From owner-freebsd-security Wed Jul 24 8:34:54 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C38BC37B400; Wed, 24 Jul 2002 08:34:52 -0700 (PDT) Received: from chiark.greenend.org.uk (chiark.greenend.org.uk [212.135.138.206]) by mx1.FreeBSD.org (Postfix) with ESMTP id A70E143E42; Wed, 24 Jul 2002 08:34:50 -0700 (PDT) (envelope-from fanf@chiark.greenend.org.uk) Received: from fanf by chiark.greenend.org.uk with local (Exim 3.12 #1) id 17XOA3-0007tG-00 (Debian); Wed, 24 Jul 2002 16:34:47 +0100 Date: Wed, 24 Jul 2002 16:34:47 +0100 From: Tony Finch To: des@freebsd.org, dinoex@freebsd.org Cc: dot@dotat.at, freebsd-security@freebsd.org Subject: sshd privsep dns lookup bug Message-ID: <20020724163447.B8886@chiark.greenend.org.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org The call to get_canonical_hostname() at line 145 of the FreeBSD version of openssh-portable causes problems with privilege separation. It happens to be the first call to the resolver, but because the code is running chrooted at that point, it cannot read /etc/resolv.conf so fails to initialize itself correctly. This causes the DNS lookup to fail, and in some configurations to hang for half a minute. Tony. -- f.a.n.finch http://dotat.at/ BISCAY: WESTERLY 3 OR 4. DRIZZLE AT FIRST, AND AGAIN LATER. MODERATE OR GOOD, BUT POOR IN DRIZZLE. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message