[Touch-packages] [Bug 1025418] Re: Using ProxyCommand w/a non-existant host results in infinite spawns.
A fix has been provided upstream. I believe the Ubuntu community should pick up from here and packages the fix. [ ... snip ...] Darren Tucker: We had some discussion about it amongst ourselves, but we were working on the 8.2 release at the time and we judged it too late to risk including this as it would potentially invalidate testing done to that point. I actually commited[1] this change earlier today, and you can try it yourself by trying either checking out the source or trying a development snapshot[3]. Please let us know if you notice any problems. [1] https://github.com/openssh/openssh-portable/commit/de1f3564cd85915b3002859873a37cb8d31ac9ce [3] https://www.mindrot.org/openssh_snap/openssh-SNAP-20200218.tar.gz or https://www.mindrot.org/openssh_snap/openssh-SNAP-20200219.tar.gz -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1025418 Title: Using ProxyCommand w/a non-existant host results in infinite spawns. Status in openssh package in Ubuntu: Invalid Bug description: Version: OpenSSH_5.9p1 Debian-5ubuntu1, OpenSSL 1.0.1 14 Mar 2012 Package: openssh-client Today we discovered a possible bug in the OpenSSH-Client package (openssh) that happens when you enable ProxyCommand with a non- existant hostname. This bug is easily replicated with the default example in /etc/ssh/ssh_config. If one uncomments that line and then for example tries to push via Git SSH you end up with SSH spawning over and over and over again as seein the attached screenshot. I have flagged this as a security bug (but ultimately it's up to ya'll if it is) because any user can do this and take down any server quite easily by adding add a bad ProxyCommand to their ~/.ssh/config. I was able to take out one of my personal servers (which happens to be a pretty big server) within a few minutes. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1025418/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1025418] Re: Using ProxyCommand w/a non-existant host results in infinite spawns.
Robie, any request for fix take priority based on the level of disruption. If more than one person face the issue and require a fix, it will create momentum and incentive to fix it. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1025418 Title: Using ProxyCommand w/a non-existant host results in infinite spawns. Status in openssh package in Ubuntu: Invalid Bug description: Version: OpenSSH_5.9p1 Debian-5ubuntu1, OpenSSL 1.0.1 14 Mar 2012 Package: openssh-client Today we discovered a possible bug in the OpenSSH-Client package (openssh) that happens when you enable ProxyCommand with a non- existant hostname. This bug is easily replicated with the default example in /etc/ssh/ssh_config. If one uncomments that line and then for example tries to push via Git SSH you end up with SSH spawning over and over and over again as seein the attached screenshot. I have flagged this as a security bug (but ultimately it's up to ya'll if it is) because any user can do this and take down any server quite easily by adding add a bad ProxyCommand to their ~/.ssh/config. I was able to take out one of my personal servers (which happens to be a pretty big server) within a few minutes. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1025418/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1025418] Re: Using ProxyCommand w/a non-existant host results in infinite spawns.
I'm sorry to revive this old topic. I'm astonished that after 8 years, it hasn't been fixed. I would like to push this up once more. The reason is any user interaction that is not by designed suppose to happen, should be considered a user experience bug and fixed. Crafting a fork bomb by design is out of the scope of this context. One is a malicious conscious creation of a piece of code, while a user misconfiguration is not. It is easily preventable by creating a hardcoded automatic implicit exclusion of the gateway. It is not normal that a user could create a recursive infinite loop with a piece of configuration like this. We are responsible to protect the user in such a case. The issue is not limited to Ubuntu, but to all systems that embedded OpenSSH. It should, therefore, be pushed upstream. I have sent an email to the OpenSSH developer mailing list and it would be welcome if Ubuntu were to request a fix as well. I will do the same request at RedHat. Thank you for your cooperation. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1025418 Title: Using ProxyCommand w/a non-existant host results in infinite spawns. Status in openssh package in Ubuntu: Invalid Bug description: Version: OpenSSH_5.9p1 Debian-5ubuntu1, OpenSSL 1.0.1 14 Mar 2012 Package: openssh-client Today we discovered a possible bug in the OpenSSH-Client package (openssh) that happens when you enable ProxyCommand with a non- existant hostname. This bug is easily replicated with the default example in /etc/ssh/ssh_config. If one uncomments that line and then for example tries to push via Git SSH you end up with SSH spawning over and over and over again as seein the attached screenshot. I have flagged this as a security bug (but ultimately it's up to ya'll if it is) because any user can do this and take down any server quite easily by adding add a bad ProxyCommand to their ~/.ssh/config. I was able to take out one of my personal servers (which happens to be a pretty big server) within a few minutes. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1025418/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp