-
-
Notifications
You must be signed in to change notification settings - Fork 999
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Permission Error when using SSH kitten on FreeBSD #5928
Comments
That error indicates shm_unlink() is failing on your system. I am not |
Digging in to this, (and learning quite a bit about FreeBSD's shared memory APIs) I have discovered the issue. According to the man page for
In def create_shared_memory(data: Any, prefix: str) -> str:
import atexit
import json
import stat
from kitty.shm import SharedMemory
db = json.dumps(data).encode('utf-8')
with SharedMemory(size=len(db) + SharedMemory.num_bytes_for_size, mode=stat.S_IREAD, prefix=prefix) as shm:
shm.write_data_with_size(db)
shm.flush()
atexit.register(shm.unlink)
return shm.name The read only mode is later enforced in def read_data_from_shared_memory(shm_name: str) -> Any:
with SharedMemory(shm_name, readonly=True) as shm:
shm.unlink()
if shm.stats.st_uid != os.geteuid() or shm.stats.st_gid != os.getegid():
raise ValueError('Incorrect owner on pwfile')
mode = stat.S_IMODE(shm.stats.st_mode)
if mode != stat.S_IREAD:
raise ValueError('Incorrect permissions on pwfile')
return json.loads(shm.read_data_with_size()) Therefore, the cleanup code in def unlink(self) -> None:
"""Requests that the underlying shared memory block be destroyed.
In order to ensure proper cleanup of resources, unlink should be
called once (and only once) across all processes which have access
to the shared memory block."""
if self._name:
try:
shm_unlink(self._name)
except FileNotFoundError:
pass
self._name = '' cannot work on FreeBSD as implemented. I had to use posixshmcontrol with elevated permissions to clear out the list of orphaned shared objects. What would be the security ramifications of setting the owner |
kovidgoyal/kitty@5e645a7 fixes the password file creation, allowing it to be unlinked, but read_data_from_shared_memory/1 rejects the shared object if it is not read only, and will break the ssh kitten for all platforms. This change removes the read only check, relying only on the file ownership check. This fully fixes kovidgoyal#5928 Signed-off-by: Loren Schlomer <me@schlomie.com>
Good morning. I was hoping you or someone could point me in the right direction, or is this possibly a bug?
When attempting to use the SSH kitten on FreeBSD I am getting this error:
I am not sure as to what resource the kitty process is lacking permission in order to rectify this.
This is on kitty v0.26.5. Happens in every shell.
The text was updated successfully, but these errors were encountered: