-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ssh (and thus git) doesn't work anymore with proxydns and latest glibc #439
Comments
closed by 0000000 |
Still happenning on CentOS Stream release 9 (WSL): > pc ssh git@github.com
[proxychains] config file found: /etc/proxychains.conf
[proxychains] preloading /usr/local/lib/libproxychains4.so
[proxychains] DLL init: proxychains-ng 4.16-git-7-g916d2d7
select2: Bad file descriptor
ssh: Could not resolve hostname github.com: Unknown error |
does it work on "CentOS Stream release 9" without WSL ? WSL isnt explicitly supported and it might do some things differently or even give bogus results for some syscalls. |
does the problematic binary contain close_range references ? (you can check with objdump, readelf, etc) |
@rofl0r Yes. I compiled from source with the latest git repo. I have a reproduce in my fresh CentOS 9 VM. If you want to connect to my VM and do some debugging, you could share your SSH public key or email address so I can send you login credentials. |
i was talking about ssh binary, not proxychains.
let's chat about that on IRC channel mentioned in README |
UPDATE:
using IP:
|
After some debugging, I found why proxychains can't work in CentOS but work normally in Archlinux.
|
due to the new close_range syscall
which was added in linux 5.9 and recently activated in glibc:
https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=456b3c08b6fe78938af5d12b6869dc8c704696d6;hp=e186fc5a31e46f2cbf5ea1a75223b4412907f3d8
https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=286286283e9bdc7ef894306e2dbcf4c115b97ba2
this causes our close() hook to become ineffective and ssh closing our pipes to the dns lookup thread behind our back.
until we add a hook for close_range, the issue can be mitigated by either using the new
proxydns_daemon
mode, or by compiling openssh from source configured as follows:./configure ac_cv_func_close_range=no
The text was updated successfully, but these errors were encountered: