Bug#115767: I see this too on x86-xen running etch

To: Andy Smith <andy@lug.org.uk>, 115767@bugs.debian.org
Subject: Bug#115767: I see this too on x86-xen running etch
From: Justin Pryzby <justinpryzby@users.sourceforge.net>
Date: Thu, 9 Mar 2006 13:34:19 -0500
Message-id: <[🔎] 20060309183419.GA16616@andromeda>
Reply-to: Justin Pryzby <justinpryzby@users.sourceforge.net>, 115767@bugs.debian.org
In-reply-to: <[🔎] 20060309174921.GD7723@strugglers.net>
References: <[🔎] 20060309171334.GB7723@strugglers.net> <[🔎] 20060309173706.GA15037@andromeda> <[🔎] 20060309174921.GD7723@strugglers.net>

On Thu, Mar 09, 2006 at 05:49:21PM +0000, Andy Smith wrote:
> On Thu, Mar 09, 2006 at 12:37:06PM -0500, Justin Pryzby wrote:
> 
> > Would you consider trying to strace the processes?  This was
> > recommended for the other similar bug (assigned to "openssl"; there
> > are #115767, #155467).
> 
> I would but I'm concerned that this will use large amounts of disk
> space.  This problem only manifests itself perhaps once every month
> or two and depends on me getting a big SSH dictionary attack it
> seems.

> > Something like strace -f -o /var/log/ssh-strace/ssh-strace.log, where
> > you should be able to set the directory permissions to be sufficiently
> > tight.
> 
> What if I ran strace without the -f and ran ssh with -eD again so it
> doesn't detach or fork?  Then I'd only have strace logs from the
> parent sshd right?  Which wouldn't be too much of a logging burden
> yet would still show the problem, I'm guessing.
I guess you meant sshd:

     -e      When this option is specified, sshd will send the output
     to the standard error instead of the system log.

I don't see how this helps.

     -D      When this option is specified, sshd will not detach and
     does not become a daemon.  This allows easy monitoring of sshd.

or this either; "forking" doesn't refer to creating child sshd
processes to handle the individual connection, but rather forking a
couple times to get a process independent of your shell; this would
simply cause the sshd process to not return until you kill it (or it
crashes due to lack of random data, of course).

Why don't you just logrotate the files?

I thought there was a logrotate dataloss bug (which might be
completely irrelevant to this discussion, but couldn't find it).  And,
since the "data" is just strace output, you wont lose anything you
wouldn't have had anyway, so just nevermind me...

BTW strace has -e to cut down on the types of output to create, but I
would suggest to not use it, otherwise the relevant context will be
lost.

Also, you should probably use strace -ff instead.

Thanks for testing
Justin

Reply to:

References:
- Bug#115767: I see this too on x86-xen running etch
  - From: Andy Smith <andy@lug.org.uk>
- Bug#115767: I see this too on x86-xen running etch
  - From: Justin Pryzby <justinpryzby@users.sourceforge.net>
- Bug#115767: I see this too on x86-xen running etch
  - From: Andy Smith <andy@lug.org.uk>

Prev by Date: Bug#115767: I see this too on x86-xen running etch
Next by Date: Bug#355934: openssh-client won't upgrade as there's something wrong with update-alternatives
Previous by thread: Bug#115767: I see this too on x86-xen running etch
Next by thread: Bug#349526: openssh-server: sshd crashes with a segfault
Index(es):
- Date
- Thread