xpra icon
Bug tracker and wiki

Opened 6 years ago

Closed 6 years ago

Last modified 6 years ago

#707 closed defect (fixed)

Fallout from shellshock fix

Reported by: Paul Price Owned by: Paul Price
Priority: major Milestone:
Component: server Version: trunk
Keywords: bash server Cc:

Description

We recently upgraded bash on our RHEL cluster following the shellshock bug announcement, and I had trouble attaching to that server.

Upgraded bash:

pprice@tigressdata:~ $ bash --version
GNU bash, version 4.1.2(1)-release (x86_64-redhat-linux-gnu)
Copyright (C) 2009 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>

This is free software; you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Start xpra on server:

pprice@tigressdata:~ $ xpra --version
xpra v0.10.11
pprice@tigressdata:~ $ xpra start :10

Connect from client:

price@price-laptop:~ $ xpra attach ssh:tigressdata:10
xpra client version 0.11.1
** Message: pygobject_register_sinkfunc is deprecated (GstObject)
2014-10-06 15:06:56,021 OpenGL support not enabled: No module named gl
2014-10-06 15:06:56,053 root size is 1440x900 with 1 screen(s):
2014-10-06 15:06:56,054   'price-laptop-astro.local' 1440x900 (508x317 mm) workarea: 1440x900 at 0x0
2014-10-06 15:06:56,054     'monitor 1' 1440x900 at 0x0 (508x317 mm)
.xpra/run-xpra: line 59: syntax error near unexpected token `="\(\)\ \{\ \ eval\ \`/usr/bin/modulecmd\ bash\ \$\*\`\}"'
.xpra/run-xpra: line 59: `\}"; export BASH_FUNC_module()'
2014-10-06 15:06:57,898 Connection lost

The problem is due to the following lines in the ~/.xpra/run-xpra script (written as part of "xpra start"):

BASH_FUNC_module()="\(\)\ \{\ \ eval\ \`/usr/bin/modulecmd\ bash\ \$\*\`\
\}"; export BASH_FUNC_module()

Following the bash upgrade, the output of the env command cannot just be fed back in to a /bin/sh script. I've had to deal with this for a different application, and we simply removed all variables starting with BASH_FUNC. We concluded that it doesn't appear that there is any truly POSIX-compliant way of exporting a function, as is done in bash.

The workaround is to manually remove the offending lines from ~/.xpra/run-xpra.

Change History (8)

comment:1 Changed 6 years ago by Antoine Martin

Owner: changed from Antoine Martin to Paul Price

That's odd, I don't have a RHEL machine to test on, but I've got Fedora and centos, and none of those show this problem.

I've applied the fix in r7898, does that work for you? (as per above, I am unable to verify that it works, only that the env vars that start with BASH_FUNC are no longer included)

comment:2 Changed 6 years ago by Paul Price

We definitely saw this on CentOS 6 with my other application, using "GNU bash, version 4.1.2(1)-release (x86_64-redhat-linux-gnu)". Is it possible that you're using a different bash version, or don't have any functions defined? Try this:

price@master:~ $ foo() { echo "foo"; }
price@master:~ $ type foo
foo is a function
foo () 
{ 
    echo "foo"
}
price@master:~ $ export -f foo
price@master:~ $ env | grep foo
BASH_FUNC_foo()=() {  echo "foo"

Is it easy for me to test this without root on the clusters?

comment:3 Changed 6 years ago by Antoine Martin

Is it easy for me to test this without root on the clusters?


Should be:

./setup.py install --home=./test
PYTHONPATH=`pwd`/test/lib64/python xpra --version

comment:4 Changed 6 years ago by Antoine Martin

Resolution: fixed
Status: newclosed

Backport to v0.14.x in r7902. Closing, feel free to re-open if I've missed anything.

(as the TODO item says, maybe we should keep just a whitelist of the env vars we do want to preserve in here, rather than this hodgepodge blacklist.. oh well)

comment:5 Changed 6 years ago by Paul Price

Thanks for the fix. I haven't been able to verify it, since it's a painful build xpra on the cluster (missing dependencies; no root access/yum); sorry.

comment:6 Changed 6 years ago by Paul Price

The fix has propagated downstream, and it works fine, thanks!

comment:7 Changed 6 years ago by Antoine Martin

Out of curiosity, which downstream would that be?

comment:8 Changed 6 years ago by Paul Price

CentOS 6.5.

Note: See TracTickets for help on using tickets.