Bug 2179723
| Summary: | scp of openssh acts differently between RHEL9.0 and RHEL8.7 | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 9 | Reporter: | Yanmin Liu <yanmliu> |
| Component: | openssh | Assignee: | Dmitry Belyavskiy <dbelyavs> |
| Status: | CLOSED WORKSFORME | QA Contact: | BaseOS QE Security Team <qe-baseos-security> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 9.0 | CC: | jjelen |
| Target Milestone: | rc | Keywords: | Triaged |
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2023-06-09 13:50:38 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
This looks a kernel question. Try this one on RHEL9: # echo 0 > /proc/sys/fs/protected_regular The default value is 1 on RHEL9, and 0 on RHEL8. The directory /root/tmp is created with sticky bit enabled, and it's affected by the parameter. But, I don't make sense to use -t option of scp. Basically, it should be used in the sshd server side internally. The option is not written even in man scp. Also, please make sure that the default value is more secure configuration. From the parameter definition in kernel-doc: protected_regular ----------------- This protection is similar to protected_fifos, but it avoids writes to an attacker-controlled regular file, where a program expected to create one. When set to "0", writing to regular files is unrestricted. When set to "1" don't allow O_CREAT open on regular files that we don't own in world writable sticky directories, unless they are owned by the owner of the directory. When set to "2" it also applies to group writable sticky directories. Sorry for the delayed reply. The main change in OpenSSH between 8.x and 9.0 related to scp is switching to sftp protocol for scp transfer. I think the behavior change you see may be related to it. You can also check if specifying -O to enforce the SCP protocol fixes the issue for you. If it does, it's a sort of OpenSSH issue (though I'm not sure we need to fix it). Otherwise you should probably change the component for this issue. I'm not aware if the protected_regular has different default value in RHEL 8.7 and 9.0. Looks like it's not an OpenSSH issue. Closing. |
Description of problem: scp of openssh acts differently between RHEL9.0 and RHEL8.7. Is it a bug or specification change on RHEL9.0 ? If it's specification change, any reasons for the change ? Version-Release number of selected component (if applicable): openssh-8.7p1-8.el9.x86_64 How reproducible: Always occurs Steps to Reproduce: 1. # useradd -m test 2. # mkdir -p /root/tmp 3. # chmod 1777 /root/tmp 4. # touch /root/tmp/test.txt 5. # chown test /root/tmp/test.txt 6. # { echo C0644 12 test.txt ; printf 'hello\ntest1\n'; printf \\000; } | scp -t /root/tmp Actual results: scp: /root/tmp/test.txt: Permission denied scp: protocol error: expected control record If "chmod 0777 /root/tmp", the result is same with RHEL8.7 and below. Expected results: On RHEL8.7 and below: test.txt 100% 12 13.3KB/s 00:00 Additional info: