Date: Sat, 5 Feb 2005 22:52:26 -0800 From: Andrew Konstantinov <andrei@kableu.com> To: Doug White <dwhite@gumbysoft.com> Cc: freebsd-stable@freebsd.org Subject: Re: 5.3 -> 5 : sshd multiple log entries & login_getclass: unknown class 'root' Message-ID: <20050206065226.GA2103@warrior.kableu.com> In-Reply-To: <20050206061245.GA1774@warrior.kableu.com> References: <20050130084359.GA36069@warrior.kableu.com> <20050201012056.GA47334@warrior.kableu.com> <20050202070820.GA26302@warrior.kableu.com> <20050203210643.T47315@carver.gumbysoft.com> <20050206061245.GA1774@warrior.kableu.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--AqsLC8rIMeq19msA Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Feb 05, 2005 at 10:12:45PM -0800, Andrew Konstantinov wrote: > On Thu, Feb 03, 2005 at 09:11:07PM -0800, Doug White wrote: > > On Tue, 1 Feb 2005, Andrew Konstantinov wrote: > >=20 > > > > > I can't reproduce this on my systems, many of which started at 5.= 3 and now > > > > > build 5-stable. Are you using the system ssh or one you built fr= om ports? > > > > > > > > > > What is the output of 'ls -l /etc/login.conf*'? > > > > > > I knew I wasn't hallucinating. When I rebuild and reinstall src/lib/l= ibc > > > from RELENG_5_3 sources on RELENG_5 system, all of the above problems > > > disappear altogether. The bugs are in the dynamically linked library > > > that sshd relies on. Once the new library is in place and > > > "/etc/rc.d/sshd restart" is performed, the bugs disappear. I don't ha= ve > > > time to dig into that right now, but I'll be back with patches. > >=20 > > The simple fact stands that noone else can reproduce this, which leads = me > > to believe you took a non-standard approach to upgrading, and therefore > > are getting what you asked for. :-) > >=20 > > If you can provide exact reproduction steps, starting from bare metal, > > I'll follow them. >=20 > The other important thing that I've noticed is that when I set > UsePrivilegeSeparation in sshd_config to "no", all those bugs disappear. Also, when I traced sshd in debug mode using gdb, I've found that /usr/src/lib/libc/gen/getcap.c lines 246 - 274 work properly and return the valid "root" entry from the login database and that code is enclosed in the else statement that is a part of "if (fd >=3D 0)" construction. So, I appar= ently, something gets to getent around cgetent with already existing file descriptor which causes a different portion of code to be executed (instead of 246 - 274) which in its turn causes a problem. Perhaps the descriptor is poing to a wrong file? Andrew --AqsLC8rIMeq19msA Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQFCBb6qg+6MtxSjexcRAqwXAJ9OE+5ZqtDs51PjuERiAk+8dwY+VgCgu6+s BdlMNCafPIl+1dv4jGm+Fs8= =DVG+ -----END PGP SIGNATURE----- --AqsLC8rIMeq19msA--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050206065226.GA2103>