What is Nostr?
Hector Martin /
npub1qk9…azpx
2024-07-02 07:49:12

Hector Martin on Nostr: OpenSSH CVE-2024-6387 mitigation (on Fedora):echo 'OPTIONS=-e' | sudo tee -a ...

OpenSSH CVE-2024-6387 mitigation (on Fedora):echo 'OPTIONS=-e' | sudo tee -a /etc/sysconfig/sshd && sudo systemctl restart sshd



I have no idea why Qualys didn't mention this. The only non-async-safe function called by the vulnerable signal handler is syslog(). So just turn off syslog and log to stderr. On systemd distros, this still ends up in the journal anyway, so you lose nothing.

I confirmed that the message at the root of the issue is logged to stderr and not syslog with this option:<code>[pid 638194] --- SIGALRM {si_signo=SIGALRM, si_code=SI_KERNEL} ---<br>[pid 638194] getpgid(0) = 638194<br>[pid 638194] getpid() = 638194<br>[pid 638194] rt_sigaction(SIGTERM, {sa_handler=SIG_IGN, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTART}, {sa_handler=SIG_DFL, sa_mask=~[KILL STOP RTMIN RT_1], sa_flags=SA_RESTART}, 8) = 0<br>[pid 638194] kill(0, SIGTERM) = 0<br>[pid 638194] getpid() = 638194<br>[pid 638194] write(2, "Timeout before authentication for 192.168.21.10 port 37734\r\n", 60) = 60<br>[pid 638194] exit_group(1) = ?<br>[pid 638194] +++ exited with 1 +++<br></code>
Author Public Key
npub1qk9x6yrvten3jqyvundn7exggm90fxf9yfarj5eaz25yd7aty8hqe9azpx