bin/58368: sshd blocklistd integration doesn't make blocking reasons clear

To: gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: bin/58368: sshd blocklistd integration doesn't make blocking reasons clear
From: campbell+netbsd%mumble.net@localhost
Date: Tue, 25 Jun 2024 13:25:01 +0000 (UTC)

>Number:         58368
>Category:       bin
>Synopsis:       sshd blocklistd integration doesn't make blocking reasons clear
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Jun 25 13:25:00 +0000 2024
>Originator:     Taylor R Campbell
>Release:        current, 10, 9
>Organization:
The NetBSD FoundConnection timed out
>Environment:
>Description:
When sshd decides to ask blocklistd to consider blocking an address, it should be associated with a clear log message saying what happened that led it to this decision.

But it's not -- the paths to pfilter_notify in sshd, where it calls into blocklistd, are not clearly associated with log messages that can be diagnosed.
>How-To-Repeat:
pore over /var/log/authlog trying to find why a legitimate user keeps getting blocked
>Fix:
Make sure there is a clear log message near every call to pfilter_notify.

Prev by Date: port-amd64/58367: prekern does not honor console device
Next by Date: bin/58369: sshd blocklistd integration spuriously blocks legitimate users with multiple public keys
Previous by Thread: port-amd64/58367: prekern does not honor console device
Next by Thread: bin/58369: sshd blocklistd integration spuriously blocks legitimate users with multiple public keys
Indexes:

Home | Main Index | Thread Index | Old Index