Discussion:
Call for testing: OpenSSH 7.3
(too old to reply)
Damien Miller
2016-07-22 04:40:04 UTC
Permalink
Hi,

OpenSSH 5.3 is almost ready for release, so we would appreciate testing
on as many platforms and systems as possible. This release contains some
substantial new features and a number of bugfixes.

Snapshot releases for portable OpenSSH are available from
http://www.mindrot.org/openssh_snap/

The OpenBSD version is available in CVS HEAD:
http://www.openbsd.org/anoncvs.html

Portable OpenSSH is also available via anonymous CVS using the
instructions at http://www.openssh.com/portable.html#cvs or
via Git at https://anongit.mindrot.org/openssh.git/

Running the regression tests supplied with Portable OpenSSH does not
require installation and is a simply:

$ ./configure && make tests

Live testing on suitable non-production systems is also
appreciated. Please send reports of success or failure to
openssh-unix-***@mindrot.org.

Below is a summary of changes. More detail may be found in the ChangeLog
in the portable OpenSSH tarballs.

Thanks to the many people who contributed to this release.

Changes since OpenSSH 7.2
=========================

This is primarily a bugfix release.

Security
--------

* sshd(8): Mitigate a potential denial-of-service attack against
the system's crypt(3) function via sshd(8). An attacker could
send very long passwords that would cause excessive CPU use in
crypt(3). sshd(8) now refuses to accept password authentication
requests of length greater than 1024 characters. Independently
reported by Tomas Kuthan (Oracle) and curesec via coredump at
autistici.org.

* sshd(8): Mitigate timing differences in password authentication
that could be used to discern valid from invalid account names
when long passwords were sent and particular password hashing
algorithms are in use on the server. CVE-2016-6210, reported by
EddieEzra.Harari at verint.com

* ssh(1), sshd(8): Fix observable timing weakness in the CBC padding
oracle countermeasures. Reported by Jean Paul Degabriele, Kenny
Paterson, Torben Hansen and Martin Albrecht. Note that CBC ciphers
are disabled by default and only included for legacy compatibility.

* ssh(1), sshd(8): Improve ordering ordering of MAC verification for
Encrypt-then-MAC (EtM) mode transport MAC algorithms to verify the
MAC before decrypting any ciphertext. This removes the possibility
of timing differences leaking facts about the plaintext, though no
such leakage has been observed. Reported by Jean Paul Degabriele,
Kenny Paterson, Torben Hansen and Martin Albrecht.

* sshd(8): (portable only) Ignore PAM environment vars when
UseLogin=yes. If PAM is configured to read user-specified
environment variables and UseLogin=yes in sshd_config, then a
hostile local user may attack /bin/login via LD_PRELOAD or
similar environment variables set via PAM. CVE-2015-8325,
found by Shayan Sadigh.

New Features
------------

* ssh(1): Add a ProxyJump option and corresponding -J command-line
flag to allow simplified indirection through a one or more SSH
bastions or "jump hosts".

* ssh(1): Add an IdentityAgent option to allow specifying specific
agent sockets instead of accepting one from the environment.

* ssh(1): Allow ExitOnForwardFailure and ClearAllForwardings to be
optionally overridden when using ssh -W. bz#2577

* ssh(1), sshd(8): Implement support for the IUTF8 terminal mode as
per draft-sgtatham-secsh-iutf8-00.

* ssh(1), sshd(8): Add support for additional fixed Diffie-Hellman
2K, 4K and 8K groups from draft-ietf-curdle-ssh-kex-sha2-03.

* ssh-keygen(1), ssh(1), sshd(8): support SHA256 and SHA512 RSA
signatures in certificates;

* ssh(1): Add an Include directive for ssh_config(5) files.

* ssh(1): Permit UTF-8 characters in pre-authentication banners sent
from the server. bz#2058

Bugfixes
--------

* ssh(1), sshd(8): Reduce the syslog level of some relatively common
protocol events from LOG_CRIT. bz#2585

* sshd(8): Refuse AuthenticationMethods="" in configurations and
accept AuthenticationMethods=any for the default behaviour of not
requiring multiple authentication. bz#2398

* sshd(8): Remove obsolete and misleading "POSSIBLE BREAK-IN
ATTEMPT!" message when forward and reverse DNS don't match. bz#2585

* ssh(1): Close ControlPersist background process stderr except
in debug mode or when logging to syslog. bz#1988

* misc: Make PROTOCOL description for direct-***@openssh.com
channel open messages match deployed code. bz#2529

* ssh(1): Deduplicate LocalForward and RemoteForward entries to fix
failures when both ExitOnForwardFailure and hostname
canonicalisation are enabled. bz#2562

* sshd(8): Remove fallback from moduli to obsolete "primes" file
that was deprecated in 2001. bz#2559.

* sshd_config(5): Correct description of UseDNS: it affects ssh
hostname processing for authorized_keys, not known_hosts; bz#2554

* ssh(1): Fix authentication using lone certificate keys in an agent
without corresponding private keys on the filesystem. bz#2550

* sshd(8): Send ClientAliveInterval pings when a time-based
RekeyLimit is set; previously keepalive packets were not being
sent. bz#2252

Portability
-----------

* ssh(1), sshd(8): Fix compilation by automatically disabling ciphers
not supported by OpenSSL. bz#2466

* misc: Fix compilation failures on some versions of AIX's compiler
related to the definition of the VA_COPY macro. bz#2589

* sshd(8): Whitelist more architectures to enable the seccomp-bpf
sandbox. bz#2590

* ssh-agent(1), sftp-server(8): Disable process tracing on Solaris
using setpflags(__PROC_PROTECT, ...). bz#2584

* sshd(8): On Solaris, don't call Solaris setproject() with
UsePAM=yes it's PAM's responsibility. bz#2425

OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de
Raadt, Kevin Steves, Damien Miller, Darren Tucker, Jason McIntyre,
Tim Rice and Ben Lindstrom.
The Doctor
2016-07-22 04:51:17 UTC
Permalink
Post by Damien Miller
Hi,
OpenSSH 5.3 is almost ready for release, so we would appreciate testing
^

Huh?
Post by Damien Miller
on as many platforms and systems as possible. This release contains some
substantial new features and a number of bugfixes.
Snapshot releases for portable OpenSSH are available from
http://www.mindrot.org/openssh_snap/
http://www.openbsd.org/anoncvs.html
Portable OpenSSH is also available via anonymous CVS using the
instructions at http://www.openssh.com/portable.html#cvs or
via Git at https://anongit.mindrot.org/openssh.git/
Running the regression tests supplied with Portable OpenSSH does not
$ ./configure && make tests
Live testing on suitable non-production systems is also
appreciated. Please send reports of success or failure to
Below is a summary of changes. More detail may be found in the ChangeLog
in the portable OpenSSH tarballs.
Thanks to the many people who contributed to this release.
Changes since OpenSSH 7.2
=========================
This is primarily a bugfix release.
Security
--------
* sshd(8): Mitigate a potential denial-of-service attack against
the system's crypt(3) function via sshd(8). An attacker could
send very long passwords that would cause excessive CPU use in
crypt(3). sshd(8) now refuses to accept password authentication
requests of length greater than 1024 characters. Independently
reported by Tomas Kuthan (Oracle) and curesec via coredump at
autistici.org.
* sshd(8): Mitigate timing differences in password authentication
that could be used to discern valid from invalid account names
when long passwords were sent and particular password hashing
algorithms are in use on the server. CVE-2016-6210, reported by
EddieEzra.Harari at verint.com
* ssh(1), sshd(8): Fix observable timing weakness in the CBC padding
oracle countermeasures. Reported by Jean Paul Degabriele, Kenny
Paterson, Torben Hansen and Martin Albrecht. Note that CBC ciphers
are disabled by default and only included for legacy compatibility.
* ssh(1), sshd(8): Improve ordering ordering of MAC verification for
Encrypt-then-MAC (EtM) mode transport MAC algorithms to verify the
MAC before decrypting any ciphertext. This removes the possibility
of timing differences leaking facts about the plaintext, though no
such leakage has been observed. Reported by Jean Paul Degabriele,
Kenny Paterson, Torben Hansen and Martin Albrecht.
* sshd(8): (portable only) Ignore PAM environment vars when
UseLogin=yes. If PAM is configured to read user-specified
environment variables and UseLogin=yes in sshd_config, then a
hostile local user may attack /bin/login via LD_PRELOAD or
similar environment variables set via PAM. CVE-2015-8325,
found by Shayan Sadigh.
New Features
------------
* ssh(1): Add a ProxyJump option and corresponding -J command-line
flag to allow simplified indirection through a one or more SSH
bastions or "jump hosts".
* ssh(1): Add an IdentityAgent option to allow specifying specific
agent sockets instead of accepting one from the environment.
* ssh(1): Allow ExitOnForwardFailure and ClearAllForwardings to be
optionally overridden when using ssh -W. bz#2577
* ssh(1), sshd(8): Implement support for the IUTF8 terminal mode as
per draft-sgtatham-secsh-iutf8-00.
* ssh(1), sshd(8): Add support for additional fixed Diffie-Hellman
2K, 4K and 8K groups from draft-ietf-curdle-ssh-kex-sha2-03.
* ssh-keygen(1), ssh(1), sshd(8): support SHA256 and SHA512 RSA
signatures in certificates;
* ssh(1): Add an Include directive for ssh_config(5) files.
* ssh(1): Permit UTF-8 characters in pre-authentication banners sent
from the server. bz#2058
Bugfixes
--------
* ssh(1), sshd(8): Reduce the syslog level of some relatively common
protocol events from LOG_CRIT. bz#2585
* sshd(8): Refuse AuthenticationMethods="" in configurations and
accept AuthenticationMethods=any for the default behaviour of not
requiring multiple authentication. bz#2398
* sshd(8): Remove obsolete and misleading "POSSIBLE BREAK-IN
ATTEMPT!" message when forward and reverse DNS don't match. bz#2585
* ssh(1): Close ControlPersist background process stderr except
in debug mode or when logging to syslog. bz#1988
channel open messages match deployed code. bz#2529
* ssh(1): Deduplicate LocalForward and RemoteForward entries to fix
failures when both ExitOnForwardFailure and hostname
canonicalisation are enabled. bz#2562
* sshd(8): Remove fallback from moduli to obsolete "primes" file
that was deprecated in 2001. bz#2559.
* sshd_config(5): Correct description of UseDNS: it affects ssh
hostname processing for authorized_keys, not known_hosts; bz#2554
* ssh(1): Fix authentication using lone certificate keys in an agent
without corresponding private keys on the filesystem. bz#2550
* sshd(8): Send ClientAliveInterval pings when a time-based
RekeyLimit is set; previously keepalive packets were not being
sent. bz#2252
Portability
-----------
* ssh(1), sshd(8): Fix compilation by automatically disabling ciphers
not supported by OpenSSL. bz#2466
* misc: Fix compilation failures on some versions of AIX's compiler
related to the definition of the VA_COPY macro. bz#2589
* sshd(8): Whitelist more architectures to enable the seccomp-bpf
sandbox. bz#2590
* ssh-agent(1), sftp-server(8): Disable process tracing on Solaris
using setpflags(__PROC_PROTECT, ...). bz#2584
* sshd(8): On Solaris, don't call Solaris setproject() with
UsePAM=yes it's PAM's responsibility. bz#2425
OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de
Raadt, Kevin Steves, Damien Miller, Darren Tucker, Jason McIntyre,
Tim Rice and Ben Lindstrom.
_______________________________________________
openssh-unix-dev mailing list
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
--
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
God,Queen and country!Never Satan President Republic!Beware AntiChrist rising!
http://www.fullyfollow.me/rootnl2k Look at Psalms 14 and 53 on Atheism
Language is the source of misunderstandings. -Antoine de Saint-Exupery
Damien Miller
2016-07-22 04:55:56 UTC
Permalink
Post by Damien Miller
Hi,
OpenSSH 5.3 is almost ready for release, so we would appreciate testing
s/5.3/7.3/ and I'd better get myself another cup of tea
Darren Tucker
2016-07-22 05:54:21 UTC
Permalink
[...]
Post by Damien Miller
OpenSSH 5.3 is almost ready for release, so we would appreciate testing
^
Huh?
Either a clone of Damien has been frozen Austin Powers style since
2009 and has only just been thawed out or maybe it was a typo. Tough
to tell.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
Damien Miller
2016-07-22 06:53:46 UTC
Permalink
Post by Darren Tucker
[...]
Post by Damien Miller
OpenSSH 5.3 is almost ready for release, so we would appreciate testing
^
Huh?
Either a clone of Damien has been frozen Austin Powers style since
2009 and has only just been thawed out or maybe it was a typo. Tough
to tell.
More like Encino Man
The Doctor
2016-07-22 07:35:27 UTC
Permalink
Post by Damien Miller
Post by Darren Tucker
[...]
Post by Damien Miller
OpenSSH 5.3 is almost ready for release, so we would appreciate testing
^
Huh?
Either a clone of Damien has been frozen Austin Powers style since
2009 and has only just been thawed out or maybe it was a typo. Tough
to tell.
More like Encino Man
FreeBSD 10.3 amd64 Openssl 1.0.2i-dev checks out no problem

