Note: This bug is displayed in read-only format because
the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Description of problem:
scp of openssh acts differently between RHEL9.0 and RHEL8.7. Is it a bug or
specification change on RHEL9.0 ? If it's specification change, any reasons for the change ?
Version-Release number of selected component (if applicable):
openssh-8.7p1-8.el9.x86_64
How reproducible:
Always occurs
Steps to Reproduce:
1. # useradd -m test
2. # mkdir -p /root/tmp
3. # chmod 1777 /root/tmp
4. # touch /root/tmp/test.txt
5. # chown test /root/tmp/test.txt
6. # { echo C0644 12 test.txt ; printf 'hello\ntest1\n'; printf \\000; } | scp -t /root/tmp
Actual results:
scp: /root/tmp/test.txt: Permission denied
scp: protocol error: expected control record
If "chmod 0777 /root/tmp", the result is same with RHEL8.7 and below.
Expected results:
On RHEL8.7 and below:
test.txt 100% 12 13.3KB/s 00:00
Additional info:
This looks a kernel question.
Try this one on RHEL9:
# echo 0 > /proc/sys/fs/protected_regular
The default value is 1 on RHEL9, and 0 on RHEL8.
The directory /root/tmp is created with sticky bit enabled, and it's affected by the parameter.
But, I don't make sense to use -t option of scp. Basically, it should be used in the sshd server side internally. The option is not written even in man scp.
Also, please make sure that the default value is more secure configuration.
From the parameter definition in kernel-doc:
protected_regular
-----------------
This protection is similar to protected_fifos, but it
avoids writes to an attacker-controlled regular file, where a program
expected to create one.
When set to "0", writing to regular files is unrestricted.
When set to "1" don't allow O_CREAT open on regular files that we
don't own in world writable sticky directories, unless they are
owned by the owner of the directory.
When set to "2" it also applies to group writable sticky directories.
Comment 3Dmitry Belyavskiy
2023-04-05 10:42:55 UTC
Sorry for the delayed reply.
The main change in OpenSSH between 8.x and 9.0 related to scp is switching to sftp protocol for scp transfer. I think the behavior change you see may be related to it. You can also check if specifying -O to enforce the SCP protocol fixes the issue for you. If it does, it's a sort of OpenSSH issue (though I'm not sure we need to fix it). Otherwise you should probably change the component for this issue.
I'm not aware if the protected_regular has different default value in RHEL 8.7 and 9.0.
Comment 4Dmitry Belyavskiy
2023-06-09 13:50:38 UTC
Description of problem: scp of openssh acts differently between RHEL9.0 and RHEL8.7. Is it a bug or specification change on RHEL9.0 ? If it's specification change, any reasons for the change ? Version-Release number of selected component (if applicable): openssh-8.7p1-8.el9.x86_64 How reproducible: Always occurs Steps to Reproduce: 1. # useradd -m test 2. # mkdir -p /root/tmp 3. # chmod 1777 /root/tmp 4. # touch /root/tmp/test.txt 5. # chown test /root/tmp/test.txt 6. # { echo C0644 12 test.txt ; printf 'hello\ntest1\n'; printf \\000; } | scp -t /root/tmp Actual results: scp: /root/tmp/test.txt: Permission denied scp: protocol error: expected control record If "chmod 0777 /root/tmp", the result is same with RHEL8.7 and below. Expected results: On RHEL8.7 and below: test.txt 100% 12 13.3KB/s 00:00 Additional info: