Mailing List Archive

https://bugzilla.mindrot.org/show_bug.cgi?id=3441

--- Comment #2 from Darren Tucker <dtucker@dtucker.net> ---
Also, what platform, compiler, and architecture (Hardware = "Other"?)
was this on?

--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

https://bugzilla.mindrot.org/show_bug.cgi?id=3441

--- Comment #3 from Dmitry Belyavskiy <dbelyavs@redhat.com> ---
The 1st error was caused by lack of libasan.

After I installed it, the configure hangs on
checking if select and/or poll works with descriptor rlimit...

I test on x86_64 Fedora 35 Linux,

$ gcc --version
gcc (GCC) 11.3.1 20220421 (Red Hat 11.3.1-2)
Copyright (C) 2021 Free Software Foundation, Inc.

--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

https://bugzilla.mindrot.org/show_bug.cgi?id=3441

Dmitry Belyavskiy <dbelyavs@redhat.com> changed:

What |Removed |Added
----------------------------------------------------------------------------
Hardware|Other |ARM64

--- Comment #4 from Dmitry Belyavskiy <dbelyavs@redhat.com> ---
See also https://bugzilla.redhat.com/show_bug.cgi?id=2070137

--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

https://bugzilla.mindrot.org/show_bug.cgi?id=3441

Dmitry Belyavskiy <dbelyavs@redhat.com> changed:

What |Removed |Added
----------------------------------------------------------------------------
Hardware|ARM64 |amd64

--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

https://bugzilla.mindrot.org/show_bug.cgi?id=3441

--- Comment #5 from Darren Tucker <dtucker@dtucker.net> ---
Th(In reply to Dmitry Belyavskiy from comment #4)
> See also https://bugzilla.redhat.com/show_bug.cgi?id=2070137

I split out the rlimit+select check before I read that bug but got the
same result:

$ ./a.out
==2109378==Can't open /proc/2109377/task for reading.
==2109377==LeakSanitizer has encountered a fatal error.
==2109377==HINT: For debugging, try setting environment variable
LSAN_OPTIONS=verbosity=1:log_threads=1
==2109377==HINT: LeakSanitizer does not work under ptrace (strace, gdb,
etc)

You can work around that by skipping the rlimit+select check if
--without-sandbox is set, which gets to the dlsym problem:

usr/bin/ld: ./libssh.a(ssh-pkcs11.o): undefined reference to symbol
'dlsym@@GLIBC_2.2.5'
//usr/lib64/libdl.so.2: error adding symbols: DSO missing from command
line
collect2: error: ld returned 1 exit status

which you can work around by disabling the things that need dlsym
("--disable-security-key --disable-pkcs11") which brings us to the
final problem: the leak checker in the preauth privsep process can't
open /proc because that process is in a chroot and fails when the
process exits:

$ sudo `pwd`/sshd -ddde -p 2022
[...]
debug3: mm_send_keystate: Finished sending state [preauth]
==2194517==Can't open /proc/2194515/task for reading.
==2194515==LeakSanitizer has encountered a fatal error.
==2194515==HINT: For debugging, try setting environment variable
LSAN_OPTIONS=verbosity=1:log_threads=1
==2194515==HINT: LeakSanitizer does not work under ptrace (strace, gdb,
etc)

This one is a dealbreaker as long as the leak checker needs access to
/proc since privsep is required. You could try hacking the code to
disable privsep for testing purposes but be aware that's now an
untested and unsupported configuration.

--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

https://bugzilla.mindrot.org/show_bug.cgi?id=3441

--- Comment #6 from Darren Tucker <dtucker@dtucker.net> ---
Created attachment 3596
--> https://bugzilla.mindrot.org/attachment.cgi?id=3596&action=edit
Skip rlimit+select check if sandbox is disabled.

--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs