[Bug 1025418] Re: Using ProxyCommand w/a non-existant host results in infinite spawns.

Olivier Contant 1025418 at bugs.launchpad.net
Wed Feb 12 12:18:15 UTC 2020 

I'm sorry to revive this old topic. I'm astonished that after 8 years,
it hasn't been fixed.


I would like to push this up once more. The reason is any user interaction that is not by designed suppose to happen, should be considered a user experience bug and fixed.

Crafting a fork bomb by design is out of the scope of this context. One
is a malicious conscious creation of a piece of code, while a user
misconfiguration is not.

It is easily preventable by creating a hardcoded automatic implicit
exclusion of the gateway. It is not normal that a user could create a
recursive infinite loop with a piece of configuration like this. We are
responsible to protect the user in such a case.


The issue is not limited to Ubuntu, but to all systems that embedded OpenSSH. It should, therefore, be pushed upstream.  I have sent an email to the OpenSSH developer mailing list and it would be welcome if Ubuntu were to request a fix as well. I will do the same request at RedHat. 


Thank you for your cooperation.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1025418

Title:
  Using ProxyCommand w/a non-existant host results in infinite spawns.

Status in openssh package in Ubuntu:
  Invalid

Bug description:
  Version: OpenSSH_5.9p1 Debian-5ubuntu1, OpenSSL 1.0.1 14 Mar 2012
  Package: openssh-client

  Today we discovered a possible bug in the OpenSSH-Client package
  (openssh) that happens when you enable ProxyCommand with a non-
  existant hostname.  This bug is easily replicated with the default
  example in /etc/ssh/ssh_config.  If one uncomments that line and then
  for example tries to push via Git SSH you end up with SSH spawning
  over and over and over again as seein the attached screenshot.

  I have flagged this as a security bug (but ultimately it's up to ya'll
  if it is) because any user can do this and take down any server quite
  easily by adding add a bad ProxyCommand to their ~/.ssh/config.  I was
  able to take out one of my personal servers (which happens to be a
  pretty big server) within a few minutes.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1025418/+subscriptions

More information about the foundations-bugs mailing list