Bug 259174 - security/openssh-portable: 8.8 sftp issue (fatal: unable to make the process untraceable)
Summary: security/openssh-portable: 8.8 sftp issue (fatal: unable to make the process ...
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: amd64 Any
: --- Affects Some People
Assignee: Bryan Drewery
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-10-14 22:51 UTC by mike
Modified: 2021-10-15 17:21 UTC (History)
3 users (show)

See Also:


Attachments
Attached diff fixes it for me (1.74 KB, patch)
2021-10-15 10:14 UTC, mike
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description mike 2021-10-14 22:51:29 UTC
Using a sshd_config from portable 8.7, my RELENG_12 and RELENG_13 sftp servers are no longer working as the connection errors out with
internal-sftp[85599]: fatal: unable to make the process untraceable

The same setup works fine with 8.7. 


With an almost default config

% diff sshd_config sshd_config.sample 
30c30
< LogLevel VERBOSE
---
> #LogLevel INFO
105c105
< #VersionAddendum FreeBSD-openssh-portable-8.7.p1,1
---
> #VersionAddendum FreeBSD-openssh-portable-8.8.p1,1

a simple sftp localhost errors out with 

sftp-server[89445]: fatal: unable to make the process untraceable

after authentication is done
Comment 1 mike 2021-10-14 23:13:03 UTC
I am able to get it working with this bruteforce patch

--- work-default/openssh-8.8p1/platform-tracing.c.prev  2021-09-26 10:03:19.000000000 -0400
+++ work-default/openssh-8.8p1/platform-tracing.c       2021-10-14 19:09:57.683251000 -0400
@@ -41,7 +41,7 @@
        int disable_trace = PROC_TRACE_CTL_DISABLE;
 
        if (procctl(P_PID, 0, PROC_TRACE_CTL, &disable_trace) && strict)
-               fatal("unable to make the process untraceable");
+               verbose("unable to make the process untraceable");
 #endif
 #if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE)
        /* Disable ptrace on Linux without sgid bit */
Comment 2 mike 2021-10-15 00:02:58 UTC
This commit from Sept 8th 20201 seemed to introduce it. 

git diff 2d678c5e3bdc2f5c99f7af5122e9d054925d560d 73050fa38fb36ae3326d768b574806352b97002d
diff --git a/configure.ac b/configure.ac
index 413913a7..f0eb24b8 100644
--- a/configure.ac
+++ b/configure.ac
@@ -454,7 +454,6 @@ AC_CHECK_HEADERS([ \
        sys/ndir.h \
        sys/poll.h \
        sys/prctl.h \
-       sys/procctl.h \
        sys/pstat.h \
        sys/ptrace.h \
        sys/random.h \
@@ -1869,7 +1868,6 @@ AC_CHECK_FUNCS([ \
        pledge \
        poll \
        prctl \
-       procctl \
        pselect \
        pstat \
        raise \
diff --git a/platform-tracing.c b/platform-tracing.c
index 0daf2a86..4c80a282 100644
--- a/platform-tracing.c
+++ b/platform-tracing.c
@@ -17,9 +17,6 @@
 #include "includes.h"
 
 #include <sys/types.h>
-#ifdef HAVE_SYS_PROCCTL_H
-#include <sys/procctl.h>
-#endif
 #if defined(HAVE_SYS_PRCTL_H)
 #include <sys/prctl.h> /* For prctl() and PR_SET_DUMPABLE */
 #endif
@@ -36,13 +33,6 @@
 void
 platform_disable_tracing(int strict)
 {
-#if defined(HAVE_PROCCTL) && defined(PROC_TRACE_CTL)
-       /* On FreeBSD, we should make this process untraceable */
-       int disable_trace = PROC_TRACE_CTL_DISABLE;
-
-       if (procctl(P_PID, 0, PROC_TRACE_CTL, &disable_trace) && strict)
-               fatal("unable to make the process untraceable");
-#endif
 #if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE)
        /* Disable ptrace on Linux without sgid bit */
        if (prctl(PR_SET_DUMPABLE, 0) != 0 && strict)



The only callers seem to be in sftp-server.c

grep platform_disable_tracing *.c
platform-tracing.c:platform_disable_tracing(int strict)
sftp-server.c:  platform_disable_tracing(1);    /* strict */
ssh-agent.c:    platform_disable_tracing(0);    /* strict=no */
Comment 3 mike 2021-10-15 02:20:30 UTC
More narrowing down. Most of my boxes run with 

security.bsd.see_other_uids=0
security.bsd.see_other_gids=0

I also added the patch from 
https://github.com/openssh/openssh-portable/commit/fff13aaa262b7b3ec83ed21e29674cbf331780a7

which adds the error message. The fatal error now shows


fatal: unable to make the process untraceable: No such process
Comment 4 mike 2021-10-15 10:14:01 UTC
Created attachment 228716 [details]
Attached diff fixes it for me

Not sure if printing the pid out in the fatal is a good idea or not. I only added it in case it was still failing and wanted to see why
Comment 5 Bryan Drewery freebsd_committer 2021-10-15 17:10:30 UTC
Thank you for working through it and working with upstream!
Comment 6 commit-hook freebsd_committer 2021-10-15 17:10:57 UTC
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=f4a5ae5fd8ee4948c8b7d1c9bfd0e07d33a8aa18

commit f4a5ae5fd8ee4948c8b7d1c9bfd0e07d33a8aa18
Author:     Bryan Drewery <bdrewery@FreeBSD.org>
AuthorDate: 2021-10-15 16:44:40 +0000
Commit:     Bryan Drewery <bdrewery@FreeBSD.org>
CommitDate: 2021-10-15 17:10:21 +0000

    security/openssh-portable: Fix sftp crash

    This fixes an error trying to disabling process tracing.

    It has been sent upstream.

    PR:             259174
    Submitted by:   mike at sentex dot net

 security/openssh-portable/Makefile                 |  2 +-
 .../files/patch-platform-tracing.c (new)           | 25 ++++++++++++++++++++++
 2 files changed, 26 insertions(+), 1 deletion(-)
Comment 7 Bryan Drewery freebsd_committer 2021-10-15 17:11:13 UTC
For the record the sysctl restrictions only reveal the bug. It never worked for anyone for the goal of disabling the tracing of the current process.
Comment 8 mike 2021-10-15 17:21:48 UTC
Thanks for fixing the port so quickly!