[Bug 1255] Solaris contract support has a problem

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Fri Oct 27 21:38:10 EST 2006


http://bugzilla.mindrot.org/show_bug.cgi?id=1255





------- Comment #2 from andrew.benham at thus.net  2006-10-27 21:38 -------
OK, thanks for the info.  It must be our builds then.

Configure args are:
./configure --prefix=/opt/thus --bindir=/opt/thus/bin
--sbindir=/opt/thus/sbin --libexecdir=/opt/thus/libexec/ssh
--datadir=/opt/thus/share/ssh --sysconfdir=/etc/opt/THUSssh
--sharedstatedir=/opt/thus/com/ssh --localstatedir=/var/opt/THUSssh
--libdir=/opt/thus/lib --includedir=/opt/thus/include/ssh
--oldincludedir=/opt/thus/include/ssh --infodir=/opt/thus/share/info
--mandir=/opt/thus/share/man --disable-strip --with-tcp-wrappers
--with-pid-dir=/var/run --with-ssl-dir=/usr/sfw --with-ssl-engine
--with-pam --with-xauth=/usr/openwin/bin/xauth --with-audit=bsm
--with-solaris-contracts

Using Sun Studio 11 as the compiler.

sshd_config is essentially standard.

The test I gave is using 2 completely separate ssh connections, and a
straight "kill <PID>" command.

We're running sshd via SMF.

The listening daemon's contract is:
root at solaris-10-sparc:/# ctstat -vi 51
CTID    ZONEID  TYPE    STATE   HOLDER  EVENTS  QTIME   NTIME
51      0       process owned   7       0       -       -
         cookie:                0x20
         informative event set: none
         critical event set:    core signal hwerr empty
         fatal event set:       none
         parameter set:         inherit regent
         member processes:      411
         inherited contracts:   none

A spawned user ssh process contract is:
root at solaris-10-sparc:/# ctstat -vi 1866
CTID    ZONEID  TYPE    STATE   HOLDER  EVENTS  QTIME   NTIME
1866    0       process orphan  -       0       -       -
         cookie:                0
         informative event set: core signal
         critical event set:    hwerr
         fatal event set:       core signal hwerr
         parameter set:         none
         member processes:      20871 20874 20880
         inherited contracts:   none

The presence of 'signal' and 'core' in the fatal event set for the
spawned client's contract is interesting - as is the fact that the
user's shell is in the same contract as the spawned sshd:

benhaman at solaris-10-sparc:~$ ps -f
     UID   PID  PPID   C    STIME TTY         TIME CMD
benhaman  5561  5549   0 11:35:30 pts/1       0:00 ps -f
benhaman  5549  5547   0 11:35:27 pts/1       0:00 -bash
benhaman at solaris-10-sparc:~$ ptree -c 5549
[process contract 1996]
  5545  /opt/thus/sbin/sshd -u 0 -R
    5547  /opt/thus/sbin/sshd -u 0 -R
      5549  -bash
        5562  ptree -c 5549

(There are two '/opt/thus/sbin/sshd -u 0 -R' processes because of
privilege separation).




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.



More information about the openssh-bugs mailing list