Re: 5.3 -> 5 : sshd multiple log entries & login_getclass: unknown class 'root'
From: Andrew Konstantinov (andrei_at_kableu.com)
Date: 02/06/05
- Previous message: Karl Denninger: "Re: Problem with migrating onto a gmirror slice."
- In reply to: Doug White: "Re: 5.3 -> 5 : sshd multiple log entries & login_getclass: unknown class 'root'"
- Next in thread: Andrew Konstantinov: "Re: 5.3 -> 5 : sshd multiple log entries & login_getclass: unknown class 'root'"
- Reply: Andrew Konstantinov: "Re: 5.3 -> 5 : sshd multiple log entries & login_getclass: unknown class 'root'"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Sat, 5 Feb 2005 22:12:45 -0800 To: Doug White <dwhite@gumbysoft.com>
On Thu, Feb 03, 2005 at 09:11:07PM -0800, Doug White wrote:
> On Tue, 1 Feb 2005, Andrew Konstantinov wrote:
>
> > > > I can't reproduce this on my systems, many of which started at 5.3 and now
> > > > build 5-stable. Are you using the system ssh or one you built from ports?
> > > >
> > > > What is the output of 'ls -l /etc/login.conf*'?
> >
> > I knew I wasn't hallucinating. When I rebuild and reinstall src/lib/libc
> > from RELENG_5_3 sources on RELENG_5 system, all of the above problems
> > disappear altogether. The bugs are in the dynamically linked library
> > that sshd relies on. Once the new library is in place and
> > "/etc/rc.d/sshd restart" is performed, the bugs disappear. I don't have
> > time to dig into that right now, but I'll be back with patches.
>
> The simple fact stands that noone else can reproduce this, which leads me
> to believe you took a non-standard approach to upgrading, and therefore
> are getting what you asked for. :-)
>
> If you can provide exact reproduction steps, starting from bare metal,
> I'll follow them.
No algorithm for reproduction yet, but here is some additional information
regarding this issue:
First of all, I just rebuild everything in the system twice, following the
proper sequence each time. Here are the steps I've taken:
- cvsup /usr/src with RELENG_5
- cd /usr/src && make buildworld buildkernel installkernel
- reboot into single user mode
- mount all
- cd /usr/src && make installworld
- mergemaster
- find /bin /sbin /lib /libexec /usr/bin /usr/sbin /usr/lib /usr/libexec \
/usr/libdata /usr/include -ctime +1d -exec rm -rf {} \;
- reboot
- rm -rf /usr/include/*
- cd /usr/src && make includes
- cd /usr/src && make buildworld buildkernel installkernel
- reboot into single user mode
- mount all
- cd /usr/src && make installworld
- mergemaster
- find /bin /sbin /lib /libexec /usr/bin /usr/sbin /usr/lib /usr/libexec \
/usr/libdata /usr/include -ctime +1d -exec rm -rf {} \;
- reboot
That sequence of steps should guarantee that none of the old libraries or old
includes in the /usr/include find their way into the upgraded system. Sadly,
this didn't change anything.
The other important thing that I've noticed is that when I set
UsePrivilegeSeparation in sshd_config to "no", all those bugs disappear.
I'll try to come up with a recipe for reproduction once I have enough time.
Andrew
- application/pgp-signature attachment: stored
- Previous message: Karl Denninger: "Re: Problem with migrating onto a gmirror slice."
- In reply to: Doug White: "Re: 5.3 -> 5 : sshd multiple log entries & login_getclass: unknown class 'root'"
- Next in thread: Andrew Konstantinov: "Re: 5.3 -> 5 : sshd multiple log entries & login_getclass: unknown class 'root'"
- Reply: Andrew Konstantinov: "Re: 5.3 -> 5 : sshd multiple log entries & login_getclass: unknown class 'root'"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
