh configuration fails without error
Status: CLOSED FIXED
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: ssh (show other bugs)
Version: 7.3p1
Hardware: Other Linux
: P5 enhancement
Assignee: Damien Miller
URL:
Keywords:
Depends on:
Blocks: V_7_5
  Show dependency treegraph
 
Reported: 2016-12-27 09:41 AEDT by Jakub Jelen
Modified: 2021-04-23 15:02 AEST (History)
2 users (show)

See Also:

Attachments
proposed patch (1.44 KB, patch)
2016-12-27 09:41 AEDT, Jakub Jelen 		no flags Details | Diff
fatal() on Include errors other than ENOENT (671 bytes, patch)
2017-01-06 14:08 AEDT, Damien Miller 		dtucker: ok+
Details | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jakub Jelen 2016-12-27 09:41:30 AEDT 
Created attachment 2920 [details]
proposed patch

When one is using Include directive in ssh_config and the file is not readable for a user running ssh, it fails without reasonable error message:

    /etc/ssh/ssh_config: terminating, 1 bad configuration options

It is pretty hard to get, especially when the include works on the whole drop-in directory, such as:

    Include /etc/ssh/ssh_config.d/*.conf

Only log level DEBUG3 shows some pointer where does it come from.

    debug3: /etc/ssh/ssh_config line 56: Including file /etc/ssh/ssh_config.d/10-kex.conf depth 0
    /etc/ssh/ssh_config: terminating, 1 bad configuration options

We already ignore failures if the included file does not exist. If it exists and we don't have permissions to read it, we should either get better error or ignore it too (as we already do in case of standard configuration files).

This is not a problem when reading the configuration files directly, because the return value of the call to read_config_file() is ignored in ssh.c (honored only in case of -F switch).

Possible solution to resolve this issue, to report read error, but ignore it from the include files is to introduce new flag (see attached patch, which fixes the problem for me).

This was originally reported as in Red Hat bugzilla [1].

[1] https://bugzilla.redhat.com/show_bug.cgi?id=1408558
Comment 1 Damien Miller 2017-01-06 14:08:07 AEDT 
Created attachment 2928 [details]
fatal() on Include errors other than ENOENT

read_config_file_depth() only ever returns failure on fopen() errors, everything else goes via fatal(), so we can simplify this a bit.
Comment 2 Damien Miller 2017-01-06 14:54:09 AEDT 
appled - thanks
Comment 3 Jakub Jelen 2017-01-06 23:06:11 AEDT 
This does not look right. Trying with the attached patch I am experiencing weird behavior:

[root@f24 openssh]# ssh -vvv localhost
OpenSSH_7.4p1, OpenSSL 1.1.0c-fips  10 Nov 2016
debug1: Reading configuration data /etc/ssh/ssh_config
debug3: /etc/ssh/ssh_config line 56: Including file /etc/ssh/ssh_config.d/01-test.conf depth 0
debug1: Reading configuration data /etc/ssh/ssh_config.d/01-test.conf
Can't open user config file /etc/ssh/ssh_config.d/01-test.conf: Success

This is happening only when the first included file does not include any further files that would set errno to ENOENT. If all the parsing went without any problem, the errno stays zero and the failure as above prevents the execution.
Comment 4 Damien Miller 2017-03-12 10:57:37 AEDT 
This has been fixed for a while. The test now looks like: 

> if (r != 1 && errno != ENOENT) {
Comment 5 Damien Miller 2021-04-23 15:02:24 AEST 
closing resolved bugs as of 8.6p1 release