Date: Mon, 3 Mar 2014 13:29:59 -0800 From: Kevin Oberman <rkoberman@gmail.com> To: Greg Rivers <gcr+freebsd-stable@tharned.org> Cc: Mike Jakubik <mike.jakubik@intertainservices.com>, Andrey Chernov <ache@freebsd.org>, FreeBSD Stable ML <stable@freebsd.org>, des@freebsd.org Subject: Re: openssh in stable-10 broken config or sandbox Message-ID: <CAN6yY1sm3EYW5fnzH1HbU-CzzkT7Dyr5LovaLQWWkLdMqHEn3A@mail.gmail.com> In-Reply-To: <alpine.BSF.2.00.1403031430380.20838@badger.tharned.org> References: <531184A8.4050909@freebsd.org> <53118E9C.5030804@freebsd.org> <5314D1F9.20909@intertainservices.com> <CAN6yY1tvr7F739%2BRxiVu8MjHo399=4VPHF9zw8WWKq16bMKVcA@mail.gmail.com> <alpine.BSF.2.00.1403031430380.20838@badger.tharned.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Mar 3, 2014 at 12:38 PM, Greg Rivers <gcr+freebsd-stable@tharned.org > wrote: > On Mon, 3 Mar 2014, Kevin Oberman wrote: > > On Mon, Mar 3, 2014 at 11:03 AM, Mike Jakubik < >> mike.jakubik@intertainservices.com> wrote: >> >> On 03/01/14 02:39, Andrey Chernov wrote: >>> >>> On 01.03.2014 10:56, Andrey Chernov wrote: >>>> >>>> Hi. >>>>> Default /etc/ssh/sshd_config have >>>>> #UsePrivilegeSeparation sandbox >>>>> I.e. 'sandbox' by default. It breaks logins with error: >>>>> sshd[81721]: fatal: ssh_sandbox_child: failed to limit the network >>>>> socket [preauth] >>>>> Fixed by using old way, i.e. direct >>>>> UsePrivilegeSeparation yes >>>>> instead of 'sandbox'. Please fix this bug. >>>>> >>>>> Just find that capsicum is required now for default (i.e. sandbox) >>>> mode. >>>> Don't think it is wise move, people may lost remote connections that >>>> way, at least UPDATING entry is needed, but check for WITHOUT_CAPSICUM >>>> for defaults will be better. >>>> >>>> >>>> Personally I find this to be a monumental screw up, such a drastic >>> change >>> and not even so much as an entry in UPDATING, what ever happened to POLA? >>> >>> >> +1 >> >> I didn't get bitten by this by the good fortune of seeing the first >> message >> on this issue just minutes after I updated my system. Saw the change in >> mergemaster, so immediately edited the installed file back to "yes". But, >> if this had been a remote server, I would have been in deep weeds. This is >> simply not acceptable practice! >> >> > Not to disagree, but I think we should tone down the flogging of a person > who's working hard to make FreeBSD better. I'm sure this wasn't > intentional, and the change probably passed all of his tests. If this were > -RELEASE, I might feel differently, but it is -STABLE after all. I do > certainly agree that an UPDATING entry would have been warranted. > > -- > Greg > It was clearly intentional as it was specifically mentioned in the commit message. Oversights happen and I don't have a problem with that. If DES just didn't think about the fact that it would break sshd if capsicum was not available, that happens. I've made bigger mistakes, probably this week. The problem is that the change was not rolled back and no entry was made to UPDATING. It's been over 4 days and, even if DES is tied up and has not seen the issue, someone should have added t note to UPDATING so people have some warning that sshd will break in most cases if they just accept the change to sshd.conf. (Yes, it is not obvious who should have done this, but lots of folks have access to update UPDATING.) Lots of folks use STABLE in production. It's not HEAD and every effort is supposed to be made to not break things, or at least warn people if something will break running systems. -- R. Kevin Oberman, Network Engineer, Retired E-mail: rkoberman@gmail.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAN6yY1sm3EYW5fnzH1HbU-CzzkT7Dyr5LovaLQWWkLdMqHEn3A>