RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1008042 - sftp program has tty attributes setting problem
Summary: sftp program has tty attributes setting problem
Keywords:
Status: CLOSED DUPLICATE of bug 1010154
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: openssh
Version: 6.1
Hardware: All
OS: Linux
unspecified
medium
Target Milestone: rc
: ---
Assignee: Petr Lautrbach
QA Contact: BaseOS QE Security Team
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-09-13 22:51 UTC by wzis
Modified: 2015-02-11 08:57 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-02-11 08:57:27 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
OpenSSH Project 2155 0 None None None Never

Description wzis 2013-09-13 22:51:09 UTC 
Description of problem: the sftp program in RHEL 6.1/6.2/6.3/6.4 has a bug in tty settings.


Version-Release number of selected component (if applicable):
6.1/6.2/6.3/6.4, likely 6.0 and 6.5 but didn't test to confirm.

How reproducible:
Easy to reproduce.

Steps to Reproduce:
1. stty -echo
2. sftp user@server
3. key in pass as prompted.
4. cd /tmp
5. ls
6. bye
7. stty -a


Actual results:
The entered sftp sub-commands in step 4 to step 6 are visible, and the OS command entered after sftp in step 7 is also visible.


Expected results:
Those inputs entered in step 4 to step 7 shouldn't be visible.

Additional info:
RHEL 5.x doesn't have this issue, and Solaris/AIX/HP-UX sftp also do not have such problem.
Comment 2 wzis 2013-09-20 02:19:43 UTC 
this bug affect our security to let customer to download file using a menu: we wan t to hide the sftp sub-commands.
Comment 3 wzis 2013-09-20 05:44:33 UTC 
an developer from openssh has reproduced the issue when --with-libedit compilation setting is used and can't reproduce it when that is not in use. So confirmed the issue is with the 2.11 libedit.
Please fix the problem.
Comment 4 wzis 2013-09-21 03:41:15 UTC 
What's the real reason when you generate openssh RPM to include the "--with-libedit"? In RHEL 5.x, you didn't use the option, and openssh is working fine.
Other UNIX vendors' openssh also don't use libedit and have no such problem or other problems, so need to understand why you include the libedit and make openssh not able to control the tty setting properly?
Comment 5 Kamil Dudka 2013-09-21 12:27:42 UTC 
libedit implements the line editing user interface with history.  See bug 203009.
Comment 6 RHEL Program Management 2013-10-14 02:11:17 UTC 
This request was not resolved in time for the current release.
Red Hat invites you to ask your support representative to
propose this request, if still desired, for consideration in
the next release of Red Hat Enterprise Linux.
Comment 7 Jakub Jelen 2015-02-02 16:25:45 UTC 
Adding related openssh bug tracker where was some discussion about this topic in upstream, ubuntu and fedora.

Some observations:
 * on RHEL 6 sftp command (even failed) is resetting tty attributes
 * current Fedora and RHEL 7 are doing better and are NOT resetting tty attributes after sftp connection, but if I understand well, this is not the primary problem for you, but I consider it as a bug in rhel6 (they are not showing line 7)
 * All releases with libedit do show what is written in sftp prompt (ex. libedit-3.1-9.20141030cvs.fc22.x86_64)


Things learned:
 - Recompiling without -with-libedit helped, but I don't think this is a solution. There is problem in libedit initialization/temination, which is forcing you to have echo in your tty attributes (libedit-2.11-4.20080712cvs.1.el6.x86_64). Commit fixing save&restore of tty attributes in libedit is here (from openssh bugzilla):
http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libedit/tty.c.diff?r1=1.41&r2=1.42&sortby=date&f=h

 - Additionally I tried to the same use case with ssh instead of sftp and it works for me according to your specification _only_ in Fedora 21 (commands in remote shell are not shown). In RHEL 6, 7 and Fedora 20, everything in remove shell is visible. This issue can be solved using this patch from upstream:
https://anongit.mindrot.org/openssh.git/commit/?id=18912775cb97c0b1e75e838d3c7d4b56648137b5

 - For now, libedit doesn't accept given tty attributes, because there is no reason to have history without being written back to prompt. Possibilities:
 * It will be possible to make some workaround to ignore libedit if we don't have ECHO attribute on tty
 * or you can use as workaround input from some file instead of stdin (since you use it in some script if I'm right), because for nontty there is not initialized libedit
 * or to make some commandline option to disable libedit
Comment 8 Kamil Dudka 2015-02-02 16:53:04 UTC 
Jakub, please have a look at bug #1010154, there is a fix available for RHEL-6.
Comment 9 wzis 2015-02-02 20:26:04 UTC 
Jakub, thanks for working on this issue, and if the workaround can be implemented when tty has no ECHO, libedit will be ignored, that will be great.
Kamil, I checked the bug #1010154, but couldn't find the fix.
Comment 10 wzis 2015-02-02 21:32:14 UTC 
I only find the change made in 2013 to restore tty setting, but no further update in bug #1010154.
Comment 11 Jakub Jelen 2015-02-03 08:56:43 UTC 
Kamil, thank you for pointing me to this bugzilla, but why is it not yet in RHEL6? Patch is quite similar like the one I linked from upstream.
If I understand well, this is just a thing that is missing because someone was too lazy to put this line into 2008 tarball instead of a comment. I think this is quite reasonable change.

But still there is the question if the whole problem should be fixed in sftp or libedit. Should libedit overwrite tty attributes? The detection of ECHO attribute in sftp seems to me like ugly workaround, but detection in libedit after so many years may lead to regression with other use cases. Lets see Petr's opinion about this issue.
Comment 12 Kamil Dudka 2015-02-03 09:58:49 UTC 
(In reply to Jakub Jelen from comment #11)
> Kamil, thank you for pointing me to this bugzilla, but why is it not yet in
> RHEL6?

Bug #1010154 has not been approved by Product Management for inclusion in a minor update of RHEL.

> But still there is the question if the whole problem should be fixed in sftp
> or libedit. Should libedit overwrite tty attributes?

First off, the "whole problem" needs to be classified as a problem (or bug) by upstream developers.  Upstream has never confirmed there is a problem with the current behavior.
Comment 13 wzis 2015-02-03 10:49:33 UTC 
By common sense, if user wants to disable the tty ECHO, a program should allow that, otherwise there would be no way for user to take control of that behavior.
Comment 14 Petr Lautrbach 2015-02-11 08:57:27 UTC 
I consider this issue as duplicate of bug #1010154 which needs to be resolved in libedit first. With the  fixed libedit, openssh would behave reasonably.

*** This bug has been marked as a duplicate of bug 1010154 ***
Note You need to log in before you can comment on or make changes to this bug.