Re: Bug#453241: still broken (and partly openssh's fault)
On Sun, 13 Apr 2008, Matthijs Mohlmann wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
Can you try with ssh and debugging symbols on ? Probably you get more
information with gdb then.
Being that there are no debug packages for openssh, I rebuilt it
on a current Sid machine (with debugging enabled).
I'll ask also the upstream maintainer.
Russ: Can you take a look at this bug report. It seems that sshd is
segfaulting on AMD64 when using the libpam-heimdal module. I do not have
a AMD64 box, so it's almost impossible for me to test.
I found some odd news!
After building openssh on a recent Sid box, the pam account module
now works as expected - no segv :) This, along with the fact that
there's a new openssh version (with supposed changes in this area),
makes it seem like getting ssh rebuilt soon is a good idea !
However, the session module still blows chunks, and since it is called
by the subordinate (unpriviledged) thread, I don't know how to trap it:
Accepted publickey for renegade from 9.30.102.134 port 53147 ssh2
debug1: monitor_child_preauth: renegade has been authenticated by
privileged process
debug3: mm_get_keystate: Waiting for new keys
debug3: mm_request_receive_expect entering: type 25
debug3: mm_request_receive entering
debug3: mm_newkeys_from_blob: 0x7fee6df93ed0(128)
debug2: mac_setup: found hmac-md5
debug3: mm_get_keystate: Waiting for second key
debug3: mm_newkeys_from_blob: 0x7fee6df93ed0(128)
debug2: mac_setup: found hmac-md5
debug3: mm_get_keystate: Getting compression state
debug3: mm_get_keystate: Getting Network I/O buffers
debug3: mm_share_sync: Share sync
debug3: mm_share_sync: Share sync end
debug1: temporarily_use_uid: 2007/2000 (e=0/2000)
debug1: ssh_gssapi_storecreds: Not a GSSAPI mechanism
debug1: restore_uid: 0/2000
debug3: PAM: opening session
debug2: User child is on pid 30175
debug3: mm_request_receive entering
debug1: do_cleanup
debug1: PAM: cleanup
debug3: PAM: sshpam_thread_cleanup entering
Program exited with code 0377.
Note that it also fails if I do use GSSAPI (instead of ssh key, like
the example shown above).
Regards,
Matthijs Mohlmann
Richard Nelson wrote:
Ah, a little more information - this segv only happens when using
password authentication (ssh keys work fine)
sshd_config has
UsePAM yes
PubkeyAuthentication yes
PasswordAuthentication yes
ChallengeResponseAuthentication no
Richard Nelson wrote:
# /usr/sbin/sshd -Dddd >~/log 2>&1
Segmentation fault
The last lines of log:
debug3: mm_auth_password entering
debug3: mm_request_send entering: type 11
debug3: mm_auth_password: waiting for MONITOR_ANS_AUTHPASSWORD
debug3: mm_request_receive_expect entering: type 12
debug3: mm_request_receive entering
debug3: monitor_read: checking request 11
debug1: do_cleanup
debug1: PAM: cleanup
debug3: PAM: sshpam_thread_cleanup entering
gdb isn't very helpful
Program received signal SIGSEGV, Segmentation fault.
0x00002acda6fe7af2 in ?? ()
(gdb) bt
#0 0x00002acda6fe7af2 in ?? ()
#1 0x00002acda692ad86 in ?? ()
#2 0x0000000000000050 in ?? ()
#3 0x0000000000000001 in ?? ()
#4 0x00007fff05c7cf10 in ?? ()
#5 0x0000000000000000 in ?? ()
(gdb) quit
The program is running. Exit anyway? (y or n) y
debug1: do_cleanup
debug1: PAM: cleanup
debug3: PAM: sshpam_thread_cleanup entering
I installed libpam-dbg, but still didn't get any information
removing pam_krb5 from /etc/pam.d/common-auth fixes the problem
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFIAb1n2n1ROIkXqbARAuG7AJ9glEncS6jvQie2UhnY4ya5Tk91HACbBKEp
sgyobGhwwaO6vxCDg4TQb0U=
=9KMZ
-----END PGP SIGNATURE-----
--
Rick Nelson
Life'll kill ya -- Warren Zevon
Then you'll be dead -- Life'll kill ya
Reply to: