[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#453241: still broken (and partly openssh's fault)

On Mon, 21 Apr 2008, Russ Allbery wrote:

I spent an hour this evening tracking this down.  The problem is that
Heimdal isn't using symbol versioning in its shared libraries.
libpam-heimdal therefore binds to unversioned symbols, which works fine if
the calling program doesn't load any other Kerberos library.  However,
OpenSSH is linked with MIT Kerberos, and therefore at run time the
unversioned libpam-heimdal symbols are bound to the MIT Kerberos version
of libkrb5 which is already loaded in memory and chaos ensues.  valgrind
was the debugging tool that finally gave me the necessary clue.  The
segfault kept showing up with backtraces inside libkrb5.3.3 instead of

Thanks for the effort - and the education,  I've used valgrind, but
never for something like this

This is a bug in the Debian Heimdal packages, I believe.  They used to use
symbol versioning precisely because of this problem; see Bug#205592 which
was closed in 0.6-4.  It looks like that was lost or dropped somewhere
along the way.

Most likely with the recent bump to the 1.x series - looks like a big
source and packaging change; I ran into another fallout of the packaging
change (already fixed)

I'm copying Brian May on this.  I think the bug should probably be
reassigned to the heimdal source package.

Reassigned...   Fortunately, there aren't that many packages that depend
upon Heimdal, as they'll all need rebuilding after Heimdal is updated.

Rick Nelson
Life'll kill ya                         -- Warren Zevon
Then you'll be dead                     -- Life'll kill ya

Reply to: