Using a sshd_config from portable 8.7, my RELENG_12 and RELENG_13 sftp servers are no longer working as the connection errors out with internal-sftp[85599]: fatal: unable to make the process untraceable The same setup works fine with 8.7. With an almost default config % diff sshd_config sshd_config.sample 30c30 < LogLevel VERBOSE --- > #LogLevel INFO 105c105 < #VersionAddendum FreeBSD-openssh-portable-8.7.p1,1 --- > #VersionAddendum FreeBSD-openssh-portable-8.8.p1,1 a simple sftp localhost errors out with sftp-server[89445]: fatal: unable to make the process untraceable after authentication is done
I am able to get it working with this bruteforce patch --- work-default/openssh-8.8p1/platform-tracing.c.prev 2021-09-26 10:03:19.000000000 -0400 +++ work-default/openssh-8.8p1/platform-tracing.c 2021-10-14 19:09:57.683251000 -0400 @@ -41,7 +41,7 @@ int disable_trace = PROC_TRACE_CTL_DISABLE; if (procctl(P_PID, 0, PROC_TRACE_CTL, &disable_trace) && strict) - fatal("unable to make the process untraceable"); + verbose("unable to make the process untraceable"); #endif #if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE) /* Disable ptrace on Linux without sgid bit */
This commit from Sept 8th 20201 seemed to introduce it. git diff 2d678c5e3bdc2f5c99f7af5122e9d054925d560d 73050fa38fb36ae3326d768b574806352b97002d diff --git a/configure.ac b/configure.ac index 413913a7..f0eb24b8 100644 --- a/configure.ac +++ b/configure.ac @@ -454,7 +454,6 @@ AC_CHECK_HEADERS([ \ sys/ndir.h \ sys/poll.h \ sys/prctl.h \ - sys/procctl.h \ sys/pstat.h \ sys/ptrace.h \ sys/random.h \ @@ -1869,7 +1868,6 @@ AC_CHECK_FUNCS([ \ pledge \ poll \ prctl \ - procctl \ pselect \ pstat \ raise \ diff --git a/platform-tracing.c b/platform-tracing.c index 0daf2a86..4c80a282 100644 --- a/platform-tracing.c +++ b/platform-tracing.c @@ -17,9 +17,6 @@ #include "includes.h" #include <sys/types.h> -#ifdef HAVE_SYS_PROCCTL_H -#include <sys/procctl.h> -#endif #if defined(HAVE_SYS_PRCTL_H) #include <sys/prctl.h> /* For prctl() and PR_SET_DUMPABLE */ #endif @@ -36,13 +33,6 @@ void platform_disable_tracing(int strict) { -#if defined(HAVE_PROCCTL) && defined(PROC_TRACE_CTL) - /* On FreeBSD, we should make this process untraceable */ - int disable_trace = PROC_TRACE_CTL_DISABLE; - - if (procctl(P_PID, 0, PROC_TRACE_CTL, &disable_trace) && strict) - fatal("unable to make the process untraceable"); -#endif #if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE) /* Disable ptrace on Linux without sgid bit */ if (prctl(PR_SET_DUMPABLE, 0) != 0 && strict) The only callers seem to be in sftp-server.c grep platform_disable_tracing *.c platform-tracing.c:platform_disable_tracing(int strict) sftp-server.c: platform_disable_tracing(1); /* strict */ ssh-agent.c: platform_disable_tracing(0); /* strict=no */
More narrowing down. Most of my boxes run with security.bsd.see_other_uids=0 security.bsd.see_other_gids=0 I also added the patch from https://github.com/openssh/openssh-portable/commit/fff13aaa262b7b3ec83ed21e29674cbf331780a7 which adds the error message. The fatal error now shows fatal: unable to make the process untraceable: No such process
Created attachment 228716 [details] Attached diff fixes it for me Not sure if printing the pid out in the fatal is a good idea or not. I only added it in case it was still failing and wanted to see why
Thank you for working through it and working with upstream!
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=f4a5ae5fd8ee4948c8b7d1c9bfd0e07d33a8aa18 commit f4a5ae5fd8ee4948c8b7d1c9bfd0e07d33a8aa18 Author: Bryan Drewery <bdrewery@FreeBSD.org> AuthorDate: 2021-10-15 16:44:40 +0000 Commit: Bryan Drewery <bdrewery@FreeBSD.org> CommitDate: 2021-10-15 17:10:21 +0000 security/openssh-portable: Fix sftp crash This fixes an error trying to disabling process tracing. It has been sent upstream. PR: 259174 Submitted by: mike at sentex dot net security/openssh-portable/Makefile | 2 +- .../files/patch-platform-tracing.c (new) | 25 ++++++++++++++++++++++ 2 files changed, 26 insertions(+), 1 deletion(-)
For the record the sysctl restrictions only reveal the bug. It never worked for anyone for the goal of disabling the tracing of the current process.
Thanks for fixing the port so quickly!
I'm still seeing the error with OpenSSH 8.8.p1_1,1, which should have the included patch, even after a reboot. Any time I try to SFTP, the client just says "Connection closed" and the console says unable to make the process untraceable. What could be missing?