GSSAPIDelegateCredentials fails with a segfault
Johan Andersson
johan at e-626.net
Tue May 1 20:23:44 EST 2007
Darren Tucker wrote:
> Simon Wilkinson wrote:
>> On 30 Apr 2007, at 17:23, Johan Andersson wrote:
>>> First off: Have anyone seen this before?
>>
>> No, this is the first report I've seen of this problem.
>
> I've seen something similar but with keyboard-interactive, which ended
> up being caused by a bug in glibc which was triggered by a name service
> lookup from inside a chroot. It's possible that you're seeing the same
> thing (and it would explain why there's no core dump: the chrooted child
> does not have permission to write anywhere).
>
> Try creating "dev" and "lib" directories inside your privsep dir
> (/var/empty by default) and if the problem goes away then this is the
> most likely cause.
>
[...]
Thanks, this is it. After created /var/empty/lib and /var/empty/dev,
this problem disappeared. Now when you say it, I have seen similar
problems in CVS-pserver when using glibc-2.5 with an old linux kernel
(<2.6.16). So I guess we can blame this on some faulty error handling in
glibc-2.5.
But this raises a new problem: The ticket cache /tmp/krb5cc_xxxxxx is
owned by root and not by the user, so klist fails with a "Permission
denied". Any idea about this?
/Johan Andersson
More information about the openssh-unix-dev
mailing list