Skip to content

Commit

Permalink
A signal handler in sshd(8) may call a logging function that is not a…
Browse files Browse the repository at this point in the history 
…sync-

signal-safe.  The signal handler is invoked when a client does not
authenticate within the LoginGraceTime seconds (120 by default).  This signal
handler executes in the context of the sshd(8)'s privileged code, which is
not sandboxed and runs with full root privileges.

This issue is another instance of the problem in CVE-2024-6387 addressed by
FreeBSD-SA-24:04.openssh.  The faulty code in this case is from the
integration of blacklistd in OpenSSH

Obtained from: FreeBSD
  • Loading branch information
@laffer1
laffer1 committed Aug 8, 2024
1 parent 9e39fe4 commit fff0afc
Showing 1 changed file with 0 additions and 2 deletions.
2 changes: 0 additions & 2 deletions crypto/openssh/sshd.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -377,8 +377,6 @@ grace_alarm_handler(int sig)
kill(0, SIGTERM);
}

BLACKLIST_NOTIFY(the_active_state, BLACKLIST_AUTH_FAIL, "ssh");

/* Log error and exit. */
sigdie("Timeout before authentication for %s port %d",
ssh_remote_ipaddr(the_active_state),
Expand Down

0 comments on commit fff0afc

Please sign in to comment.