Date: Sun, 30 Aug 2009 09:34:54 +1000 From: Peter Jeremy <peterjeremy@optushome.com.au> To: freebsd-current@freebsd.org, freebsd-amd64@freebsd.org Subject: Re: sshd failing in jail Message-ID: <20090829233454.GA13036@server.vk2pj.dyndns.org> In-Reply-To: <20090824193344.GA34949@server.vk2pj.dyndns.org> References: <20090824193344.GA34949@server.vk2pj.dyndns.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--tKW2IUtsqtDRztdT Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable [Redirected to amd64 because this is an amd64 kernel bug] On 2009-Aug-25 05:33:44 +1000, Peter Jeremy <peterjeremy@optushome.com.au> = wrote: >I am attempting to build an i386 jail on an amd64 box to build >packages for my netbook. The host is running -current from just over >two weeks ago and the jail is -current from early June. The jail was >built by doing a dump|restore of my netbook and then tweaking various >config files to give it a new identity. The jail's devfs is using >"devfsrules_jail" from /etc/default/devfs.rules. > >The jail starts OK but when I attempt to ssh into it, I just get >"Connection closed by <jail IP address>". Turns out this is a bug in the 32-bit select(2) wrapper on 64-bit kernels. The userland fd_set arguments are not wrapped but passed directly to kern_select(). Unfortunately, fd_set is (effectively) an array of longs which means kern_select() assumes fd_set is a multiple of 8-bytes whilst userland assumes it is a multiple of 4 bytes. As a result, the kernel can over-write an extra 4 bytes of user memory. In the case of sshd, this causes part of the RSA host key to be trashed when privilege separation mode is enabled. This bug also affects linux emulation on amd64 and potentially affects any other 64-bit kernels with 32-bit emulation modes. I have raised amd64/138318 to cover it. --=20 Peter Jeremy --tKW2IUtsqtDRztdT Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (FreeBSD) iEYEARECAAYFAkqZux4ACgkQ/opHv/APuIeYNgCcDkwu+czNYx1NpLgdYxPEcaSB IFsAnRdl65DvrBRiNZL7dK10VisqwEfL =kgvG -----END PGP SIGNATURE----- --tKW2IUtsqtDRztdT--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090829233454.GA13036>