CLANG 3.2 breaks security/pam_ssh_agent_auth on stable/9

Kimmo Paasiala kpaasial at gmail.com
Thu Jan 17 03:49:55 UTC 2013 

On Thu, Jan 17, 2013 at 2:11 AM, Brooks Davis <brooks at freebsd.org> wrote:
> On Wed, Jan 16, 2013 at 08:01:00PM +0200, Kimmo Paasiala wrote:
>> On Wed, Jan 16, 2013 at 6:15 PM, Dimitry Andric <dim at freebsd.org> wrote:
>> > On 2013-01-16 13:05, Kimmo Paasiala wrote:
>> >>
>> >> I just updated my stable/9 system after clang3.2 was added. My system
>> >> is amd64, both world and kernel are compiled with clang3.2 and the
>> >> default compiler is clang. I'm tracking the sources with GIT and the
>> >> version I have corresponds to SVN revision r245451.
>> >>
>> >> Everything else seems to work but the pam authentication module
>> >> security/pam_ssh_agent_auth segfaults immediately.
>> >
>> > ...
>> >
>> >> #0  0x0000000800ef2070 in strsvis () from /lib/libc.so.7
>> >> #1  0x0000000800ef2584 in strvis () from /lib/libc.so.7
>> >> #2  0x0000000800ef25e5 in strnvis () from /lib/libc.so.7
>> >> #3  0x0000000801c0e2e7 in do_log () from
>> >> /usr/local/lib/pam_ssh_agent_auth.so
>> >> #4  0x0000000801c0e4ff in logit () from
>> >> /usr/local/lib/pam_ssh_agent_auth.so
>> >
>> > ...
>> >
>> >> The str*vis() calls suggest that it's something in the libc maybe?
>> >
>> >
>> > Brooks merged the new strvis implementations in r245439, so you may have
>> > run into a bug with them.  I don't think this is caused specifically by
>> > clang, at least not without more proof. :-)
>> >
>> > Can you try reverting to the revision just before r245439, rebuilding
>> > and reinstalling at least libc, and see if the pam_ssh_agent_auth crash
>> > goes away?
>>
>> I'm rebuilding world now. Took me some time to figure out how to
>> revert the commits in git. I'll report back once finished.
>
> NetBSD and OpenBSD use different signatures for strnvis(). :(
> pam_ssh_agent_auth assumes that if the system has one it is the OpenBSD
> one but ours is the NetBSD one.  The port will need to be patched to use
> the openbsd version like it was doing or to swap the second and third
> arguments when build on newer versions of FreeBSD.
>
> -- Brooks

Doesn't the change to strnvis() break the ABI on FreeBSD 9.X? I
thought you could always compile a binary on an earlier version of
FreeBSD 9.X and trust it to work without recompiling on any later
minor version of the same major version line.

(dynamic link libraries that are from ports excluded of course)

-Kimmo

More information about the freebsd-stable mailing list