Mantis - openssh
Viewing Issue Advanced Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
5006 regular use crash always 2012-09-30 20:54 2012-10-01 00:12
Reporter: ihsan Platform:  
Assigned To: yann OS:  
Priority: normal OS Version:  
Status: closed Product Version:  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version:  
Summary: 0005006: Compressed connections do not Work
Description: Client: OpenSSH 5.4p1, stock FreeBSD 8.3

"Compression" set to "yes" in sshd_config

sshd debug output:
debug1: trying public key file /home/xxx/.ssh/authorized_keys
debug1: fd 7 clearing O_NONBLOCK
debug1: matching key found: file /home/xxx/.ssh/authorized_keys, line 1
Found matching DSA key: xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx
debug1: restore_uid: 0/0
debug1: ssh_dss_verify: signature correct
debug1: do_pam_account: called
Accepted publickey for xxxxx from xxx.xxx.xxx.xxx port 38033 ssh2
ld.so.1: sshd: fatal: libz.so.1: open failed: No such file or directory
ld.so.1: sshd: fatal: relocation error: file /opt/csw/sbin/sshd: symbol inflateInit_: referenced symbol not found
debug1: monitor_read_log: child log fd closed
debug1: monitor_child_preauth: xxxxx has been authenticated by privileged process
debug1: do_cleanup
debug1: PAM: cleanup

Workaround:
Disable Compression in sshd_config
Steps To Reproduce:
Additional Information:
Relationships
Attached Files:
Issue History
Date Modified Username Field Change
2012-09-30 20:54 ihsan New Issue
2012-09-30 21:54 yann Note Added: 0010144
2012-09-30 21:54 yann Assigned To => yann
2012-09-30 21:54 yann Status new => acknowledged
2012-09-30 21:58 yann Note Added: 0010145
2012-09-30 22:00 yann Note Added: 0010146
2012-09-30 22:07 yann Note Added: 0010147
2012-09-30 22:34 yann Note Added: 0010148
2012-09-30 23:01 yann Note Added: 0010149
2012-09-30 23:01 yann Status acknowledged => feedback
2012-09-30 23:18 ihsan Note Added: 0010150
2012-10-01 00:12 yann Note Added: 0010151
2012-10-01 00:12 yann Status feedback => closed
2012-10-01 00:12 yann Resolution open => fixed

Notes
(0010144)
yann   
2012-09-30 21:54   
That's strange !

I am working on it.

Yann
(0010145)
yann   
2012-09-30 21:58   
Still strange, here's the truss output of sshd which shows where it looks for libz:


# truss -f /opt/csw/sbin/sshd -d -d -d 2>&1 | grep libz
1260: stat64("/opt/csw/lib/amd64/libz.so.1", 0x08046DB0) Err#2 ENOENT
1260: stat64("/opt/csw/lib/pentium_pro+mmx/libz.so.1", 0x08046DB0) Err#2 ENOENT
1260: stat64("/opt/csw/lib/pentium_pro/libz.so.1", 0x08046DB0) Err#2 ENOENT
1260: stat64("/opt/csw/lib/pentium+mmx/libz.so.1", 0x08046DB0) Err#2 ENOENT
1260: stat64("/opt/csw/lib/pentium/libz.so.1", 0x08046DB0) Err#2 ENOENT
1260: stat64("/opt/csw/lib/i486/libz.so.1", 0x08046DB0) Err#2 ENOENT
1260: stat64("/opt/csw/lib/i386/libz.so.1", 0x08046DB0) Err#2 ENOENT
1260: stat64("/opt/csw/lib/i86/libz.so.1", 0x08046DB0) Err#2 ENOENT
1260: stat64("/opt/csw/lib/libz.so.1", 0x08046DB0) Err#2 ENOENT
1260: stat64("/lib/libz.so.1", 0x08046DB0) Err#2 ENOENT
1260: stat64("/usr/lib/libz.so.1", 0x08046DB0) Err#2 ENOENT
ld.so.1: sshd: fatal: libz.so.1: open failed: No such file or directory1260: write(2, " l d . s o . 1 : s s h".., 71) = 71

However, /opt/csw/lib/libz.so.1 is present:


# ls -lh /opt/csw/lib/libz.so.1*
lrwxrwxrwx 1 root root 13 Jun 25 19:49 /opt/csw/lib/libz.so.1 -> libz.so.1.2.7
-rwxr-xr-x 1 root bin 112K Jun 14 23:10 /opt/csw/lib/libz.so.1.2.7


I wonder if it's related to some chrooting. Still searching.
(0010146)
yann   
2012-09-30 22:00   
I confirm that it's a chroot problem.
Before the libz search lines, the process has been chrooted in /var/opt/csw/empty:

...
1260: chroot("/var/opt/csw/empty") = 0
...
(0010147)
yann   
2012-09-30 22:07   
You can workaround the problem by disabling Privilege Separation in /etc/opt/csw/ssh/sshd_config:

UsePrivilegeSeparation no

You should also be able to workaround by putting zlib in the chroot but that gives me a segmentation fault.

I am still trying to figure out if this is an expected behaviour.
(0010148)
yann   
2012-09-30 22:34   
Hmm, I think it's a side effect of direct binding. Direct binding also enable lazy binding, which means libz is only loaded where the first symbol is used.

As it happens when the process is chrooted, it can't find the library.
I think I know how to fix it.
(0010149)
yann   
2012-09-30 23:01   
I disabled lazyloading by adding the following line in the Makefile:
  EXTRA_LD_OPTIONS = -z nolazyload

You will find fixed packages in my experimental repository:
 pkgutil -t http://buildfarm.opencsw.org/opencsw/experimental/yann [^] -i openssh

I tested them and everything seems to be ok.
Can you confirm me that everything works fine for you too ?

Yann
(0010150)
ihsan   
2012-09-30 23:18   
Just installed the new packages.
Works perfectly.

Thank you very much for fixing so quickly.
(0010151)
yann   
2012-10-01 00:12   
I updated fixed packages in unstable.
I am closing this bug.