0005006: Compressed connections do not Work

(0010144)
yann (manager)
2012-09-30 21:54

That's strange !

I am working on it.

Yann

(0010145)
yann (manager)
2012-09-30 21:58

Still strange, here's the truss output of sshd which shows where it looks for libz:

# truss -f /opt/csw/sbin/sshd -d -d -d 2>&1 | grep libz
1260: stat64("/opt/csw/lib/amd64/libz.so.1", 0x08046DB0) Err#2 ENOENT
1260: stat64("/opt/csw/lib/pentium_pro+mmx/libz.so.1", 0x08046DB0) Err#2 ENOENT
1260: stat64("/opt/csw/lib/pentium_pro/libz.so.1", 0x08046DB0) Err#2 ENOENT
1260: stat64("/opt/csw/lib/pentium+mmx/libz.so.1", 0x08046DB0) Err#2 ENOENT
1260: stat64("/opt/csw/lib/pentium/libz.so.1", 0x08046DB0) Err#2 ENOENT
1260: stat64("/opt/csw/lib/i486/libz.so.1", 0x08046DB0) Err#2 ENOENT
1260: stat64("/opt/csw/lib/i386/libz.so.1", 0x08046DB0) Err#2 ENOENT
1260: stat64("/opt/csw/lib/i86/libz.so.1", 0x08046DB0) Err#2 ENOENT
1260: stat64("/opt/csw/lib/libz.so.1", 0x08046DB0) Err#2 ENOENT
1260: stat64("/lib/libz.so.1", 0x08046DB0) Err#2 ENOENT
1260: stat64("/usr/lib/libz.so.1", 0x08046DB0) Err#2 ENOENT
ld.so.1: sshd: fatal: libz.so.1: open failed: No such file or directory1260: write(2, " l d . s o . 1 : s s h".., 71) = 71

However, /opt/csw/lib/libz.so.1 is present:

# ls -lh /opt/csw/lib/libz.so.1*
lrwxrwxrwx 1 root root 13 Jun 25 19:49 /opt/csw/lib/libz.so.1 -> libz.so.1.2.7
-rwxr-xr-x 1 root bin 112K Jun 14 23:10 /opt/csw/lib/libz.so.1.2.7

I wonder if it's related to some chrooting. Still searching.

(0010146)
yann (manager)
2012-09-30 22:00

I confirm that it's a chroot problem.
Before the libz search lines, the process has been chrooted in /var/opt/csw/empty:

...
1260: chroot("/var/opt/csw/empty") = 0
...

(0010147)
yann (manager)
2012-09-30 22:07

You can workaround the problem by disabling Privilege Separation in /etc/opt/csw/ssh/sshd_config:

UsePrivilegeSeparation no

You should also be able to workaround by putting zlib in the chroot but that gives me a segmentation fault.

I am still trying to figure out if this is an expected behaviour.

(0010148)
yann (manager)
2012-09-30 22:34

Hmm, I think it's a side effect of direct binding. Direct binding also enable lazy binding, which means libz is only loaded where the first symbol is used.

As it happens when the process is chrooted, it can't find the library.
I think I know how to fix it.

(0010149)
yann (manager)
2012-09-30 23:01

I disabled lazyloading by adding the following line in the Makefile:
EXTRA_LD_OPTIONS = -z nolazyload

You will find fixed packages in my experimental repository:
pkgutil -t http://buildfarm.opencsw.org/opencsw/experimental/yann [^] -i openssh

I tested them and everything seems to be ok.
Can you confirm me that everything works fine for you too ?

Yann

(0010150)
ihsan (developer)
2012-09-30 23:18

Just installed the new packages.
Works perfectly.

Thank you very much for fixing so quickly.

(0010151)
yann (manager)
2012-10-01 00:12

I updated fixed packages in unstable.
I am closing this bug.

Notes
(0010144) yann (manager) 2012-09-30 21:54	That's strange ! I am working on it. Yann

(0010145) yann (manager) 2012-09-30 21:58	Still strange, here's the truss output of sshd which shows where it looks for libz: # truss -f /opt/csw/sbin/sshd -d -d -d 2>&1 \| grep libz 1260: stat64("/opt/csw/lib/amd64/libz.so.1", 0x08046DB0) Err#2 ENOENT 1260: stat64("/opt/csw/lib/pentium_pro+mmx/libz.so.1", 0x08046DB0) Err#2 ENOENT 1260: stat64("/opt/csw/lib/pentium_pro/libz.so.1", 0x08046DB0) Err#2 ENOENT 1260: stat64("/opt/csw/lib/pentium+mmx/libz.so.1", 0x08046DB0) Err#2 ENOENT 1260: stat64("/opt/csw/lib/pentium/libz.so.1", 0x08046DB0) Err#2 ENOENT 1260: stat64("/opt/csw/lib/i486/libz.so.1", 0x08046DB0) Err#2 ENOENT 1260: stat64("/opt/csw/lib/i386/libz.so.1", 0x08046DB0) Err#2 ENOENT 1260: stat64("/opt/csw/lib/i86/libz.so.1", 0x08046DB0) Err#2 ENOENT 1260: stat64("/opt/csw/lib/libz.so.1", 0x08046DB0) Err#2 ENOENT 1260: stat64("/lib/libz.so.1", 0x08046DB0) Err#2 ENOENT 1260: stat64("/usr/lib/libz.so.1", 0x08046DB0) Err#2 ENOENT ld.so.1: sshd: fatal: libz.so.1: open failed: No such file or directory1260: write(2, " l d . s o . 1 : s s h".., 71) = 71 However, /opt/csw/lib/libz.so.1 is present: # ls -lh /opt/csw/lib/libz.so.1* lrwxrwxrwx 1 root root 13 Jun 25 19:49 /opt/csw/lib/libz.so.1 -> libz.so.1.2.7 -rwxr-xr-x 1 root bin 112K Jun 14 23:10 /opt/csw/lib/libz.so.1.2.7 I wonder if it's related to some chrooting. Still searching.

(0010146) yann (manager) 2012-09-30 22:00	I confirm that it's a chroot problem. Before the libz search lines, the process has been chrooted in /var/opt/csw/empty: ... 1260: chroot("/var/opt/csw/empty") = 0 ...

(0010147) yann (manager) 2012-09-30 22:07	You can workaround the problem by disabling Privilege Separation in /etc/opt/csw/ssh/sshd_config: UsePrivilegeSeparation no You should also be able to workaround by putting zlib in the chroot but that gives me a segmentation fault. I am still trying to figure out if this is an expected behaviour.

(0010148) yann (manager) 2012-09-30 22:34	Hmm, I think it's a side effect of direct binding. Direct binding also enable lazy binding, which means libz is only loaded where the first symbol is used. As it happens when the process is chrooted, it can't find the library. I think I know how to fix it.

(0010149) yann (manager) 2012-09-30 23:01	I disabled lazyloading by adding the following line in the Makefile: EXTRA_LD_OPTIONS = -z nolazyload You will find fixed packages in my experimental repository: pkgutil -t http://buildfarm.opencsw.org/opencsw/experimental/yann [^] -i openssh I tested them and everything seems to be ok. Can you confirm me that everything works fine for you too ? Yann

(0010150) ihsan (developer) 2012-09-30 23:18	Just installed the new packages. Works perfectly. Thank you very much for fixing so quickly.

(0010151) yann (manager) 2012-10-01 00:12	I updated fixed packages in unstable. I am closing this bug.

Relationships

OpenCSW Bug Tracker