[Bug 3349] New: Test sshd in chroot fails when syscall close_range is undefined and openssh is built with glibc 2.34

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Thu Sep 23 08:36:04 AEST 2021


https://bugzilla.mindrot.org/show_bug.cgi?id=3349

            Bug ID: 3349
           Summary: Test sshd in chroot fails when syscall close_range is
                    undefined and openssh is built with glibc 2.34
           Product: Portable OpenSSH
           Version: 8.7p1
          Hardware: All
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P5
         Component: sshd
          Assignee: unassigned-bugs at mindrot.org
          Reporter: william.wilson at canonical.com

Created attachment 3548
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3548&action=edit
failed ssh and sshd logs

This was discovered due to a failing test: regress/sftp-chroot. The
host kernel is 5.4, and a container is using glibc 2.34 to build
openssh. When attempting to start sshd in the chroot, the libc
fallback_closefrom function attempts to read /proc/self/fd, which is
not present in the chroot. This glibc implementation of closefrom
proceeds to fail silently, causing the sftp-chroot test to fail.

The test works on kernels with close_range defined, because the
fallback is never reached. I have so far recreated the failure on
amd64, arm64, and armhf. The attached logs are from an amd64 failure.

Running ./configure with ac_cv_func_closefrom=no resolves this failure.
We will be doing this in Ubuntu for the time being, but if there is a
better solution for handling this glibc implementation of closefrom we
will implement that instead.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list