PAM problem - sshd segfault on Solaris

Wed Oct 24 00:38:01 EST 2001

PAM handling changes slightly which broke Solaris.  This is a known
issue and will be resovled in 3.0.

after ./configure  go into your config.h and set 'PAM_TTY_KLUDGE' and
the problem should go away.

- Ben
On Tue, 23 Oct 2001, William Yodlowsky wrote:

> I'm using OpenSSH-2.9.9p2 on Solaris 8 sparc64.  2.9p2 worked fine, but
> 2.9.9p2+ is giving me trouble with one thing - sshd segfaults if I try to
> connect and execute a command, such as "ssh machine ls".  Otherwise it
> works great.  sshd will fork, and the child process segfaults.
>
> CVS snapshot does the same thing.
>
> I've narrowed this down somewhat.  It will only happen if you use
> ./configure --with-pam (see below).
>
> Output from "gdb ./sshd" and "run -p 2022 -d -d -d" (IP obscured):
>
> ...
> Failed none for wyodlows from a.b.c.d port 45214 ssh2
> debug1: userauth-request for user wyodlows service ssh-connection method password
> debug1: attempt 1 failures 1
> debug2: input_userauth_request: try method password
> debug1: PAM Password authentication accepted for user "wyodlows"
> Accepted password for wyodlows from a.b.c.d port 45214 ssh2
> debug1: Entering interactive session for SSH2.
> debug1: server_init_dispatch_20
> debug1: server_input_channel_open: ctype session rchan 0 win 65536 max 32768
> debug1: input_session_request
> debug1: channel 0: new [server-session]
> debug1: session_new: init
> debug1: session_new: session 0
> debug1: session_open: channel 0
> debug1: session_open: session 0: link with channel 0
> debug1: server_input_channel_open: confirm session
> debug2: callback start
> debug1: session_by_channel: session 0 channel 0
> debug1: session_input_channel_req: session 0 channel 0 request exec reply 0
>
> Program received signal SIGSEGV, Segmentation fault.
> 0xff133a9c in strncpy () from /usr/lib/libc.so.1
> (gdb) bt
> #0  0xff133a9c in strncpy () from /usr/lib/libc.so.1
> #1  0xff0b61b0 in pam_sm_open_session () from /usr/lib/security/pam_unix.so.1
> #2  0xff372b88 in pam_open_session () from /usr/lib/libpam.so.1
> #3  0x2cc88 in do_pam_session (username=0x115fb0 "wyodlows", ttyname=0x0)
>     at auth-pam.c:283
> #4  0x32360 in do_exec_no_pty (s=0x1108ac, command=0x121950 "ls")
>     at session.c:433
> #5  0x32884 in do_exec (s=0x1108ac, command=0x121950 "ls") at session.c:668
> #6  0x34008 in session_exec_req (s=0x1108ac) at session.c:1742
> #7  0x3417c in session_input_channel_req (id=0, arg=0x0) at session.c:1795
> #8  0x3a040 in channel_input_channel_request (type=98, plen=19, ctxt=0x116898)
>     at channels.c:1974
> #9  0x3cae0 in dispatch_run (mode=1, done=0x0, ctxt=0x116898) at dispatch.c:71
> #10 0x30e1c in process_buffered_input_packets () at serverloop.c:423
> #11 0x314b8 in server_loop2 (authctxt=0xffbef408) at serverloop.c:705
> #12 0x348d8 in do_authenticated2 (authctxt=0x1170f0) at session.c:2063
> #13 0x31eb4 in do_authenticated (authctxt=0x1170f0) at session.c:199
> #14 0x29c68 in do_authentication2 () at auth2.c:134
> #15 0x280d4 in main (ac=6, av=0x8) at sshd.c:1204
>
>
> I do not claim to know what the correct fix is, however I can avoid
> the segfault by removing the do_pam_session() call.  This is how the
> same code looks in 2.9p2 (which doesn't segfault).
>
> I'll happily provide any information needed to help fix this.  Thanks.
>
>
> --- openssh/session.c.orig	Mon Oct 22 22:42:46 2001
> +++ openssh/session.c	Mon Oct 22 22:43:31 2001
> @@ -430,7 +430,7 @@ do_exec_no_pty(Session *s, const char *c
>  	session_proctitle(s);
>
>  #if defined(USE_PAM)
> -	do_pam_session(s->pw->pw_name, NULL);
> +/*	do_pam_session(s->pw->pw_name, NULL);		*/
>  	do_pam_setcred(1);
>  #endif /* USE_PAM */
>
>