sshd segfaults on exit when no tty allocated

Christopher Cowart ccowart at rescomp.berkeley.edu
Fri May 11 21:12:55 UTC 2007 

On Fri, May 11, 2007 at 10:59:19AM -0400, Lowell Gilbert wrote:
> Christopher Cowart <ccowart at rescomp.berkeley.edu> writes:
> > When I ssh into FreeBSD hosts without allocating a tty, sshd segfaults
> > after the process terminates. This problem occurs on both 6_1_REL and
> > 6_2_REL installations at all sorts of patch levels.
> >
> > Examples:
> >
> > Client: `ssh -t server ls`
> > Server Logs: 
> > | May  9 15:33:44 server sshd[1503]: Accepted publickey for ccowart from 
> > |     client port 43604 ssh2
> > | May  9 15:33:45 server sshd[1505]: pam_sm_close_session(): no utmp 
> > |     record for ttyp5
> >
> > Client: `ssh server ls`
> > Server Logs:
> > | May  9 15:33:50 server sshd[1509]: Accepted publickey for ccowart from
> > |   client port 42119 ssh2
> > | May  9 15:33:51 server pid 1511 (sshd), uid 1225: exited on signal 11
> >
> > In either example, the client thinks the command has completed
> > successfully, shows proper output, and propogates the return value from
> > the remote command. The main problem is I don't like seeing a bunch of
> > segfaults being logged in the daily run output.
> >
> > Our sshd_config stock, except we set `PermitRootLogin yes`.
> >
> > Does anyone know why this happens? Should I file a problem report?
> 
> I can't reproduce it on my own machines (-STABLE, a few weeks old), so
> a PR probably would need a more precise reproduction scenario.

Thanks for the sanity check. I went back and did some more thourough
troubleshooting. I am currently using pam_ldap and pam_require from
ports. I went through my pam configuration, set everything to
pam_permit, and the segfaults went away.

Uncommenting one rule at a time in my pam stack, I discovered the
culprit: pam_lastlog

The session section of my system pam configuration looks like this:

| # session
| session     required    pam_lastlog.so      no_fail debug
| session     optional    /usr/local/lib/pam_ldap.so no_warn

When I comment out the pam_lastlog, the segfaults vanish. Should I file
a PR with this new information?

Thanks,

-- 
Chris Cowart
Lead Systems Administrator
Network Infrastructure, RSSP-IT
UC Berkeley
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20070511/25e567e1/attachment.pgp

More information about the freebsd-questions mailing list