2022-06-14 16:49:54 |
Boyuan Yang |
description |
On Ubuntu 22.04, proxychains-ng (version 4.16) doesn't work with ssh:
$ proxychains4 ssh git@github.com
[proxychains] config file found: /etc/proxychains4.conf
[proxychains] preloading /usr/lib/x86_64-linux-gnu/libproxychains.so.4
select2: Bad file descriptor
ssh: Could not resolve hostname github.com: Unknown error
Other commands (e.g.: wget) work with proxychains-ng correctly.
The Ubuntu 22.04 ships the proxychains-ng v4.16
https://packages.ubuntu.com/source/jammy/proxychains-ng
The following upstream patch fixed the bug:
https://github.com/rofl0r/proxychains-ng/commit/000000006265577643cdcdefbc94aef903ffaf5e
This patch should be backported to v4.16 and integrated into the next version of Ubuntu 22.04 proxychains-ng package. |
SRU Justification
=================
[ Impact ]
On Ubuntu 22.04, proxychains-ng (version 4.16) doesn't work with ssh:
$ proxychains4 ssh git@github.com
[proxychains] config file found: /etc/proxychains4.conf
[proxychains] preloading /usr/lib/x86_64-linux-gnu/libproxychains.so.4
select2: Bad file descriptor
ssh: Could not resolve hostname github.com: Unknown error
Other commands (e.g.: wget) work with proxychains-ng correctly.
This bug does not occur on Ubuntu 22.10 or earlier releases. It should
be treated as a regression.
Upstream bug report: https://github.com/rofl0r/proxychains-ng/issues/439
Upstream explanation:
> due to the new close_range syscall
> which was added in linux 5.9 and recently activated in glibc:
> https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=456b3c08b6fe78938af5d12b6869dc8c704696d6;hp=e186fc5a31e46f2cbf5ea1a75223b4412907f3d8
> https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=286286283e9bdc7ef894306e2dbcf4c115b97ba2
> this causes our close() hook to become ineffective and ssh closing our pipes to the dns lookup thread behind our back.
[ Test Plan ]
* Prepare pre-installed virutal machines running up-to-date Ubuntu 21.10, 22.04 and 22.10 (dev).
On each installed virtual machine:
0. Execute "sudo apt install proxychains4 ssh ; sudo systemctl start ssh".
1. Configure proxychains-ng to use socks5 connection by editing the last line of /etc/proxychains4.conf to be "socks5 127.0.0.1 1080".
2. Execute "ssh -D 1080 localhost".
3. In a new terminal emulator, execute "proxychains4 ssh git@github.com".
* On Ubuntu 21.10 (with proxychains-ng 4.14-3) and Ubuntu 22.10 (with proxychains-ng 4.16-2),
the following output is expected, indicating successful connection:
[proxychains] config file found: /etc/proxychains4.conf
[proxychains] preloading /usr/lib/x86_64-linux-gnu/libproxychains.so.4
[proxychains] DLL init: proxychains-ng 4.16
[proxychains] Strict chain ... 127.0.0.1:1080 ... github.com:22 ... OK
git@github.com: Permission denied (publickey).
Connection to github.com closed.
* On Ubuntu 22.04 (with proxychains-ng 4.16-1), the following output is expected,
indicating broken connection and regression:
[proxychains] config file found: /etc/proxychains4.conf
[proxychains] preloading /usr/lib/x86_64-linux-gnu/libproxychains.so.4
select2: Bad file descriptor
ssh: Could not resolve hostname github.com: Unknown error
4. In all systems, non-ssh proxychains connection should always success.
For example, executiong "proxychains4 wget https://github.com/" will always
finish successfully.
[ Fix ]
Upstream commit 000000006265577643cdcdefbc94aef903ffaf5e, present as
debian/patches/0003-Add-hook-to-close_range-function-solves-439.-0.patch
in proxchains-ng/4.16-2 upload. See
https://github.com/rofl0r/proxychains-ng/commit/000000006265577643cdcdefbc94aef903ffaf5e .
[ Where the problem could occur ]
* In the worst case, the patch provided by upstream could went wrong and
make non-ssh proxyhains connection to break as well.
* Proxychains-ng is a leaf package. No other packages will be affected
in any circumstances.
[ Other Info ]
* The fix is initially prepared by me (as Debian Developer) as Debian's
proxychains-ng/4.16-2.
* The fix is also tested on the Debian side. Since current Debian Sid
has a lower glibc version (2.33), the bug does not occur with any
proxychains-ng version.
----------------------------------------------------------------
On Ubuntu 22.04, proxychains-ng (version 4.16) doesn't work with ssh:
$ proxychains4 ssh git@github.com
[proxychains] config file found: /etc/proxychains4.conf
[proxychains] preloading /usr/lib/x86_64-linux-gnu/libproxychains.so.4
select2: Bad file descriptor
ssh: Could not resolve hostname github.com: Unknown error
Other commands (e.g.: wget) work with proxychains-ng correctly.
The Ubuntu 22.04 ships the proxychains-ng v4.16
https://packages.ubuntu.com/source/jammy/proxychains-ng
The following upstream patch fixed the bug:
https://github.com/rofl0r/proxychains-ng/commit/000000006265577643cdcdefbc94aef903ffaf5e
This patch should be backported to v4.16 and integrated into the next version of Ubuntu 22.04 proxychains-ng package. |
|