Bug 604111

Summary: /etc/issue "Kernel \r on an \m" not working as intended?
Product: Red Hat Enterprise Linux 5 Reporter: David Barr <redhat>
Component: opensshAssignee: Jan F. Chadima <jchadima>
Status: CLOSED NOTABUG QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: low Docs Contact:
Priority: low    
Version: 5.4CC: dmach
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-06-16 05:11:31 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description David Barr 2010-06-15 13:00:27 UTC
##### Description of problem:

I just did an upgrade from 5.3 to 5.4. (I don't have 5.5 to test against. Sorry!) In this particular environment, /etc/ssh/sshd_config has "Banner /etc/issue" uncommented. So, for the first time in a long time, I see the Banner message on login. In that login banner message, I see

"Red Hat Enterprise Linux Server release 5.4 (Tikanga)"
"Kernel \r on an \m" 

When I look at /etc/issue, itself, I see the same two lines.

So, what's up with the "\r" and "\m"?

##### Version-Release number of selected component (if applicable):

redhat-release-5Server-5.4.0.3

##### How reproducible:

Always when /etc/issue has those strings.

##### Steps to Reproduce:

1. Uncomment and set "Banner /etc/issue" in /etc/ssh/sshd_config
2. "/etc/init.d/sshd resstart"
3. Log out/Log in. Get the two lines as a banner message.
  
##### Actual results:

"Red Hat Enterprise Linux Server release 5.4 (Tikanga)"
"Kernel \r on an \m" 

##### Expected results:

I think something is supposed to perform variable substitution on those two escaped (Are they escape strings?) characters, to show 

##### Additional info:

Ah! And, I just found the same /etc/issue, allowing for a different OS version, on a 5.3 box to test on:

"Red Hat Enterprise Linux Server release 5.3 (Tikanga)"
"Kernel \r on an \m"

That's redhat-release-5Server-5.3.0.3, with the same oddity.

Okay, so what am I really doing, here? Nothing important, really. This isn't even remotely a show stopper for any client I work with. This is more for my curiosity, and because Google searches have nothing to say about Red Hat's /etc/issue file and this line in it. So, really, this is about me setting up a Google result that says "No, you're not the only person who noticed this..."

Thanks for a great OS!

Comment 1 Daniel Mach 2010-06-15 13:23:07 UTC
I don't think the problem is in /etc/issue.
It's probably in how sshd processes it.

Reassigning to openssh package.


BTW, if I was admin, I wouldn't expose kernel version to anyone who can initiate ssh connection ...

Comment 2 David Barr 2010-06-15 22:11:21 UTC
Heh. Mine is not to question why /etc/issue was exposed. :)

When I get back to the office, I'll test against telnetd in an environment where I can do that, and update whether this is ssh specific.

(In reply to comment #1)
> I don't think the problem is in /etc/issue.
> It's probably in how sshd processes it.
> 
> Reassigning to openssh package.
> 
> 
> BTW, if I was admin, I wouldn't expose kernel version to anyone who can
> initiate ssh connection ...

Comment 3 Jan F. Chadima 2010-06-16 05:11:31 UTC
It's intentional the supposed use of issue is to write to potential attacker something like "YOU will be prosecuted according to law ...." but not "You are welcome, our kernel bugs are ....."