bugzilla-daemon at bugzilla.mindrot.org
2019-Feb-24 17:15 UTC
[Bug 2973] New: Broken pipe after authentication when including coverage information
https://bugzilla.mindrot.org/show_bug.cgi?id=2973 Bug ID: 2973 Summary: Broken pipe after authentication when including coverage information Product: Portable OpenSSH Version: 7.9p1 Hardware: amd64 OS: Linux Status: NEW Severity: minor Priority: P5 Component: sshd Assignee: unassigned-bugs at mindrot.org Reporter: seroland86 at gmail.com Created attachment 3246 --> https://bugzilla.mindrot.org/attachment.cgi?id=3246&action=edit log If OpenSSH is compiled with gcc using --coverage sshd returns with a broken pipe error after authentication. The last working version is 7.1. To reproduce compile with: CFLAGS=--coverage LIBS='-lgcov' ./configure && make && make install. Only got it working using --with-sandbox=no. Attached are ssh and sshd debug logs. -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2019-Feb-24 17:17 UTC
[Bug 2973] Broken pipe after authentication when including coverage information
https://bugzilla.mindrot.org/show_bug.cgi?id=2973 --- Comment #1 from Sebastian Roland <seroland86 at gmail.com> --- gcc -v Using built-in specs. COLLECT_GCC=gcc COLLECT_LTO_WRAPPER=/usr/lib/gcc/x86_64-pc-linux-gnu/8.2.1/lto-wrapper Target: x86_64-pc-linux-gnu Configured with: /build/gcc/src/gcc/configure --prefix=/usr --libdir=/usr/lib --libexecdir=/usr/lib --mandir=/usr/share/man --infodir=/usr/share/info --with-bugurl=https://bugs.archlinux.org/ --enable-languages=c,c++,ada,fortran,go,lto,objc,obj-c++ --enable-shared --enable-threads=posix --enable-libmpx --with-system-zlib --with-isl --enable-__cxa_atexit --disable-libunwind-exceptions --enable-clocale=gnu --disable-libstdcxx-pch --disable-libssp --enable-gnu-unique-object --enable-linker-build-id --enable-lto --enable-plugin --enable-install-libiberty --with-linker-hash-style=gnu --enable-gnu-indirect-function --enable-multilib --disable-werror --enable-checking=release --enable-default-pie --enable-default-ssp --enable-cet=auto Thread model: posix gcc version 8.2.1 20181127 (GCC) -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2019-Feb-25 08:45 UTC
[Bug 2973] Broken pipe after authentication when including coverage information
https://bugzilla.mindrot.org/show_bug.cgi?id=2973 Jakub Jelen <jjelen at redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jjelen at redhat.com --- Comment #2 from Jakub Jelen <jjelen at redhat.com> --- When compiled with coverage support, the server tries to write files about the line coverage. This indeed fails in the net child, which is confined with seccomp filter sandbox and chroot by default. I am not sure why you would need to authenticate to ssh when it is compiled with coverage support. -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2019-Feb-25 08:52 UTC
[Bug 2973] Broken pipe after authentication when including coverage information
https://bugzilla.mindrot.org/show_bug.cgi?id=2973 --- Comment #3 from Sebastian Roland <seroland86 at gmail.com> --- Jakub, thank you for your quick reply. You are right about the writing of coverage data. I managed to get that working however it is still only usable when compiling without sandbox support. The reason why it is relevant is that you might want to have coverage reports about your test cases which are failing because of the described behavior. -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2019-Feb-25 09:25 UTC
[Bug 2973] Broken pipe after authentication when including coverage information
https://bugzilla.mindrot.org/show_bug.cgi?id=2973 --- Comment #4 from Jakub Jelen <jjelen at redhat.com> --- Coverage data for integration tests (as opposed to unit tests) are not always very helpful. It might show you what lines were not executed, but does not give you any assurance that the executed lines did always the right thing. We were facing similar issue with libssh, which is using OpenSSH server to test against. At this moment, we do not run coverage in this part of the testsuite, but it should be possible to workaround this by replacing these functions from LD_PRELOAD, as proposed in the following project. Unfortunately, I was not able to make it working for coverage so far. Otherwise, for testing, it should be probably fine to run without the sandbox. https://gitlab.com/cryptomilk/priv_wrapper/tree/master -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2019-May-10 05:00 UTC
[Bug 2973] Broken pipe after authentication when including coverage information
https://bugzilla.mindrot.org/show_bug.cgi?id=2973 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED CC| |djm at mindrot.org Resolution|--- |WONTFIX --- Comment #5 from Damien Miller <djm at mindrot.org> --- Yes, doing this sort of stuff almost always requires disabling sandboxing and also sometimes patching out the chroot() calls in sshd.c. We don't have any concrete plans to change this, as it affects only developers, and I don't want to leave a loaded footgun around for everyone else. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2020-Feb-14 04:59 UTC
[Bug 2973] Broken pipe after authentication when including coverage information
https://bugzilla.mindrot.org/show_bug.cgi?id=2973 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #6 from Damien Miller <djm at mindrot.org> --- Closing all resolved bug with release of openssh-8.2 -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.