ssshuttle server fails to connect endpoints with python 3.8
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Sshuttle |
Fix Released
|
Unknown
|
|||
sshuttle (Debian) |
Fix Released
|
Unknown
|
|||
sshuttle (Ubuntu) |
Fix Released
|
High
|
Unassigned | ||
Xenial |
Fix Released
|
High
|
Unassigned | ||
Bionic |
Fix Released
|
High
|
Unassigned | ||
Focal |
Fix Released
|
High
|
Felipe Reyes | ||
Groovy |
Fix Released
|
High
|
Unassigned |
Bug Description
[Impact]
sshuttle fails to connect to a remote system with python >= 3.8, or (after initial patch) to remote system with python <= 3.4.
[Test Case]
connect from a system with sshuttle installed to a remote system, in all combinations (t/x/b/f/g with sshuttle to remote t/x/b/f/g system). All combinations should work.
The first failure, connecting to remote systems with python >= 3.8, will fail like:
$ sshuttle -r ubuntu@{ip-addr} {subnet-1}
assembler.py:3: DeprecationWarning: the imp module is deprecated in favour of importlib; see the module's documentation for alternative uses
client: Connected.
Traceback (most recent call last):
File "<string>", line 1, in <module>
File "assembler.py", line 38, in <module>
File "sshuttle.server", line 298, in main
File "/usr/lib/
return socket(family, type, proto, nfd)
File "/usr/lib/
_socket.
OSError: [Errno 88] Socket operation on non-socket
client: fatal: server died with error code 1
The second failure, connecting to remote systems with python <= 3.4, will fail like:
Traceback (most recent call last):
File "<string>", line 1, in <module>
File "assembler.py", line 39, in <module>
File "sshuttle.server", line 400, in main
File "sshuttle.ssnet", line 598, in runonce
File "sshuttle.ssnet", line 488, in callback
File "sshuttle.ssnet", line 437, in flush
AttributeError: 'module' object has no attribute 'set_blocking'
client: fatal: server died with error code 1
[Regression Potential]
any regression would likely cause problems at connection initialization, i.e. when connecting from the sshuttle system to the remote system. it's unlikely this would cause any regression that occurs after the initial setup has been completed.
[scope]
First, I'll note this regression illustrates the importance of the [scope] section, and why I always include it in my SRUs...
tl;dr for scope is 2 fixes are needed (work with remote py >= 3.8 and work with remote py <= 3.4), and both fixes are needed in sshuttle for all releases.
details:
this is needed for all releases; x, b, f, and g. However there are 2 parts to fixing this; the first part is fixing sshuttle connecting from any release to a system with python >= 3.8. That is done for g, and in proposed for f, and not done for b or x. The second part is to correct the first patch's regression to allow sshuttle connecting from any release to a system with python <= 3.4. That is needed for x, b, f, and g.
a good scope table from @smoser is in comment 26.
[Other Info]
https:/
https:/
https:/
[Original Description]
Client
$ python3 --version
Python 3.8.2
$ lsb_release -rd
Description: Ubuntu Focal Fossa (development branch)
Release: 20.04
$ apt-cache policy sshuttle
sshuttle:
Installed: 0.78.5-1
Candidate: 0.78.5-1
Server
$ python3 --version
Python 3.8.2
$ lsb_release -rd
Description: Ubuntu 20.04 LTS
Release: 20.04
$ apt-cache policy openssh-server
openssh-server:
Installed: 1:8.2p1-4
Candidate: 1:8.2p1-4
$ sshuttle -r ubuntu@{ip-addr} {subnet-1} {subnet-2}
assembler.py:3: DeprecationWarning: the imp module is deprecated in favour of importlib; see the module's documentation for alternative uses
client: Connected.
Traceback (most recent call last):
File "<string>", line 1, in <module>
File "assembler.py", line 38, in <module>
File "sshuttle.server", line 298, in main
File "/usr/lib/
return socket(family, type, proto, nfd)
File "/usr/lib/
_socket.
OSError: [Errno 88] Socket operation on non-socket
client: fatal: server died with error code 1
The sshuttle upstream tracker is issue#381 [0]. They are waiting on a response to bpo#39685 [1].
This regression was introduced in python 3.8 by bpo#35415 [2], which restricts socket.fromfd() calls to provide valid socket family file descriptors.
[0] https:/
[1] https:/
[2] https:/
Related branches
- Dan Streetman (community): Needs Fixing
- git-ubuntu developers: Pending requested
-
Diff: 135 lines (+47/-20)2 files modifieddebian/changelog (+7/-0)
debian/patches/0001-compatibility-with-python38.patch (+40/-20)
tags: | added: seg |
Changed in sshuttle (Ubuntu): | |
importance: | Undecided → High |
Changed in sshuttle (Ubuntu): | |
status: | New → Confirmed |
Changed in sshuttle (Ubuntu Focal): | |
status: | New → Confirmed |
importance: | Undecided → High |
Changed in sshuttle (Ubuntu Focal): | |
assignee: | nobody → Dan Hill (hillpd) |
Changed in sshuttle (Ubuntu Groovy): | |
assignee: | nobody → Dan Hill (hillpd) |
Changed in sshuttle (Debian): | |
status: | Unknown → Confirmed |
Changed in sshuttle (Debian): | |
status: | Confirmed → Fix Released |
description: | updated |
description: | updated |
Changed in sshuttle (Ubuntu Focal): | |
assignee: | Dan Hill (hillpd) → Felipe Reyes (freyes) |
tags: | added: sts-sponsor-slashd |
tags: |
added: sts removed: sts-sponsor-slashd |
description: | updated |
tags: | removed: regression-proposed |
Changed in sshuttle: | |
status: | Unknown → New |
description: | updated |
Changed in sshuttle (Ubuntu Groovy): | |
status: | Fix Released → In Progress |
Changed in sshuttle (Ubuntu Focal): | |
status: | Fix Committed → In Progress |
Changed in sshuttle (Ubuntu Bionic): | |
status: | New → In Progress |
Changed in sshuttle (Ubuntu Xenial): | |
status: | New → In Progress |
Changed in sshuttle (Ubuntu Bionic): | |
importance: | Undecided → High |
Changed in sshuttle (Ubuntu Xenial): | |
importance: | Undecided → High |
Changed in sshuttle: | |
status: | New → Fix Released |
The python docs [0] indicate that the file descriptor should be a socket:
"The file descriptor should refer to a socket, but this is not checked — subsequent operations on the object may fail if the file descriptor is invalid."
The docs do need to be corrected. bpo#35415 now explicitly checks fd to ensure they are sockets.
The fix for this issue likely needs to be in sshuttle, not python.
[0] https:/ /docs.python. org/3/library/ socket. html#socket. fromfd