Date: Fri, 11 May 2007 14:12:54 -0700 From: Christopher Cowart <ccowart@rescomp.berkeley.edu> To: Lowell Gilbert <freebsd-questions-local@be-well.ilk.org> Cc: freebsd-questions@freebsd.org Subject: Re: sshd segfaults on exit when no tty allocated Message-ID: <20070511211254.GK25685@rescomp.berkeley.edu> In-Reply-To: <44ejln4da0.fsf@be-well.ilk.org> References: <20070509224851.GY25685@rescomp.berkeley.edu> <44ejln4da0.fsf@be-well.ilk.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--Ai6NJizWfpRUKxSm Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, May 11, 2007 at 10:59:19AM -0400, Lowell Gilbert wrote: > Christopher Cowart <ccowart@rescomp.berkeley.edu> writes: > > When I ssh into FreeBSD hosts without allocating a tty, sshd segfaults > > after the process terminates. This problem occurs on both 6_1_REL and > > 6_2_REL installations at all sorts of patch levels. > > > > Examples: > > > > Client: `ssh -t server ls` > > Server Logs:=20 > > | May 9 15:33:44 server sshd[1503]: Accepted publickey for ccowart fro= m=20 > > | client port 43604 ssh2 > > | May 9 15:33:45 server sshd[1505]: pam_sm_close_session(): no utmp=20 > > | record for ttyp5 > > > > Client: `ssh server ls` > > Server Logs: > > | May 9 15:33:50 server sshd[1509]: Accepted publickey for ccowart from > > | client port 42119 ssh2 > > | May 9 15:33:51 server pid 1511 (sshd), uid 1225: exited on signal 11 > > > > In either example, the client thinks the command has completed > > successfully, shows proper output, and propogates the return value from > > the remote command. The main problem is I don't like seeing a bunch of > > segfaults being logged in the daily run output. > > > > Our sshd_config stock, except we set `PermitRootLogin yes`. > > > > Does anyone know why this happens? Should I file a problem report? >=20 > I can't reproduce it on my own machines (-STABLE, a few weeks old), so > a PR probably would need a more precise reproduction scenario. Thanks for the sanity check. I went back and did some more thourough troubleshooting. I am currently using pam_ldap and pam_require from ports. I went through my pam configuration, set everything to pam_permit, and the segfaults went away. Uncommenting one rule at a time in my pam stack, I discovered the culprit: pam_lastlog The session section of my system pam configuration looks like this: | # session | session required pam_lastlog.so no_fail debug | session optional /usr/local/lib/pam_ldap.so no_warn When I comment out the pam_lastlog, the segfaults vanish. Should I file a PR with this new information? Thanks, --=20 Chris Cowart Lead Systems Administrator Network Infrastructure, RSSP-IT UC Berkeley --Ai6NJizWfpRUKxSm Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFGRNxWV3SOqjnqPh0RArPZAJ9g6uN3ebtW6bSnwrEaz2WH6BHqqwCgnA5J ZA1/r/tBkofIaRebtRnzHiY= =M/W3 -----END PGP SIGNATURE----- --Ai6NJizWfpRUKxSm--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070511211254.GK25685>