openssh 5.0p1: Solaris - Failed to allocate internet-domain X11display socket. - openssh

This is a discussion on openssh 5.0p1: Solaris - Failed to allocate internet-domain X11display socket. - openssh ; On Solaris 10 (SPARC & x86), I'm seeing the following error: error: Failed to allocate internet-domain X11 display socket. I tracked this down to this code change between openssh 4.7p1 and 5.0p1: *** openssh-4.7p1/channels.c Mon Jun 25 03:04:47 2007 --- ...

+ Reply to Thread
Results 1 to 7 of 7

Thread: openssh 5.0p1: Solaris - Failed to allocate internet-domain X11display socket.

  1. openssh 5.0p1: Solaris - Failed to allocate internet-domain X11display socket.

    On Solaris 10 (SPARC & x86), I'm seeing the following error:

    error: Failed to allocate internet-domain X11 display socket.


    I tracked this down to this code change between openssh 4.7p1 and
    5.0p1:

    *** openssh-4.7p1/channels.c Mon Jun 25 03:04:47 2007
    --- openssh-5.0p1/channels.c Wed Apr 2 15:43:57 2008
    ***************
    *** 1,4 ****
    ! /* $OpenBSD: channels.c,v 1.270 2007/06/25 08:20:03 dtucker Exp $ */
    /*
    * Author: Tatu Ylonen
    * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland
    --- 1,4 ----
    ! /* $OpenBSD: channels.c,v 1.273 2008/04/02 21:36:51 markus Exp $ */
    /*
    * Author: Tatu Ylonen
    * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland
    ***************
    *** 2905,2913 ****
    debug2("bind port %d: %.100s", port, strerror(errno));
    close(sock);

    - if (ai->ai_next)
    - continue;
    -
    for (n = 0; n < num_socks; n++) {
    close(socks[n]);
    }
    --- 2906,2911 ----


    When those two lines are added back in, X11 forwarding is able to get
    a port bound.

    This is only the case on Solaris. On Linux, *BSD, IRIX systems the
    current code works.

    Thanks for looking into this.

    Pieter
    _______________________________________________
    openssh-unix-dev mailing list
    openssh-unix-dev@mindrot.org
    https://lists.mindrot.org/mailman/li...enssh-unix-dev


  2. RE: openssh 5.0p1: Solaris - Failed to allocate internet-domainX11display socket.



    > -----Original Message-----
    > From: openssh-unix-dev-bounces+scott_n=xypro.com@mindrot.org
    > [mailtopenssh-unix-dev-bounces+scott_n=xypro.com@mindrot.org] On
    > Behalf Of Pieter Bowman
    > Sent: Wednesday, July 16, 2008 11:17 AM
    > To: openssh-unix-dev@mindrot.org
    > Cc: bowman@math.utah.edu
    > Subject: openssh 5.0p1: Solaris - Failed to allocate internet-domain
    > X11display socket.
    >
    > On Solaris 10 (SPARC & x86), I'm seeing the following error:
    >
    > error: Failed to allocate internet-domain X11 display socket.
    >
    >
    > I tracked this down to this code change between openssh 4.7p1 and
    > 5.0p1:
    >
    > *** openssh-4.7p1/channels.c Mon Jun 25 03:04:47 2007
    > --- openssh-5.0p1/channels.c Wed Apr 2 15:43:57 2008
    > ***************
    > *** 1,4 ****
    > ! /* $OpenBSD: channels.c,v 1.270 2007/06/25 08:20:03 dtucker Exp $ */
    > /*
    > * Author: Tatu Ylonen
    > * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland
    > --- 1,4 ----
    > ! /* $OpenBSD: channels.c,v 1.273 2008/04/02 21:36:51 markus Exp $ */
    > /*
    > * Author: Tatu Ylonen
    > * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland
    > ***************
    > *** 2905,2913 ****
    > debug2("bind port %d: %.100s", port,
    > strerror(errno));
    > close(sock);
    >
    > - if (ai->ai_next)
    > - continue;
    > -
    > for (n = 0; n < num_socks; n++) {
    > close(socks[n]);
    > }
    > --- 2906,2911 ----
    >
    >
    > When those two lines are added back in, X11 forwarding is able to get
    > a port bound.
    >
    > This is only the case on Solaris. On Linux, *BSD, IRIX systems the
    > current code works.
    >


    Weren't those two lines related to the fix between 4.9p1 and 5.0p1
    ix-dev
    _______________________________________________
    openssh-unix-dev mailing list
    openssh-unix-dev@mindrot.org
    https://lists.mindrot.org/mailman/li...enssh-unix-dev


  3. Re: openssh 5.0p1: Solaris - Failed to allocate internet-domain X11display socket.


    Ermm...

    Revision 1.273 / (download) - annotate - [select for diffs] , Wed Apr 2
    21:36:51 2008 UTC (3 months, 1 week ago) by markus
    Branch: MAIN
    Changes since 1.272: +1 -4 lines
    Diff to previous 1.272 (colored)

    avoid possible hijacking of x11-forwarded connections (back out 1.183)
    CVE-2008-1483; ok djm@

    --

    Revision 1.183 / (download) - annotate - [select for diffs] , Tue Sep 17
    07:47:02 2002 UTC (5 years, 10 months ago) by itojun
    Branch: MAIN
    CVS Tags: OPENBSD_3_2_BASE
    Branch point for: OPENBSD_3_2
    Changes since 1.182: +5 -1 lines
    Diff to previous 1.182 (colored)

    don't quit while creating X11 listening socket.

    http://mail-index.netbsd.org/current...9/16/0005.html
    got from portable. markus ok

    Removing it is the wrong solution... Not sure what the correct one, but I
    figured I'd post why it was removed.

    - Ben




    On Wed, 16 Jul 2008, Pieter Bowman wrote:

    > On Solaris 10 (SPARC & x86), I'm seeing the following error:
    >
    > error: Failed to allocate internet-domain X11 display socket.
    >
    >
    > I tracked this down to this code change between openssh 4.7p1 and
    > 5.0p1:
    >
    > *** openssh-4.7p1/channels.c Mon Jun 25 03:04:47 2007
    > --- openssh-5.0p1/channels.c Wed Apr 2 15:43:57 2008
    > ***************
    > *** 1,4 ****
    > ! /* $OpenBSD: channels.c,v 1.270 2007/06/25 08:20:03 dtucker Exp $ */
    > /*
    > * Author: Tatu Ylonen
    > * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland
    > --- 1,4 ----
    > ! /* $OpenBSD: channels.c,v 1.273 2008/04/02 21:36:51 markus Exp $ */
    > /*
    > * Author: Tatu Ylonen
    > * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland
    > ***************
    > *** 2905,2913 ****
    > debug2("bind port %d: %.100s", port, strerror(errno));
    > close(sock);
    >
    > - if (ai->ai_next)
    > - continue;
    > -
    > for (n = 0; n < num_socks; n++) {
    > close(socks[n]);
    > }
    > --- 2906,2911 ----
    >
    >
    > When those two lines are added back in, X11 forwarding is able to get
    > a port bound.
    >
    > This is only the case on Solaris. On Linux, *BSD, IRIX systems the
    > current code works.
    >
    > Thanks for looking into this.
    >
    > Pieter
    > _______________________________________________
    > openssh-unix-dev mailing list
    > openssh-unix-dev@mindrot.org
    > https://lists.mindrot.org/mailman/li...enssh-unix-dev
    >

    _______________________________________________
    openssh-unix-dev mailing list
    openssh-unix-dev@mindrot.org
    https://lists.mindrot.org/mailman/li...enssh-unix-dev


  4. Re: openssh 5.0p1: Solaris - Failed to allocate internet-domain X11display socket.

    On Wed, 16 Jul 2008, Ben Lindstrom wrote:

    > Removing it is the wrong solution... Not sure what the correct one, but I
    > figured I'd post why it was removed.


    Removing it is the right solution, the problem is that Sun returns
    unusable return codes from getaddrinfo(3) when IPv6 is installed on the
    machine but no interfaces have IPv6 addresses configured.

    Workaround: put "AddressFamily inet" in sshd_config.

    -d
    _______________________________________________
    openssh-unix-dev mailing list
    openssh-unix-dev@mindrot.org
    https://lists.mindrot.org/mailman/li...enssh-unix-dev


  5. Re: openssh 5.0p1: Solaris - Failed to allocate internet-domain X11display socket.



    On Thu, 17 Jul 2008, Damien Miller wrote:

    > On Wed, 16 Jul 2008, Ben Lindstrom wrote:
    >
    > > Removing it is the wrong solution... Not sure what the correct one, but I
    > > figured I'd post why it was removed.

    >
    > Removing it is the right solution, the problem is that Sun returns


    ugh, "not the right solution".
    _______________________________________________
    openssh-unix-dev mailing list
    openssh-unix-dev@mindrot.org
    https://lists.mindrot.org/mailman/li...enssh-unix-dev


