I'm using OpenSSH-2.9.9p2 on Solaris 8 sparc64. 2.9p2 worked fine, but
2.9.9p2+ is giving me trouble with one thing - sshd segfaults if I try to
connect and execute a command, such as "ssh machine ls". Otherwise it
works great. sshd will fork, and the child process segfaults.
CVS snapshot does the same thing.
I've narrowed this down somewhat. It will only happen if you use
./configure --with-pam (see below).
Output from "gdb ./sshd" and "run -p 2022 -d -d -d" (IP
obscured):
...
Failed none for wyodlows from a.b.c.d port 45214 ssh2
debug1: userauth-request for user wyodlows service ssh-connection method
password
debug1: attempt 1 failures 1
debug2: input_userauth_request: try method password
debug1: PAM Password authentication accepted for user "wyodlows"
Accepted password for wyodlows from a.b.c.d port 45214 ssh2
debug1: Entering interactive session for SSH2.
debug1: server_init_dispatch_20
debug1: server_input_channel_open: ctype session rchan 0 win 65536 max 32768
debug1: input_session_request
debug1: channel 0: new [server-session]
debug1: session_new: init
debug1: session_new: session 0
debug1: session_open: channel 0
debug1: session_open: session 0: link with channel 0
debug1: server_input_channel_open: confirm session
debug2: callback start
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 channel 0 request exec reply 0
Program received signal SIGSEGV, Segmentation fault.
0xff133a9c in strncpy () from /usr/lib/libc.so.1
(gdb) bt
#0 0xff133a9c in strncpy () from /usr/lib/libc.so.1
#1 0xff0b61b0 in pam_sm_open_session () from /usr/lib/security/pam_unix.so.1
#2 0xff372b88 in pam_open_session () from /usr/lib/libpam.so.1
#3 0x2cc88 in do_pam_session (username=0x115fb0 "wyodlows",
ttyname=0x0)
at auth-pam.c:283
#4 0x32360 in do_exec_no_pty (s=0x1108ac, command=0x121950 "ls")
at session.c:433
#5 0x32884 in do_exec (s=0x1108ac, command=0x121950 "ls") at
session.c:668
#6 0x34008 in session_exec_req (s=0x1108ac) at session.c:1742
#7 0x3417c in session_input_channel_req (id=0, arg=0x0) at session.c:1795
#8 0x3a040 in channel_input_channel_request (type=98, plen=19, ctxt=0x116898)
at channels.c:1974
#9 0x3cae0 in dispatch_run (mode=1, done=0x0, ctxt=0x116898) at dispatch.c:71
#10 0x30e1c in process_buffered_input_packets () at serverloop.c:423
#11 0x314b8 in server_loop2 (authctxt=0xffbef408) at serverloop.c:705
#12 0x348d8 in do_authenticated2 (authctxt=0x1170f0) at session.c:2063
#13 0x31eb4 in do_authenticated (authctxt=0x1170f0) at session.c:199
#14 0x29c68 in do_authentication2 () at auth2.c:134
#15 0x280d4 in main (ac=6, av=0x8) at sshd.c:1204
I do not claim to know what the correct fix is, however I can avoid
the segfault by removing the do_pam_session() call. This is how the
same code looks in 2.9p2 (which doesn't segfault).
I'll happily provide any information needed to help fix this. Thanks.
--- openssh/session.c.orig Mon Oct 22 22:42:46 2001
+++ openssh/session.c Mon Oct 22 22:43:31 2001
@@ -430,7 +430,7 @@ do_exec_no_pty(Session *s, const char *c
session_proctitle(s);
#if defined(USE_PAM)
- do_pam_session(s->pw->pw_name, NULL);
+/* do_pam_session(s->pw->pw_name, NULL); */
do_pam_setcred(1);
#endif /* USE_PAM */
I think this might be the same bug I reported yesterday (and someone reported before me) - it seems to be some sort of problem in the PAM related code. Ed On Tue, 23 Oct 2001, William Yodlowsky wrote:> Date: Tue, 23 Oct 2001 10:05:27 -0400 > From: William Yodlowsky <bsd at openbsd.rutgers.edu> > To: openssh-unix-dev at mindrot.org > Subject: PAM problem - sshd segfault on Solaris > > I'm using OpenSSH-2.9.9p2 on Solaris 8 sparc64. 2.9p2 worked fine, but > 2.9.9p2+ is giving me trouble with one thing - sshd segfaults if I try to > connect and execute a command, such as "ssh machine ls". Otherwise it > works great. sshd will fork, and the child process segfaults. > > CVS snapshot does the same thing. > > I've narrowed this down somewhat. It will only happen if you use > ./configure --with-pam (see below). > > Output from "gdb ./sshd" and "run -p 2022 -d -d -d" (IP obscured): > > ... > Failed none for wyodlows from a.b.c.d port 45214 ssh2 > debug1: userauth-request for user wyodlows service ssh-connection method password > debug1: attempt 1 failures 1 > debug2: input_userauth_request: try method password > debug1: PAM Password authentication accepted for user "wyodlows" > Accepted password for wyodlows from a.b.c.d port 45214 ssh2 > debug1: Entering interactive session for SSH2. > debug1: server_init_dispatch_20 > debug1: server_input_channel_open: ctype session rchan 0 win 65536 max 32768 > debug1: input_session_request > debug1: channel 0: new [server-session] > debug1: session_new: init > debug1: session_new: session 0 > debug1: session_open: channel 0 > debug1: session_open: session 0: link with channel 0 > debug1: server_input_channel_open: confirm session > debug2: callback start > debug1: session_by_channel: session 0 channel 0 > debug1: session_input_channel_req: session 0 channel 0 request exec reply 0 > > Program received signal SIGSEGV, Segmentation fault. > 0xff133a9c in strncpy () from /usr/lib/libc.so.1 > (gdb) bt > #0 0xff133a9c in strncpy () from /usr/lib/libc.so.1 > #1 0xff0b61b0 in pam_sm_open_session () from /usr/lib/security/pam_unix.so.1 > #2 0xff372b88 in pam_open_session () from /usr/lib/libpam.so.1 > #3 0x2cc88 in do_pam_session (username=0x115fb0 "wyodlows", ttyname=0x0) > at auth-pam.c:283 > #4 0x32360 in do_exec_no_pty (s=0x1108ac, command=0x121950 "ls") > at session.c:433 > #5 0x32884 in do_exec (s=0x1108ac, command=0x121950 "ls") at session.c:668 > #6 0x34008 in session_exec_req (s=0x1108ac) at session.c:1742 > #7 0x3417c in session_input_channel_req (id=0, arg=0x0) at session.c:1795 > #8 0x3a040 in channel_input_channel_request (type=98, plen=19, ctxt=0x116898) > at channels.c:1974 > #9 0x3cae0 in dispatch_run (mode=1, done=0x0, ctxt=0x116898) at dispatch.c:71 > #10 0x30e1c in process_buffered_input_packets () at serverloop.c:423 > #11 0x314b8 in server_loop2 (authctxt=0xffbef408) at serverloop.c:705 > #12 0x348d8 in do_authenticated2 (authctxt=0x1170f0) at session.c:2063 > #13 0x31eb4 in do_authenticated (authctxt=0x1170f0) at session.c:199 > #14 0x29c68 in do_authentication2 () at auth2.c:134 > #15 0x280d4 in main (ac=6, av=0x8) at sshd.c:1204 > > > I do not claim to know what the correct fix is, however I can avoid > the segfault by removing the do_pam_session() call. This is how the > same code looks in 2.9p2 (which doesn't segfault). > > I'll happily provide any information needed to help fix this. Thanks. > > > --- openssh/session.c.orig Mon Oct 22 22:42:46 2001 > +++ openssh/session.c Mon Oct 22 22:43:31 2001 > @@ -430,7 +430,7 @@ do_exec_no_pty(Session *s, const char *c > session_proctitle(s); > > #if defined(USE_PAM) > - do_pam_session(s->pw->pw_name, NULL); > +/* do_pam_session(s->pw->pw_name, NULL); */ > do_pam_setcred(1); > #endif /* USE_PAM */ > >Ed Phillips <ed at udel.edu> University of Delaware (302) 831-6082 Systems Programmer III, Network and Systems Services finger -l ed at polycut.nss.udel.edu for PGP public key
