Bug 604111 - /etc/issue "Kernel \r on an \m" not working as intended?
/etc/issue "Kernel \r on an \m" not working as intended?
Status: CLOSED NOTABUG
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: openssh (Show other bugs)
5.4
All Linux
low Severity low
: rc
: ---
Assigned To: Jan F. Chadima
BaseOS QE Security Team
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2010-06-15 09:00 EDT by David Barr
Modified: 2010-06-16 01:11 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-06-16 01:11:31 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description David Barr 2010-06-15 09:00:27 EDT
##### Description of problem:

I just did an upgrade from 5.3 to 5.4. (I don't have 5.5 to test against. Sorry!) In this particular environment, /etc/ssh/sshd_config has "Banner /etc/issue" uncommented. So, for the first time in a long time, I see the Banner message on login. In that login banner message, I see

"Red Hat Enterprise Linux Server release 5.4 (Tikanga)"
"Kernel \r on an \m" 

When I look at /etc/issue, itself, I see the same two lines.

So, what's up with the "\r" and "\m"?

##### Version-Release number of selected component (if applicable):

redhat-release-5Server-5.4.0.3

##### How reproducible:

Always when /etc/issue has those strings.

##### Steps to Reproduce:

1. Uncomment and set "Banner /etc/issue" in /etc/ssh/sshd_config
2. "/etc/init.d/sshd resstart"
3. Log out/Log in. Get the two lines as a banner message.
  
##### Actual results:

"Red Hat Enterprise Linux Server release 5.4 (Tikanga)"
"Kernel \r on an \m" 

##### Expected results:

I think something is supposed to perform variable substitution on those two escaped (Are they escape strings?) characters, to show 

##### Additional info:

Ah! And, I just found the same /etc/issue, allowing for a different OS version, on a 5.3 box to test on:

"Red Hat Enterprise Linux Server release 5.3 (Tikanga)"
"Kernel \r on an \m"

That's redhat-release-5Server-5.3.0.3, with the same oddity.

Okay, so what am I really doing, here? Nothing important, really. This isn't even remotely a show stopper for any client I work with. This is more for my curiosity, and because Google searches have nothing to say about Red Hat's /etc/issue file and this line in it. So, really, this is about me setting up a Google result that says "No, you're not the only person who noticed this..."

Thanks for a great OS!
Comment 1 Daniel Mach 2010-06-15 09:23:07 EDT
I don't think the problem is in /etc/issue.
It's probably in how sshd processes it.

Reassigning to openssh package.


BTW, if I was admin, I wouldn't expose kernel version to anyone who can initiate ssh connection ...
Comment 2 David Barr 2010-06-15 18:11:21 EDT
Heh. Mine is not to question why /etc/issue was exposed. :)

When I get back to the office, I'll test against telnetd in an environment where I can do that, and update whether this is ssh specific.

(In reply to comment #1)
> I don't think the problem is in /etc/issue.
> It's probably in how sshd processes it.
> 
> Reassigning to openssh package.
> 
> 
> BTW, if I was admin, I wouldn't expose kernel version to anyone who can
> initiate ssh connection ...
Comment 3 Jan F. Chadima 2010-06-16 01:11:31 EDT
It's intentional the supposed use of issue is to write to potential attacker something like "YOU will be prosecuted according to law ...." but not "You are welcome, our kernel bugs are ....."

Note You need to log in before you can comment on or make changes to this bug.