Anonymous | Login | 2024-04-26 13:04 CEST |
Main | My View | View Issues |
Viewing Issue Simple Details [ Jump to Notes ] | [ View Advanced ] [ Issue History ] [ Print ] | ||||||
ID | Category | Severity | Reproducibility | Date Submitted | Last Update | ||
0005006 | [openssh] regular use | crash | always | 2012-09-30 20:54 | 2012-10-01 00:12 | ||
Reporter | ihsan | View Status | public | ||||
Assigned To | yann | ||||||
Priority | normal | Resolution | fixed | ||||
Status | closed | ||||||
Summary | 0005006: Compressed connections do not Work | ||||||
Description |
Client: OpenSSH 5.4p1, stock FreeBSD 8.3 "Compression" set to "yes" in sshd_config sshd debug output: debug1: trying public key file /home/xxx/.ssh/authorized_keys debug1: fd 7 clearing O_NONBLOCK debug1: matching key found: file /home/xxx/.ssh/authorized_keys, line 1 Found matching DSA key: xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx debug1: restore_uid: 0/0 debug1: ssh_dss_verify: signature correct debug1: do_pam_account: called Accepted publickey for xxxxx from xxx.xxx.xxx.xxx port 38033 ssh2 ld.so.1: sshd: fatal: libz.so.1: open failed: No such file or directory ld.so.1: sshd: fatal: relocation error: file /opt/csw/sbin/sshd: symbol inflateInit_: referenced symbol not found debug1: monitor_read_log: child log fd closed debug1: monitor_child_preauth: xxxxx has been authenticated by privileged process debug1: do_cleanup debug1: PAM: cleanup Workaround: Disable Compression in sshd_config |
||||||
Additional Information | |||||||
Tags | No tags attached. | ||||||
Attached Files | |||||||
|
Notes | |
(0010144) yann (manager) 2012-09-30 21:54 |
That's strange ! I am working on it. Yann |
(0010145) yann (manager) 2012-09-30 21:58 |
Still strange, here's the truss output of sshd which shows where it looks for libz: # truss -f /opt/csw/sbin/sshd -d -d -d 2>&1 | grep libz 1260: stat64("/opt/csw/lib/amd64/libz.so.1", 0x08046DB0) Err#2 ENOENT 1260: stat64("/opt/csw/lib/pentium_pro+mmx/libz.so.1", 0x08046DB0) Err#2 ENOENT 1260: stat64("/opt/csw/lib/pentium_pro/libz.so.1", 0x08046DB0) Err#2 ENOENT 1260: stat64("/opt/csw/lib/pentium+mmx/libz.so.1", 0x08046DB0) Err#2 ENOENT 1260: stat64("/opt/csw/lib/pentium/libz.so.1", 0x08046DB0) Err#2 ENOENT 1260: stat64("/opt/csw/lib/i486/libz.so.1", 0x08046DB0) Err#2 ENOENT 1260: stat64("/opt/csw/lib/i386/libz.so.1", 0x08046DB0) Err#2 ENOENT 1260: stat64("/opt/csw/lib/i86/libz.so.1", 0x08046DB0) Err#2 ENOENT 1260: stat64("/opt/csw/lib/libz.so.1", 0x08046DB0) Err#2 ENOENT 1260: stat64("/lib/libz.so.1", 0x08046DB0) Err#2 ENOENT 1260: stat64("/usr/lib/libz.so.1", 0x08046DB0) Err#2 ENOENT ld.so.1: sshd: fatal: libz.so.1: open failed: No such file or directory1260: write(2, " l d . s o . 1 : s s h".., 71) = 71 However, /opt/csw/lib/libz.so.1 is present: # ls -lh /opt/csw/lib/libz.so.1* lrwxrwxrwx 1 root root 13 Jun 25 19:49 /opt/csw/lib/libz.so.1 -> libz.so.1.2.7 -rwxr-xr-x 1 root bin 112K Jun 14 23:10 /opt/csw/lib/libz.so.1.2.7 I wonder if it's related to some chrooting. Still searching. |
(0010146) yann (manager) 2012-09-30 22:00 |
I confirm that it's a chroot problem. Before the libz search lines, the process has been chrooted in /var/opt/csw/empty: ... 1260: chroot("/var/opt/csw/empty") = 0 ... |
(0010147) yann (manager) 2012-09-30 22:07 |
You can workaround the problem by disabling Privilege Separation in /etc/opt/csw/ssh/sshd_config: UsePrivilegeSeparation no You should also be able to workaround by putting zlib in the chroot but that gives me a segmentation fault. I am still trying to figure out if this is an expected behaviour. |
(0010148) yann (manager) 2012-09-30 22:34 |
Hmm, I think it's a side effect of direct binding. Direct binding also enable lazy binding, which means libz is only loaded where the first symbol is used. As it happens when the process is chrooted, it can't find the library. I think I know how to fix it. |
(0010149) yann (manager) 2012-09-30 23:01 |
I disabled lazyloading by adding the following line in the Makefile: EXTRA_LD_OPTIONS = -z nolazyload You will find fixed packages in my experimental repository: pkgutil -t http://buildfarm.opencsw.org/opencsw/experimental/yann [^] -i openssh I tested them and everything seems to be ok. Can you confirm me that everything works fine for you too ? Yann |
(0010150) ihsan (developer) 2012-09-30 23:18 |
Just installed the new packages. Works perfectly. Thank you very much for fixing so quickly. |
(0010151) yann (manager) 2012-10-01 00:12 |
I updated fixed packages in unstable. I am closing this bug. |
Copyright © 2000 - 2008 Mantis Group |