Re: Bug#453241: still broken (and partly openssh's fault)
Brian May <email@example.com> writes:
> Can I please confirm what version of Heimdal you are using? The initial
> bug report seemed to quote the old version in testing, but here you seem
> to indicate the latest version in unstable. I just want to make sure.
> As far as I can tell, all exported symbols from libkrb220.127.116.11 use
> HEIMDAL_KRB5_1.0 for the versioned symbol name.
I'll check again tonight on amd64. The problem is specifically on amd64;
if you're checking on i386, you may not see it. I wasn't seeing any
symbol versioning in readelf.
> If OpenSSH is linked against MIT Kerberos, like you say, then simply
> proving that the segfault occurs inside MIT Kerberos is insufficient,
> unfortunately, because we have to expect OpenSSH may call MIT Kerberos
> functions at some point.
According to valgrind, the backtrace showed the segfaults definitely in
functions called by libpam-heimdal, not by openssh itself. I'll include
the backtrace when I get home and can reproduce it.
gdb doesn't produce a usable backtrace (probably because of the library
confusion). Only valgrind would work for me, and only with a rebuilt
libpam-heimdal with debugging information.
Russ Allbery (firstname.lastname@example.org) <http://www.eyrie.org/~eagle/>