What is happening to openssl 1.1 suppolrt?
Post by Damien Miller
_______________________________________________
openssh-unix-dev mailing list
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
--
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
God,Queen and country!Never Satan President Republic!Beware AntiChrist rising!
http://www.fullyfollow.me/rootnl2k Look at Psalms 14 and 53 on Atheism
Language is the source of misunderstandings. -Antoine de Saint-Exupery
Damien Miller
2016-07-22 07:44:15 UTC
Permalink
Post by The Doctor
Post by Damien Miller
More like Encino Man
FreeBSD 10.3 amd64 Openssl 1.0.2i-dev checks out no problem
What is happening to openssl 1.1 suppolrt?
No progress yet - it's quite a bit of work as they APIs are quite different.

I hope to look at it in the next release.

-d
C0r3dump3d
2016-07-22 09:05:09 UTC
Permalink
Hi, I have tested the mitigation timing differences in password
authentication (CVE-2016-6210). I have compiled
openssh-SNAP-20160722.tar.gz in a Debian 8 and use my tool Osueta
(https://github.com/c0r3dump3d/osueta) against the system.

Ok, I have seen that you calculate all the password hash exist or not
exist the user, and with this you can not discriminate the presence or
absence of that user, but now it's more easy to establish the DOS
condition in the access to the Openssh server and exhausting the CPU
resources, any dummy user it can be used!

For example:

osueta -H 192.168.100.204 -U asdf -v no -d 15 -p 22 --dos yes -t 40

Users found Time delay in seconds
--------------------------------------
asdf 27

I have attached screenshots with the CPU resource exhaustion and the DOS
in the access to the Openssh server.

The test machine it's a Debian 8 VM in KVM with 4 Core and 2GB of RAM.


For CVE-2016-6210 user enumeration really it's mitigate but for the
problem of DOS as I say seems much easier to exploit!!

Regards.

Andres Rojas
http://www.devconsole.info
Post by Damien Miller
Hi,
OpenSSH 5.3 is almost ready for release, so we would appreciate testing
on as many platforms and systems as possible. This release contains some
substantial new features and a number of bugfixes.
Snapshot releases for portable OpenSSH are available from
http://www.mindrot.org/openssh_snap/
http://www.openbsd.org/anoncvs.html
_______________________________________________
openssh-unix-dev mailing list
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
Corinna Vinschen
2016-07-22 10:05:53 UTC
Permalink
Hi,
OpenSSH 7.3 is almost ready for release, so we would appreciate testing
This version doesn't build on Cygwin anymore. The reason is that
various configure tests fail.

The culprit is the new definition of IPPORT_RESERVED to 0 in configure.ac.

After setting this value in configure, confdefs.h contains

#define IPPORT_RESERVED 0

netinet/in.h defines IPPORT_RESERVED as enum, just as on other systems:

enum
{
[...]
IPPORT_RESERVED = 1024,
[...]
};

Since confdefs.h is evaluated *before* including any headers during
configure, we have the following situation:

#define IPPORT_RESERVED 0
#include <netinet/in.h>
--> enum { IPPORT_RESERVED = 1024 };

which evaluates to

enum { 0 = 1024 };

which then leads to a compiler error:

conftest.c:66:25: error: expected identifier before numeric constant

and thus to a broken configuration.

The same problem occurs when trying to build the source since config.h
is included via includes.h prior to the system headers.

So the simplification from NO_IPPORT_RESERVED_CONCEPT to just
defining IPPORT_RESERVED as 0 doesn't work as desired.

Can we revert this to the former NO_IPPORT_RESERVED_CONCEPT, please?

I created the below patch which is less intrusive than the original
patch. I tested that it works as desired and OpenSSH 7.3 builds
on Cygwin.

I have not *tested* OpenSSH7.3 on Cygwin yet. I'll report back in a
followup mail.


Thanks,
Corinna
--
Corinna Vinschen
Cygwin Maintainer
Red Hat
Darren Tucker
2016-07-22 10:23:07 UTC
Permalink
Post by C0r3dump3d
but now it's more easy to establish the DOS
condition in the access to the Openssh server and exhausting the CPU
resources, any dummy user it can be used!
The snapshot you're using (openssh-SNAP-20160722.tar.gz) was
unfortunately made in the time after the code to cap the password size
at 1k was committed to OpenBSD
(http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth-passwd.c.diff?r1=1.44&r2=1.45)
but before it was synced into -Portable
(https://anongit.mindrot.org/openssh.git/commit/?id=fcd135c9df440bcd2d5870405ad3311743d78d97).
As a result your very large password strings are still making it into
crypt(3).

Please either grab the code directly from git (you'll need to run
"autoreconf" yourself) or try tomorrow's snapshot and retest it.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
Martin Hecht
2016-07-22 10:33:26 UTC
Permalink
[...]
* ssh(1), sshd(8): Improve ordering ordering of MAC verification [...]
"ordering ordering" seems to be a typo

all tests pass on my machines with:
- Ubuntu 14.04.4 LTS
- Scientific Linux release 6.7 (Carbon)
- SUSE Linux Enterprise Server 11 SP3

tested with openssh-SNAP-20160722.tar.gz
Corinna Vinschen
2016-07-22 11:34:32 UTC
Permalink
Post by Corinna Vinschen
Hi,
OpenSSH 7.3 is almost ready for release, so we would appreciate testing
This version doesn't build on Cygwin anymore. The reason is that
various configure tests fail.
The culprit is the new definition of IPPORT_RESERVED to 0 in configure.ac.
After setting this value in configure, confdefs.h contains
#define IPPORT_RESERVED 0
enum
{
[...]
IPPORT_RESERVED = 1024,
[...]
};
Since confdefs.h is evaluated *before* including any headers during
#define IPPORT_RESERVED 0
#include <netinet/in.h>
--> enum { IPPORT_RESERVED = 1024 };
which evaluates to
enum { 0 = 1024 };
conftest.c:66:25: error: expected identifier before numeric constant
and thus to a broken configuration.
The same problem occurs when trying to build the source since config.h
is included via includes.h prior to the system headers.
So the simplification from NO_IPPORT_RESERVED_CONCEPT to just
defining IPPORT_RESERVED as 0 doesn't work as desired.
Can we revert this to the former NO_IPPORT_RESERVED_CONCEPT, please?
I created the below patch which is less intrusive than the original
patch. I tested that it works as desired and OpenSSH 7.3 builds
on Cygwin.
I have not *tested* OpenSSH7.3 on Cygwin yet. I'll report back in a
followup mail.
All tests pass on current Cygwin with this patch applied.


Thanks,
Corinna
--
Corinna Vinschen
Cygwin Maintainer
Red Hat
Darren Tucker
2016-07-22 11:37:32 UTC
Permalink
On Fri, Jul 22, 2016 at 12:05:53PM +0200, Corinna Vinschen wrote:
[...]
Post by Corinna Vinschen
This version doesn't build on Cygwin anymore. The reason is that
various configure tests fail.
The culprit is the new definition of IPPORT_RESERVED to 0 in configure.ac.
Sigh.

How about putting it in defines.h instead? includes.h includes
netinet/in.h from whence the definition of IPPORT_RESERVED is, on Cygwin
at least, seems to be protected against multiple inclusion. Putting it
there means only one definition in a file that we don't sync with OpenBSD.

diff --git a/configure.ac b/configure.ac
index 21ef389..2cd6a6f 100644
--- a/configure.ac
+++ b/configure.ac
@@ -589,8 +589,9 @@ case "$host" in
[Define if you want to disable shadow passwords])
AC_DEFINE([NO_X11_UNIX_SOCKETS], [1],
[Define if X11 doesn't support AF_UNIX sockets on that system])
- AC_DEFINE([IPPORT_RESERVED], [0],
- [Cygwin has no notion of ports only accessible to superusers])
+ AC_DEFINE([NO_IPPORT_RESERVED_CONCEPT], [1],
+ [Define if the concept of ports only accessible to
+ superusers isn't known])
AC_DEFINE([DISABLE_FD_PASSING], [1],
[Define if your platform needs to skip post auth
file descriptor passing])
diff --git a/defines.h b/defines.h
index a438ddd..c099df6 100644
--- a/defines.h
+++ b/defines.h
@@ -43,6 +43,17 @@ enum
#endif

/*
+ * Cygwin doesn't really have a notion of reserved ports but for backward
+ * compatibility they define it to 1024 in netinet/in.h inside an enum. We
+ * don't actually want that restriction so we want to set that to zero, but
+ * we can't do it direct in config.h because it'll cause a conflicting
+ * definition the first time we include netinet/in.h.
+ */
+#ifdef NO_IPPORT_RESERVED_CONCEPT
+#define IPPORT_RESERVED 0
+#endif
+
+/*
* Definitions for IP type of service (ip_tos)
*/
#include <netinet/in_systm.h>
--
Darren Tucker (dtucker at zip.com.au)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
C0r3dump3d
2016-07-22 11:40:46 UTC
Permalink
Hi, I have tried the git version and now it's Ok, no user enumeration
and no DOS!!

If it's possible for the credits of the bug please include my partner
and me:

Andres Rojas -- ***@autistici.org
Javier Nieto -- ***@gmail.com

Thank you very much
Post by Darren Tucker
Post by C0r3dump3d
but now it's more easy to establish the DOS
condition in the access to the Openssh server and exhausting the CPU
resources, any dummy user it can be used!
The snapshot you're using (openssh-SNAP-20160722.tar.gz) was
unfortunately made in the time after the code to cap the password size
at 1k was committed to OpenBSD
(http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth-passwd.c.diff?r1=1.44&r2=1.45)
but before it was synced into -Portable
(https://anongit.mindrot.org/openssh.git/commit/?id=fcd135c9df440bcd2d5870405ad3311743d78d97).
As a result your very large password strings are still making it into
crypt(3).
Please either grab the code directly from git (you'll need to run
"autoreconf" yourself) or try tomorrow's snapshot and retest it.
Corinna Vinschen
2016-07-22 12:18:55 UTC
Permalink
Post by Darren Tucker
[...]
Post by Corinna Vinschen
This version doesn't build on Cygwin anymore. The reason is that
various configure tests fail.
The culprit is the new definition of IPPORT_RESERVED to 0 in configure.ac.
Sigh.
How about putting it in defines.h instead? includes.h includes
netinet/in.h from whence the definition of IPPORT_RESERVED is, on Cygwin
at least, seems to be protected against multiple inclusion. Putting it
there means only one definition in a file that we don't sync with OpenBSD.
Hmm. If that only affects Cygwin, and if defines.h is not synced anyway,
what about getting rid of the configure stuff entirely?

Tested counterproposal:

diff --git a/configure.ac b/configure.ac
index 21ef389..e64386f 100644
--- a/configure.ac
+++ b/configure.ac
@@ -589,8 +589,6 @@ case "$host" in
[Define if you want to disable shadow passwords])
AC_DEFINE([NO_X11_UNIX_SOCKETS], [1],
[Define if X11 doesn't support AF_UNIX sockets on that system])
- AC_DEFINE([IPPORT_RESERVED], [0],
- [Cygwin has no notion of ports only accessible to superusers])
AC_DEFINE([DISABLE_FD_PASSING], [1],
[Define if your platform needs to skip post auth
file descriptor passing])
diff --git a/defines.h b/defines.h
index a438ddd..d1ad6a7 100644
--- a/defines.h
+++ b/defines.h
@@ -43,6 +43,17 @@ enum
#endif

/*
+ * Cygwin doesn't really have a notion of reserved ports but for backward
+ * compatibility they define it to 1024 in netinet/in.h inside an enum. We
+ * don't actually want that restriction so we want to set that to zero, but
+ * we can't do it direct in config.h because it'll cause a conflicting
+ * definition the first time we include netinet/in.h.
+ */
+#ifdef HAVE_CYGWIN
+#define IPPORT_RESERVED 0
+#endif
+
+/*
* Definitions for IP type of service (ip_tos)
*/
#include <netinet/in_systm.h>


As for the comment preceeding the definition, I didn't change it from
your text in my proposal. However.

I'd like to outline that IPPORT_RESERVED == 1024 still makes sense in
terms of the implementation of bindresvport_sa and rcmd. It's not just
backward compatibility. There are also applications out there which
still expect this value to make sense.

The *real* problem here is that OpenSSH checks for uid 0 before allowing
to bind a socket to a port < IPPORT_RESERVED, rather than letting the OS
decide if the current user is allowed to bind that port.

From my POV this check in OpenSSH is gratuitious and it's the real reason
we have this problem at all.


Thanks,
Corinna
--
Corinna Vinschen
Cygwin Maintainer
Red Hat
Darren Tucker
2016-07-22 13:32:51 UTC
Permalink
On Fri, Jul 22, 2016 at 10:18 PM, Corinna Vinschen <***@redhat.com> wrote:
[...]
Post by Corinna Vinschen
Hmm. If that only affects Cygwin, and if defines.h is not synced anyway,
what about getting rid of the configure stuff entirely?
Looks reasonable. It's late here so I'm going to look at it tomorrow.
Post by Corinna Vinschen
As for the comment preceeding the definition, I didn't change it from
your text in my proposal. However.
I'd like to outline that IPPORT_RESERVED == 1024 still makes sense in
terms of the implementation of bindresvport_sa and rcmd. It's not just
backward compatibility. There are also applications out there which
still expect this value to make sense.
Fair point.
Post by Corinna Vinschen
The *real* problem here is that OpenSSH checks for uid 0 before allowing
to bind a socket to a port < IPPORT_RESERVED, rather than letting the OS
decide if the current user is allowed to bind that port.
From my POV this check in OpenSSH is gratuitious and it's the real reason
we have this problem at all.
In the case of sshd running with privsep off, the process doing the
binding is still running as root and I suspect those checks date back
to when it was always running as root. It could probably
temporarily_use_uid() though.

Thanks.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
Hisashi T Fujinaka
2016-07-22 14:58:52 UTC
Permalink
In NetBSD-current(ish):

test_sshkey: ..................................[1] Segmentation fault (core dumped) ${V} /home/htodd...
*** Error code 139

And gdb bt shows:

Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x000000000041174e in cert_parse (key=0x756584f120c0, certbuf=0x756584f16200, b=0x756584f161b0) at sshkey.c:1896
1896 key->cert->principals[key->cert->nprincipals++] = principal;
(gdb) bt
#0 0x000000000041174e in cert_parse (key=0x756584f120c0, certbuf=0x756584f16200, b=0x756584f161b0) at sshkey.c:1896
#1 sshkey_from_blob_internal (b=***@entry=0x756584f161b0, keyp=***@entry=0x7f7fff8c0220, allow_cert=***@entry=1)
at sshkey.c:2117
#2 0x0000000000411951 in sshkey_from_blob (blob=<optimized out>, blen=***@entry=422, keyp=***@entry=0x7f7fff8c0220)
at sshkey.c:2150
#3 0x0000000000411a97 in sshkey_read (ret=***@entry=0x756584f12080, cpp=***@entry=0x7f7fff8c0280) at sshkey.c:1302
#4 0x0000000000414baa in sshkey_try_load_public (k=***@entry=0x756584f12080,
filename=0x756584f16070 "/home/htodd/openssh-portable/regress/unittests/sshkey/testdata/rsa_1-cert.pub",
commentp=***@entry=0x0) at authfile.c:319
#5 0x0000000000415309 in sshkey_load_cert (filename=<optimized out>, keyp=***@entry=0x7f7fff8c4330) at authfile.c:425
#6 0x0000000000409f41 in sshkey_tests () at regress/unittests/sshkey/test_sshkey.c:527
#7 0x0000000000405dc3 in tests () at regress/unittests/sshkey/tests.c:24
#8 0x000000000042a2e1 in main (argc=3, argv=0x7f7fff8c4420) at regress/unittests/test_helper/test_helper.c:162
(gdb)
--
Hisashi T Fujinaka - ***@twofifty.com
BSEE + BSChem + BAEnglish + MSCS + $2.50 = coffee
Corinna Vinschen
2016-07-22 16:45:55 UTC
Permalink
Post by Darren Tucker
[...]
Post by Corinna Vinschen
Hmm. If that only affects Cygwin, and if defines.h is not synced anyway,
what about getting rid of the configure stuff entirely?
Looks reasonable. It's late here so I'm going to look at it tomorrow.
Thank you.
Post by Darren Tucker
Post by Corinna Vinschen
As for the comment preceeding the definition, I didn't change it from
your text in my proposal. However.
I'd like to outline that IPPORT_RESERVED == 1024 still makes sense in
terms of the implementation of bindresvport_sa and rcmd. It's not just
backward compatibility. There are also applications out there which
still expect this value to make sense.
Fair point.
Post by Corinna Vinschen
The *real* problem here is that OpenSSH checks for uid 0 before allowing
to bind a socket to a port < IPPORT_RESERVED, rather than letting the OS
decide if the current user is allowed to bind that port.
From my POV this check in OpenSSH is gratuitious and it's the real reason
we have this problem at all.
In the case of sshd running with privsep off, the process doing the
binding is still running as root and I suspect those checks date back
to when it was always running as root. It could probably
temporarily_use_uid() though.
I think this is a very good idea.

As has been discussed more than once on this list, Cygwin^WWindows isn't
the only OS allowing more than a single administrativ account.
Alternatively the system supports fine-grained account-based permissions
or per-executable capabilities.

For example, think raw sockets and ping/ping6. You don't have to be
admin to open a raw socket if the OS supports capabilities, nor does the
application has to be a setuid application, as on Linux:

$ ls -l /usr/bin/ping
-rwxr-xr-x 1 root root 44752 Nov 19 2015 /usr/bin/ping
$ getcap /usr/bin/ping
ping = cap_net_admin,cap_net_raw+ep

Checking for uid 0 only makes limited sense, and only on very
traditional UNIX systems.


Corinna
--
Corinna Vinschen
Cygwin Maintainer
Red Hat
Hisashi T Fujinaka
2016-07-22 16:44:04 UTC
Permalink
After making /var/empty, tests ran fine on netbsd-7.
--
Hisashi T Fujinaka - ***@twofifty.com
BSEE + BSChem + BAEnglish + MSCS + $2.50 = coffee
Damien Miller
2016-07-22 23:33:12 UTC
Permalink
Post by Hisashi T Fujinaka
test_sshkey: ..................................[1] Segmentation fault (core
dumped) ${V} /home/htodd...
*** Error code 139
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x000000000041174e in cert_parse (key=0x756584f120c0,
certbuf=0x756584f16200, b=0x756584f161b0) at sshkey.c:1896
1896 key->cert->principals[key->cert->nprincipals++] =
principal;
Thanks for reporting this. I don't understand how it could fail at that
point. Could you rerun the failing test and see what the values of
key, *key, key->cert and *key->cert are? It's possible to run just the
sshkey unit test using:

./regress/unittests/sshkey/test_sshkey -d regress/unittests/sshkey/testdata

from the top-level directory.

-d
Hisashi T Fujinaka
2016-07-23 02:33:37 UTC
Permalink
I think I forgot to send this to the mailing list too.
Post by Hisashi T Fujinaka
test_sshkey: ..................................[1] Segmentation fault
(core
dumped) ${V} /home/htodd...
*** Error code 139
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x000000000041174e in cert_parse (key=0x756584f120c0,
certbuf=0x756584f16200, b=0x756584f161b0) at sshkey.c:1896
1896 key->cert->principals[key->cert->nprincipals++] =
principal;
Thanks for reporting this. I don't understand how it could fail at that
point. Could you rerun the failing test and see what the values of
key, *key, key->cert and *key->cert are? It's possible to run just the
sshkey unit test using:

./regress/unittests/sshkey/test_sshkey -d regress/unittests/sshkey/testdata

from the top-level directory.

Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x000000000041174e in cert_parse (key=0x7037f9b120c0,
certbuf=0x7037f9b16200, b=0x7037f9b161b0) at sshkey.c:1896
1896 key->cert->principals[key->cert->nprincipals++] =
principal;
(gdb) bt
#0 0x000000000041174e in cert_parse (key=0x7037f9b120c0,
certbuf=0x7037f9b16200, b=0x7037f9b161b0) at sshkey.c:1896
#1 sshkey_from_blob_internal (b=***@entry=0x7037f9b161b0,
keyp=***@entry=0x7f7fff104970, allow_cert=***@entry=1)
at sshkey.c:2117
#2 0x0000000000411951 in sshkey_from_blob (blob=<optimized out>,
blen=***@entry=422, keyp=***@entry=0x7f7fff104970)
at sshkey.c:2150
#3 0x0000000000411a97 in sshkey_read (ret=***@entry=0x7037f9b12080,
cpp=***@entry=0x7f7fff1049d0) at sshkey.c:1302
#4 0x0000000000414baa in sshkey_try_load_public (k=***@entry=0x7037f9b12080,
filename=0x7037f9b16070
"/home/htodd/openssh-portable/regress/unittests/sshkey/testdata/rsa_1-cert.pub",
commentp=***@entry=0x0) at authfile.c:319
#5 0x0000000000415309 in sshkey_load_cert (filename=<optimized out>,
keyp=***@entry=0x7f7fff108a80) at authfile.c:425
#6 0x0000000000409f41 in sshkey_tests () at
regress/unittests/sshkey/test_sshkey.c:527
#7 0x0000000000405dc3 in tests () at regress/unittests/sshkey/tests.c:24
#8 0x000000000042a2e1 in main (argc=3, argv=0x7f7fff108b68) at
regress/unittests/test_helper/test_helper.c:162
(gdb) p key
$1 = (struct sshkey *) 0x7037f9b120c0
(gdb) p key->cert
$2 = (struct sshkey_cert *) 0x7037f9b1b080
(gdb) p *key->cert
$3 = {certblob = 0x7037f9b162a0, type = 2, serial = 5, key_id =
0x7037f9b18090 "julius", nprincipals = 1,
principals = 0xfffffffff9b180a0, valid_after = 915145200, valid_before =
1293836400, critical = 0x7037f9b162f0,
extensions = 0x7037f9b16340, signature_key = 0x0}
--
Hisashi T Fujinaka - ***@twofifty.com
BSEE + BSChem + BAEnglish + MSCS + $2.50 = coffee
Damien Miller
2016-07-23 03:13:24 UTC
Permalink
Post by Hisashi T Fujinaka
regress/unittests/test_helper/test_helper.c:162
(gdb) p key
$1 = (struct sshkey *) 0x7037f9b120c0
(gdb) p key->cert
$2 = (struct sshkey_cert *) 0x7037f9b1b080
(gdb) p *key->cert
$3 = {certblob = 0x7037f9b162a0, type = 2, serial = 5, key_id = 0x7037f9b18090
"julius", nprincipals = 1,
principals = 0xfffffffff9b180a0, valid_after = 915145200, valid_before =
Thanks for taking the time to debug this.

The key->cert->principals pointer looks wrong - does NetBSD libc
provide a reallocarray function? We detect its presence during
configure:

checking for reallocarray... no

(that's on Linux)

Could you try commenting out the HAVE_REALLOCARRAY line in config.h
make clean, make and rerun the test?

-d
Hisashi T Fujinaka
2016-07-23 04:30:00 UTC
Permalink
Post by Damien Miller
Post by Hisashi T Fujinaka
regress/unittests/test_helper/test_helper.c:162
(gdb) p key
$1 = (struct sshkey *) 0x7037f9b120c0
(gdb) p key->cert
$2 = (struct sshkey_cert *) 0x7037f9b1b080
(gdb) p *key->cert
$3 = {certblob = 0x7037f9b162a0, type = 2, serial = 5, key_id = 0x7037f9b18090
"julius", nprincipals = 1,
principals = 0xfffffffff9b180a0, valid_after = 915145200, valid_before =
Thanks for taking the time to debug this.
The key->cert->principals pointer looks wrong - does NetBSD libc
provide a reallocarray function? We detect its presence during
checking for reallocarray... no
(that's on Linux)
Could you try commenting out the HAVE_REALLOCARRAY line in config.h
make clean, make and rerun the test?
That works. Weird how I need that on -current but not on -7.
--
Hisashi T Fujinaka - ***@twofifty.com
BSEE + BSChem + BAEnglish + MSCS + $2.50 = coffee
Darren Tucker
2016-07-23 06:05:24 UTC
Permalink
On Sat, Jul 23, 2016 at 2:30 PM, Hisashi T Fujinaka <***@twofifty.com> wrote:
[...]
Post by Hisashi T Fujinaka
Post by Damien Miller
Could you try commenting out the HAVE_REALLOCARRAY line in config.h
make clean, make and rerun the test?
That works. Weird how I need that on -current but not on -7.
Looks like reallocarray was added after 7: it's in
http://netbsd.gw.com/cgi-bin/man-cgi?reallocarray++NetBSD-current but
it's not in http://netbsd.gw.com/cgi-bin/man-cgi?reallocarray++NetBSD-7.0.1.
Maybe there's a bug in it? I note that the man page says the
prototype needs "_OPENBSD_SOURCE", maybe the lack of prototype gets
the return truncated to int? maybe try ./configure
--with-cflags=-D_OPENBSD_SOURCE ?
--
Darren Tucker (dtucker at zip.com.au)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
Darren Tucker
2016-07-23 09:58:38 UTC
Permalink
Post by Corinna Vinschen
[...]
Post by Corinna Vinschen
Hmm. If that only affects Cygwin, and if defines.h is not synced anyway,
what about getting rid of the configure stuff entirely?
I've committed this.

I'll look at the other changes after the release.

[...]
Post by Corinna Vinschen
As has been discussed more than once on this list, Cygwin^WWindows isn't
the only OS allowing more than a single administrativ account.
Alternatively the system supports fine-grained account-based permissions
or per-executable capabilities.
Agreed, capabilities is what I was thinking of when I replied.

[...]
Post by Corinna Vinschen
Checking for uid 0 only makes limited sense, and only on very
traditional UNIX systems.
In its defense, I suspect that's all it ran on at the time it was written.

Thanks.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
Corinna Vinschen
2016-07-23 10:25:23 UTC
Permalink
Post by Darren Tucker
Post by Corinna Vinschen
[...]
Post by Corinna Vinschen
Hmm. If that only affects Cygwin, and if defines.h is not synced anyway,
what about getting rid of the configure stuff entirely?
I've committed this.
I'll look at the other changes after the release.
[...]
Post by Corinna Vinschen
As has been discussed more than once on this list, Cygwin^WWindows isn't
the only OS allowing more than a single administrativ account.
Alternatively the system supports fine-grained account-based permissions
or per-executable capabilities.
Agreed, capabilities is what I was thinking of when I replied.
[...]
Post by Corinna Vinschen
Checking for uid 0 only makes limited sense, and only on very
traditional UNIX systems.
In its defense, I suspect that's all it ran on at the time it was written.
:)

Which is quite a long time ago. The big problem with a patch replacing
the uid == 0 checks is probably that it has to be accepted upstream...


Corinna
--
Corinna Vinschen
Cygwin Maintainer
Red Hat
Alex Wilson
2016-07-25 20:22:18 UTC
Permalink
Post by Damien Miller
Live testing on suitable non-production systems is also
appreciated.
Working fine on illumos here.

The GSSAPI key exchange patch we've been carrying around for compat
needs some work now though (or maybe we'll just drop it).
Jakub Jelen
2016-07-26 14:18:55 UTC
Permalink
Post by Damien Miller
OpenSSH 5.3 is almost ready for release, so we would appreciate testing
on as many platforms and systems as possible. This release contains some
substantial new features and a number of bugfixes.
Testing with latest snap/git and applying our patches revealed only one
problem (when I don't count missing API for GSSAPI Kex, where we were
using get_canonical_hostname() also in the client code):

* Forgotten get_remote_ipaddr() function in audit-linux.c code
(attached patch)

Otherwise the package builds and passes all tests on current Fedora 24.

Regards,
--
Jakub Jelen
Security Technologies
Red Hat
Damien Miller
2016-07-26 22:26:17 UTC
Permalink
Post by Jakub Jelen
Post by Damien Miller
OpenSSH 5.3 is almost ready for release, so we would appreciate testing
on as many platforms and systems as possible. This release contains some
substantial new features and a number of bugfixes.
Testing with latest snap/git and applying our patches revealed only one
problem (when I don't count missing API for GSSAPI Kex, where we were using
* Forgotten get_remote_ipaddr() function in audit-linux.c code (attached
patch)
Applied (also needed to include packet.h).

-d
Damien Miller
2016-07-27 07:28:16 UTC
Permalink
Post by Darren Tucker
[...]
Post by Hisashi T Fujinaka
Post by Damien Miller
Could you try commenting out the HAVE_REALLOCARRAY line in config.h
make clean, make and rerun the test?
That works. Weird how I need that on -current but not on -7.
Looks like reallocarray was added after 7: it's in
http://netbsd.gw.com/cgi-bin/man-cgi?reallocarray++NetBSD-current but
it's not in http://netbsd.gw.com/cgi-bin/man-cgi?reallocarray++NetBSD-7.0.1.
Maybe there's a bug in it? I note that the man page says the
prototype needs "_OPENBSD_SOURCE", maybe the lack of prototype gets
the return truncated to int? maybe try ./configure
--with-cflags=-D_OPENBSD_SOURCE ?
This is probably the problem - the weird pointer I noted in
Fujinaka-san's gdb output was probably a sign-extended integer.

Could you try this patch? You'll need to make clean, run autoreconf
and configure again.

-d

diff --git a/configure.ac b/configure.ac
index e64386f..373d21b 100644
--- a/configure.ac
+++ b/configure.ac
@@ -839,6 +839,7 @@ mips-sony-bsd|mips-sony-newsos4)
if test "x$withval" != "xno" ; then
need_dash_r=1
fi
+ CPPFLAGS="$CPPFLAGS -D_OPENBSD_SOURCE"
AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
AC_CHECK_HEADER([net/if_tap.h], ,
AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support]))
Hisashi T Fujinaka
2016-07-27 14:34:56 UTC
Permalink
Post by Damien Miller
Post by Darren Tucker
[...]
Post by Hisashi T Fujinaka
Post by Damien Miller
Could you try commenting out the HAVE_REALLOCARRAY line in config.h
make clean, make and rerun the test?
That works. Weird how I need that on -current but not on -7.
Looks like reallocarray was added after 7: it's in
http://netbsd.gw.com/cgi-bin/man-cgi?reallocarray++NetBSD-current but
it's not in http://netbsd.gw.com/cgi-bin/man-cgi?reallocarray++NetBSD-7.0.1.
Maybe there's a bug in it? I note that the man page says the
prototype needs "_OPENBSD_SOURCE", maybe the lack of prototype gets
the return truncated to int? maybe try ./configure
--with-cflags=-D_OPENBSD_SOURCE ?
This is probably the problem - the weird pointer I noted in
Fujinaka-san's gdb output was probably a sign-extended integer.
Could you try this patch? You'll need to make clean, run autoreconf
and configure again.
-d
diff --git a/configure.ac b/configure.ac
index e64386f..373d21b 100644
--- a/configure.ac
+++ b/configure.ac
@@ -839,6 +839,7 @@ mips-sony-bsd|mips-sony-newsos4)
if test "x$withval" != "xno" ; then
need_dash_r=1
fi
+ CPPFLAGS="$CPPFLAGS -D_OPENBSD_SOURCE"
AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
AC_CHECK_HEADER([net/if_tap.h], ,
AC_DEFINE([SSH_TUN_NO_L2], [1], [No layer 2 tunnel support]))
This works. Thanks!
--
Hisashi T Fujinaka - ***@twofifty.com
BSEE + BSChem + BAEnglish + MSCS + $2.50 = coffee
Damien Miller
2016-07-27 22:56:22 UTC
Permalink
Post by Hisashi T Fujinaka
This works. Thanks!
Thanks for your help in debugging this - it's been committed and will
be in openssh-7.3.

-d
Jeff Wieland
2016-07-29 16:10:24 UTC
Permalink
Compiles and passes tests on SPARC Solaris 10, using our local
build of OpenSSL 1.0.2h.
Post by Damien Miller
Hi,
OpenSSH 5.3 is almost ready for release, so we would appreciate testing
on as many platforms and systems as possible. This release contains some
substantial new features and a number of bugfixes.
Snapshot releases for portable OpenSSH are available from
http://www.mindrot.org/openssh_snap/
http://www.openbsd.org/anoncvs.html
Portable OpenSSH is also available via anonymous CVS using the
instructions at http://www.openssh.com/portable.html#cvs or
via Git at https://anongit.mindrot.org/openssh.git/
Running the regression tests supplied with Portable OpenSSH does not
$ ./configure && make tests
Live testing on suitable non-production systems is also
appreciated. Please send reports of success or failure to
Below is a summary of changes. More detail may be found in the ChangeLog
in the portable OpenSSH tarballs.
Thanks to the many people who contributed to this release.
Changes since OpenSSH 7.2
=========================
This is primarily a bugfix release.
Security
--------
* sshd(8): Mitigate a potential denial-of-service attack against
the system's crypt(3) function via sshd(8). An attacker could
send very long passwords that would cause excessive CPU use in
crypt(3). sshd(8) now refuses to accept password authentication
requests of length greater than 1024 characters. Independently
reported by Tomas Kuthan (Oracle) and curesec via coredump at
autistici.org.
* sshd(8): Mitigate timing differences in password authentication
that could be used to discern valid from invalid account names
when long passwords were sent and particular password hashing
algorithms are in use on the server. CVE-2016-6210, reported by
EddieEzra.Harari at verint.com
* ssh(1), sshd(8): Fix observable timing weakness in the CBC padding
oracle countermeasures. Reported by Jean Paul Degabriele, Kenny
Paterson, Torben Hansen and Martin Albrecht. Note that CBC ciphers
are disabled by default and only included for legacy compatibility.
* ssh(1), sshd(8): Improve ordering ordering of MAC verification for
Encrypt-then-MAC (EtM) mode transport MAC algorithms to verify the
MAC before decrypting any ciphertext. This removes the possibility
of timing differences leaking facts about the plaintext, though no
such leakage has been observed. Reported by Jean Paul Degabriele,
Kenny Paterson, Torben Hansen and Martin Albrecht.
* sshd(8): (portable only) Ignore PAM environment vars when
UseLogin=yes. If PAM is configured to read user-specified
environment variables and UseLogin=yes in sshd_config, then a
hostile local user may attack /bin/login via LD_PRELOAD or
similar environment variables set via PAM. CVE-2015-8325,
found by Shayan Sadigh.
New Features
------------
* ssh(1): Add a ProxyJump option and corresponding -J command-line
flag to allow simplified indirection through a one or more SSH
bastions or "jump hosts".
* ssh(1): Add an IdentityAgent option to allow specifying specific
agent sockets instead of accepting one from the environment.
* ssh(1): Allow ExitOnForwardFailure and ClearAllForwardings to be
optionally overridden when using ssh -W. bz#2577
* ssh(1), sshd(8): Implement support for the IUTF8 terminal mode as
per draft-sgtatham-secsh-iutf8-00.
* ssh(1), sshd(8): Add support for additional fixed Diffie-Hellman
2K, 4K and 8K groups from draft-ietf-curdle-ssh-kex-sha2-03.
* ssh-keygen(1), ssh(1), sshd(8): support SHA256 and SHA512 RSA
signatures in certificates;
* ssh(1): Add an Include directive for ssh_config(5) files.
* ssh(1): Permit UTF-8 characters in pre-authentication banners sent
from the server. bz#2058
Bugfixes
--------
* ssh(1), sshd(8): Reduce the syslog level of some relatively common
protocol events from LOG_CRIT. bz#2585
* sshd(8): Refuse AuthenticationMethods="" in configurations and
accept AuthenticationMethods=any for the default behaviour of not
requiring multiple authentication. bz#2398
* sshd(8): Remove obsolete and misleading "POSSIBLE BREAK-IN
ATTEMPT!" message when forward and reverse DNS don't match. bz#2585
* ssh(1): Close ControlPersist background process stderr except
in debug mode or when logging to syslog. bz#1988
channel open messages match deployed code. bz#2529
* ssh(1): Deduplicate LocalForward and RemoteForward entries to fix
failures when both ExitOnForwardFailure and hostname
canonicalisation are enabled. bz#2562
* sshd(8): Remove fallback from moduli to obsolete "primes" file
that was deprecated in 2001. bz#2559.
* sshd_config(5): Correct description of UseDNS: it affects ssh
hostname processing for authorized_keys, not known_hosts; bz#2554
* ssh(1): Fix authentication using lone certificate keys in an agent
without corresponding private keys on the filesystem. bz#2550
* sshd(8): Send ClientAliveInterval pings when a time-based
RekeyLimit is set; previously keepalive packets were not being
sent. bz#2252
Portability
-----------
* ssh(1), sshd(8): Fix compilation by automatically disabling ciphers
not supported by OpenSSL. bz#2466
* misc: Fix compilation failures on some versions of AIX's compiler
related to the definition of the VA_COPY macro. bz#2589
* sshd(8): Whitelist more architectures to enable the seccomp-bpf
sandbox. bz#2590
* ssh-agent(1), sftp-server(8): Disable process tracing on Solaris
using setpflags(__PROC_PROTECT, ...). bz#2584
* sshd(8): On Solaris, don't call Solaris setproject() with
UsePAM=yes it's PAM's responsibility. bz#2425
OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de
Raadt, Kevin Steves, Damien Miller, Darren Tucker, Jason McIntyre,
Tim Rice and Ben Lindstrom.
_______________________________________________
openssh-unix-dev mailing list
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
--
Jeff Wieland | Purdue University
Network Systems Administrator | ITIS UNIX Platforms
Voice: (765)496-8234 | 155 S. Grant Street
FAX: (765)496-1380 | West Lafayette, IN 47907
Loading...