  6. Re: openssh 5.0p1: Solaris - Failed to allocate internet-domain X11display socket.

    On Jul 16, 11:17*am, bow...@math.utah.edu (Pieter Bowman) wrote:
    > On Solaris 10 (SPARC & x86), I'm seeing the following error:
    >
    > error: Failed to allocate internet-domain X11 display socket.
    >
    > I tracked this down to this code change between openssh 4.7p1 and
    > 5.0p1:
    >
    > *** openssh-4.7p1/channels.c * *Mon Jun 25 03:04:47 2007
    > --- openssh-5.0p1/channels.c * *Wed Apr *2 15:43:57 2008
    > ***************
    > *** 1,4 ****
    > ! /* $OpenBSD: channels.c,v 1.270 2007/06/25 08:20:03 dtucker Exp $ */
    > * /*
    > * ** Author: Tatu Ylonen
    > * ** Copyright (c) 1995 Tatu Ylonen , Espoo, Finland
    > --- 1,4 ----
    > ! /* $OpenBSD: channels.c,v 1.273 2008/04/02 21:36:51 markus Exp $ */
    > * /*
    > * ** Author: Tatu Ylonen
    > * ** Copyright (c) 1995 Tatu Ylonen , Espoo, Finland
    > ***************
    > *** 2905,2913 ****
    > * * * * * * * * * * * * * * * * debug2("bind port %d: %.100s", port, strerror(errno));
    > * * * * * * * * * * * * * * * * close(sock);
    >
    > - * * * * * * * * * * * * * * * if (ai->ai_next)
    > - * * * * * * * * * * * * * * * * * ** continue;
    > -
    > * * * * * * * * * * * * * * * * for (n = 0; n < num_socks; n++) {
    > * * * * * * * * * * * * * * * * * * * * close(socks[n]);
    > * * * * * * * * * * * * * * * * }
    > --- 2906,2911 ----
    >
    > When those two lines are added back in, X11 forwarding is able to get
    > a port bound.
    >
    > This is only the case on Solaris. *On Linux, *BSD, IRIX systems the
    > current code works.
    >
    > Thanks for looking into this.
    >
    > Pieter
    > _______________________________________________
    > openssh-unix-dev mailing list
    > openssh-unix-...@mindrot.orghttps://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




    Bug ID

    6704823


    Product

    Solaris 9 Operating System
    Solaris 10 Operating System


    Date of Workaround Release

    20-Aug-2008


    SA Document Body

    A regression in the Secure Shell Daemon (sshd(1M)):
    1. Impact

    The Sun Secure Shell (SSH) patches listed in the "Contributing
    Factors" section below break the Secure Shell X11 forwarding feature
    on systems with only IPv4 interfaces configured.

    2. Contributing Factors

    This issue can occur in the following releases:

    SPARC Platform

    Solaris 9 with patch 114356-14 or later
    Solaris 10 with patch 126133-03 or later
    x86 Platform

    Solaris 9 with patch 114357-13 or later
    Solaris 10 with patch 126134-03 or later
    Note 1: Solaris 8 is not impacted by this issue.

    Note 2 : Only OpenSolaris installations including the affected binary
    " /usr/lib/ssh/sshd" are impacted by this issue.

    Note 3: This issue only affects systems that have only IPv4 interfaces
    configured.

    To determine if a system has only IPv4 interfaces configured the
    following command can be run:

    $ ifconfig lo0 inet6 || echo "System is affected" ifconfig:
    status: SIOCGLIFFLAGS: lo0: no such interface System is affected3.
    Symptoms

    If the described issue occurs, an error message similar to the
    following will be seen on the console and in the syslog of the system
    being logged into with ssh(1):

    Aug 20 11:01:53 solaris sshd[1853]: [ID 800047 auth.error]
    error: Failed to allocate internet-domain X11 display socket.Once
    logged in, the $DISPLAY variable will not be set and X11 programs
    will not display on the client system:

    $ ssh -X solarishost $ /usr/openwin/bin/xclock Error: Can't
    open display: $ echo $DISPLAY4. Workaround

    To work around this issue, the following command can be executed as
    root user:

    # ifconfig lo0 inet6 plumb upUsers who are already connected to
    the host must re-login to use X11 forwarding.

    Binary Relief is available via normal support channels.

    Note: Removal of the affected patches is not recommended as a
    workaround as they resolve a security issue, bug 6684003, as described
    in Sun Alert 237444.

    5. Resolution

    A final resolution is pending completion.

    This Sun Alert notification is being provided to you on an "AS IS"
    basis. This Sun Alert notification may contain information provided by
    third parties. The issues described in this Sun Alert notification may
    or may not impact your system(s). Sun makes no representations,
    warranties, or guarantees as to the information contained herein. ANY
    AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION
    WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR
    NON-INFRINGEMENT, ARE HEREBY DISCLAIMED. BY ACCESSING THIS DOCUMENT
    YOU ACKNOWLEDGE THAT SUN SHALL IN NO EVENT BE LIABLE FOR ANY DIRECT,
    INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES THAT ARISE
    OUT OF YOUR USE OR FAILURE TO USE THE INFORMATION CONTAINED HEREIN.
    This Sun Alert notification contains Sun proprietary and confidential
    information. It is being provided to you pursuant to the provisions of
    your agreement to purchase services from Sun, or, if you do not have
    such an agreement, the Sun.com Terms of Use. This Sun Alert
    notification may only be used for the purposes contemplated by these
    agreements.

    Copyright 2000-2008 Sun Microsystems, Inc., 4150 Network Circle, Santa
    Clara, CA 95054 U.S.A. All rights reserved.

    Modification History

    21-Aug-2008: Updated Product field and Contributing Factors section


    Attachments
    This solution has no attachment


  7. Re: openssh 5.0p1: Solaris - Failed to allocate internet-domain X11display socket.

    UPDATE:

    To fix:

    Change ListenAddress to 0.0.0.0 in /etc/ssh/sshd_config for IPV4 only

    For Solaris 10 edit the file
    # vi /lib/svc/method/sshd

    and start "sshd" with -4 option .


+ Reply to Thread