[Bug 3511] New: KbdInteractiveAuthentication and Golang goroutines scheduler

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Tue Dec 20 20:41:36 AEDT 2022


https://bugzilla.mindrot.org/show_bug.cgi?id=3511

            Bug ID: 3511
           Summary: KbdInteractiveAuthentication and Golang goroutines
                    scheduler
           Product: Portable OpenSSH
           Version: 9.1p1
          Hardware: amd64
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P5
         Component: PAM support
          Assignee: unassigned-bugs at mindrot.org
          Reporter: krasnovu at gmail.com

Hi! I don't know how to solve my problem and I don't know where the
problem is, in OpenSSH or Golang runtime.

I am writing a multi-factor PAM module in Golang. The module asks
questions to the user and waits for answers from him. So to make the
dialog work, I switch `KbdInteractiveAuthentication yes`. Everything
works, but as soon as the golang goroutine is launched, the module
freezes (stuck, hang). Hangs up so that no code in the module is
running anymore. The description for `KbdInteractiveAuthentication`
says `Change to yes to enable challenge-response passwords (beware
issues with some PAM modules and threads)`. Can you describe how this
option works, why does it break the golang goroutines scheduler?

If this is a known issue and a problem in golang, then I will open a
new issue on github, since mine
(https://github.com/golang/go/issues/57394) was closed due to the fact
that I could not explain the cause of the problem.

If this is an OpenSSH issue, then I can provide the necessary logs and
a minimal project to reproduce the issue.

ps. Unfortunately, even if I write in one thread, the http package in
golang itself launches goroutines and the module freezes.

pss. I've tried rebuilding the OpenSSH server with the
UNSUPPORTED_POSIX_THREADS_HACK declaration and then everything works as
it should, but I can't ask all users to rebuild the OpenSSH server. And
the description says there is no support for enabling this.

Thank you for your attention!

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list