mouring at etoh.eviladmin.org
2001-Oct-23 14:38 UTC
PAM problem - sshd segfault on Solaris
PAM handling changes slightly which broke Solaris. This is a known issue and will be resovled in 3.0. after ./configure go into your config.h and set 'PAM_TTY_KLUDGE' and the problem should go away. - Ben On Tue, 23 Oct 2001, William Yodlowsky wrote:> I'm using OpenSSH-2.9.9p2 on Solaris 8 sparc64. 2.9p2 worked fine, but > 2.9.9p2+ is giving me trouble with one thing - sshd segfaults if I try to > connect and execute a command, such as "ssh machine ls". Otherwise it > works great. sshd will fork, and the child process segfaults. > > CVS snapshot does the same thing. > > I've narrowed this down somewhat. It will only happen if you use > ./configure --with-pam (see below). > > Output from "gdb ./sshd" and "run -p 2022 -d -d -d" (IP obscured): > > ... > Failed none for wyodlows from a.b.c.d port 45214 ssh2 > debug1: userauth-request for user wyodlows service ssh-connection method password > debug1: attempt 1 failures 1 > debug2: input_userauth_request: try method password > debug1: PAM Password authentication accepted for user "wyodlows" > Accepted password for wyodlows from a.b.c.d port 45214 ssh2 > debug1: Entering interactive session for SSH2. > debug1: server_init_dispatch_20 > debug1: server_input_channel_open: ctype session rchan 0 win 65536 max 32768 > debug1: input_session_request > debug1: channel 0: new [server-session] > debug1: session_new: init > debug1: session_new: session 0 > debug1: session_open: channel 0 > debug1: session_open: session 0: link with channel 0 > debug1: server_input_channel_open: confirm session > debug2: callback start > debug1: session_by_channel: session 0 channel 0 > debug1: session_input_channel_req: session 0 channel 0 request exec reply 0 > > Program received signal SIGSEGV, Segmentation fault. > 0xff133a9c in strncpy () from /usr/lib/libc.so.1 > (gdb) bt > #0 0xff133a9c in strncpy () from /usr/lib/libc.so.1 > #1 0xff0b61b0 in pam_sm_open_session () from /usr/lib/security/pam_unix.so.1 > #2 0xff372b88 in pam_open_session () from /usr/lib/libpam.so.1 > #3 0x2cc88 in do_pam_session (username=0x115fb0 "wyodlows", ttyname=0x0) > at auth-pam.c:283 > #4 0x32360 in do_exec_no_pty (s=0x1108ac, command=0x121950 "ls") > at session.c:433 > #5 0x32884 in do_exec (s=0x1108ac, command=0x121950 "ls") at session.c:668 > #6 0x34008 in session_exec_req (s=0x1108ac) at session.c:1742 > #7 0x3417c in session_input_channel_req (id=0, arg=0x0) at session.c:1795 > #8 0x3a040 in channel_input_channel_request (type=98, plen=19, ctxt=0x116898) > at channels.c:1974 > #9 0x3cae0 in dispatch_run (mode=1, done=0x0, ctxt=0x116898) at dispatch.c:71 > #10 0x30e1c in process_buffered_input_packets () at serverloop.c:423 > #11 0x314b8 in server_loop2 (authctxt=0xffbef408) at serverloop.c:705 > #12 0x348d8 in do_authenticated2 (authctxt=0x1170f0) at session.c:2063 > #13 0x31eb4 in do_authenticated (authctxt=0x1170f0) at session.c:199 > #14 0x29c68 in do_authentication2 () at auth2.c:134 > #15 0x280d4 in main (ac=6, av=0x8) at sshd.c:1204 > > > I do not claim to know what the correct fix is, however I can avoid > the segfault by removing the do_pam_session() call. This is how the > same code looks in 2.9p2 (which doesn't segfault). > > I'll happily provide any information needed to help fix this. Thanks. > > > --- openssh/session.c.orig Mon Oct 22 22:42:46 2001 > +++ openssh/session.c Mon Oct 22 22:43:31 2001 > @@ -430,7 +430,7 @@ do_exec_no_pty(Session *s, const char *c > session_proctitle(s); > > #if defined(USE_PAM) > - do_pam_session(s->pw->pw_name, NULL); > +/* do_pam_session(s->pw->pw_name, NULL); */ > do_pam_setcred(1); > #endif /* USE_PAM */ > >