NetBSD Problem Report #51070
From stix@stix.id.au Fri Apr 15 07:25:25 2016
Return-Path: <stix@stix.id.au>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client CN "mail.netbsd.org", Issuer "Postmaster NetBSD.org" (verified OK))
by mollari.NetBSD.org (Postfix) with ESMTPS id 61FEE7A46C
for <gnats-bugs@gnats.NetBSD.org>; Fri, 15 Apr 2016 07:25:25 +0000 (UTC)
Message-Id: <20160415072517.CF84019E63@stix.id.au>
Date: Fri, 15 Apr 2016 17:25:17 +1000 (AEST)
From: stix@stix.id.au
Reply-To: stix@stix.id.au
To: gnats-bugs@NetBSD.org
Subject: sshd leaks a file descriptor to authorized_keys
X-Send-Pr-Version: 3.95
>Number: 51070
>Category: bin
>Synopsis: sshd leaks a file descriptor to authorized_keys
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: bin-bug-people
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Fri Apr 15 07:30:00 +0000 2016
>Closed-Date: Sun Feb 25 18:57:24 +0000 2018
>Last-Modified: Sun Feb 25 18:57:24 +0000 2018
>Originator: Paul Ripke
>Release: NetBSD current, 2016-04-15
>Organization:
>Environment:
>Description:
During login, the forked sshd opens .ssh/authorized_keys for the user
and re-opens unnecessarily without closing.
>How-To-Repeat:
slave:ksh$ fstat .ssh/authorized_keys
USER CMD PID FD MOUNT INUM MODE SZ|DV R/W NAME
stix sshd 26541 8 /home 59278094 -rw-r--r-- 3774 r .ssh/authorized_keys
stix sshd 26541 9 /home 59278094 -rw-r--r-- 3774 r .ssh/authorized_keys
root sshd 20713 8 /home 59278094 -rw-r--r-- 3774 r .ssh/authorized_keys
root sshd 20713 9 /home 59278094 -rw-r--r-- 3774 r .ssh/authorized_keys
slave:ksh$ ps alx | egrep '(26541|20713)'
0 20713 21589 0 85 0 81180 6076 select Is ? 0:00.02 sshd: stix [pri
20008 26541 20713 0 85 0 81184 4600 select S ? 0:00.01 sshd: stix@pts/
20008 3530 29162 0 85 0 11020 1224 pipe_rd O+ pts/12 0:00.00 egrep (26541|20
20008 29162 26541 0 85 0 9052 1524 pause Ss pts/12 0:00.01 -ksh
>Fix:
The following patch works for me - patch is against current, and I've tested
it on netbsd-7. afaict, it also more or less matches upstream openssh.
Index: auth2-pubkey.c
===================================================================
RCS file: /cvsroot/src/crypto/external/bsd/openssh/dist/auth2-pubkey.c,v
retrieving revision 1.14
diff -u -d -r1.14 auth2-pubkey.c
--- auth2-pubkey.c 11 Mar 2016 01:55:00 -0000 1.14
+++ auth2-pubkey.c 15 Apr 2016 06:19:50 -0000
@@ -806,13 +806,6 @@
}
}
#endif
- debug("trying public key file %s", file);
- f = auth_openkeyfile(file, pw, options.strict_modes);
-
- if (!f) {
- restore_uid();
- return 0;
- }
found_key = 0;
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed
State-Changed-By: maxv@NetBSD.org
State-Changed-When: Sun, 25 Feb 2018 18:57:24 +0000
State-Changed-Why:
Duplicate of PR/51973 (the issue got fixed there). Thanks for the report
anyway.
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.43 2018/01/16 07:36:43 maya Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2017
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.