[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Oh crap. OpenSSH 3.1 segfaulting (OpenBSD 2.8)
Hey folks,
I have a small emergency here. I just built and
installed OpenSSH 3.1 on one of my OpenBSD 2.8 machines.
It built perfectly, etc etc.
Unfortunately, it segfaults when I attempt to start
the new sshd up. And even stupider, I neglected to snag a
copy of the old binary before I installed it. Yes, I know,
that's one of the dumbest things you've ever heard. Well,
it happened. And now, I have two shells open on the machine
and I'm not getting any more until I get this fixed. ;)
Yes, this is a remote machine.
Process, straight from OpenSSH's website:
cd /usr/src/usr.bin
tar zxvf ../openssh-3.1.tgz
cd ssh
patch -p0 < ../openbsd28_3.1.patch (it applied cleanly)
make obj && make cleandir && make depend && make
(scrolled up through output, no errors)
make install
cp ssh_config sshd_config /etc
I then send sshd a HUP signal, and noticed it disappeared.
Not a good sign.
# /usr/sbin/sshd
Segmentation fault (core dumped)
Uh oh. Slight, clammy-handed panic begins to creep in, as
I realized that I was a dumbass and didn't make copies of
the binaries first.
Anyhoo, here is the slightly cleaned (removed the host keys)
kdump output, of me trying to start /usr/sbin/sshd:
2044 ktrace RET ktrace 0
2044 ktrace CALL execve(0xdfbfde77,0xdfbfde24,0xdfbfde2c)
2044 ktrace NAMI "/usr/sbin/sshd"
2044 sshd EMUL "native"
2044 sshd RET execve 0
2044 sshd CALL open(0x10b1,0,0)
2044 sshd NAMI "/usr/libexec/ld.so"
2044 sshd RET open 3
2044 sshd CALL read(0x3,0xdfbfddd4,0x20)
2044 sshd GIO fd 3 read 32 bytes
"\M-@\M^F\^A\v\0\M-P\0\0\0 \0\0\0\0\0\0\0\0\0\0 \0\0\0\0\0\0\0\0\0\0\0"
2044 sshd RET read 32/0x20
2044 sshd CALL mmap(0,0xf000,0x5,0x4,0x3,0,0,0)
2044 sshd RET mmap 1073987584/0x4003c000
2044 sshd CALL mmap(0x40049000,0x2000,0x3,0x14,0x3,0,0xd000,0)
2044 sshd RET mmap 1074040832/0x40049000
2044 sshd CALL getuid
2044 sshd RET getuid 0
2044 sshd CALL geteuid
2044 sshd RET geteuid 0
2044 sshd CALL getgid
2044 sshd RET getgid 0
2044 sshd CALL getegid
2044 sshd RET getegid 0
2044 sshd CALL __sysctl(0xdfbfdc74,0x2,0x4004a4dc,0xdfbfdc70,0,0)
2044 sshd RET __sysctl 0
2044 sshd CALL mmap(0,0x8000,0x3,0x1004,0xffffffff,0,0,0)
2044 sshd RET mmap 1074049024/0x4004b000
2044 sshd CALL open(0x4003d92f,0,0)
2044 sshd NAMI "/var/run/ld.so.hints"
2044 sshd RET open 4
2044 sshd CALL mmap(0,0x1000,0x1,0x4,0x4,0,0,0)
2044 sshd RET mmap 1074081792/0x40053000
2044 sshd CALL open(0x40053dcc,0,0)
2044 sshd NAMI "/usr/lib/libkafs.so.6.0"
2044 sshd RET open 5
2044 sshd CALL read(0x5,0xdfbfdccc,0x20)
2044 sshd GIO fd 5 read 32 bytes
"\M-@\M^F\^A\v\0 \0\0\0\^P\0\0\0\0\0\0\M-p\0\0\0 \0\0\0\0\0\0\0\0\0\0\0"
2044 sshd RET read 32/0x20
2044 sshd CALL mmap(0,0x3000,0x5,0x4,0x5,0,0,0)
2044 sshd RET mmap 1074085888/0x40054000
2044 sshd CALL mprotect(0x40056000,0x1000,0x7)
2044 sshd RET mprotect 0
2044 sshd CALL mmap(0x40057000,0,0x7,0x1014,0xffffffff,0,0,0)
2044 sshd RET mmap 1074098176/0x40057000
2044 sshd CALL close(0x5)
2044 sshd RET close 0
2044 sshd CALL open(0x40053e05,0,0)
2044 sshd NAMI "/usr/lib/libkrb.so.9.0"
2044 sshd RET open 5
2044 sshd CALL read(0x5,0xdfbfdccc,0x20)
2044 sshd GIO fd 5 read 32 bytes
"\M-@\M^F\^A\v\0@\^A\0\0 \0\0\b!\0\0\M-8\b\0\0 \0\0\0\0\0\0\0\0\0\0\0"
2044 sshd RET read 32/0x20
2044 sshd CALL mmap(0,0x18108,0x5,0x4,0x5,0,0,0)
2044 sshd RET mmap 1074098176/0x40057000
2044 sshd CALL mprotect(0x4006b000,0x2000,0x7)
2044 sshd RET mprotect 0
2044 sshd CALL mmap(0x4006d000,0x2108,0x7,0x1014,0xffffffff,0,0,0)
2044 sshd RET mmap 1074188288/0x4006d000
2044 sshd CALL close(0x5)
2044 sshd RET close 0
2044 sshd CALL open(0x40053c17,0,0)
2044 sshd NAMI "/usr/lib/libcrypto.so.4.1"
2044 sshd RET open 5
2044 sshd CALL read(0x5,0xdfbfdccc,0x20)
2044 sshd GIO fd 5 read 32 bytes
"\M-@\M^F\^A\v\0`
\0\0\M^P\0\0T
\0\0\M-4r\0\0 \0\0\0\0\0\0\0\0\0\0\0"
2044 sshd RET read 32/0x20
2044 sshd CALL mmap(0,0xafa54,0x5,0x4,0x5,0,0,0)
2044 sshd RET mmap 1074200576/0x40070000
2044 sshd CALL mprotect(0x40116000,0x9000,0x7)
2044 sshd RET mprotect 0
2044 sshd CALL mmap(0x4011f000,0xa54,0x7,0x1014,0xffffffff,0,0,0)
2044 sshd RET mmap 1074917376/0x4011f000
2044 sshd CALL close(0x5)
2044 sshd RET close 0
2044 sshd CALL open(0x40053add,0,0)
2044 sshd NAMI "/usr/lib/libutil.so.4.5"
2044 sshd RET open 5
2044 sshd CALL read(0x5,0xdfbfdccc,0x20)
2044 sshd GIO fd 5 read 32 bytes
"\M-@\M^F\^A\v\0p\0\0\0\^P\0\0\M-(\^B\0\0|\^B\0\0 \0\0\0\0\0\0\0\0\0\0\
\0"
2044 sshd RET read 32/0x20
2044 sshd CALL mmap(0,0x82a8,0x5,0x4,0x5,0,0,0)
2044 sshd RET mmap 1074921472/0x40120000
2044 sshd CALL mprotect(0x40127000,0x1000,0x7)
2044 sshd RET mprotect 0
2044 sshd CALL mmap(0x40128000,0x2a8,0x7,0x1014,0xffffffff,0,0,0)
2044 sshd RET mmap 1074954240/0x40128000
2044 sshd CALL close(0x5)
2044 sshd RET close 0
2044 sshd CALL open(0x40053cb5,0,0)
2044 sshd NAMI "/usr/lib/libz.so.1.3"
2044 sshd RET open 5
2044 sshd CALL read(0x5,0xdfbfdccc,0x20)
2044 sshd GIO fd 5 read 32 bytes
"\M-@\M^F\^A\v\0\240\0\0\0 \0\0\0\0\0\0l\^C\0\0 \0\0\0\0\0\0\0\0\0\0\0"
2044 sshd RET read 32/0x20
2044 sshd CALL mmap(0,0xc000,0x5,0x4,0x5,0,0,0)
2044 sshd RET mmap 1074958336/0x40129000
2044 sshd CALL mprotect(0x40133000,0x2000,0x7)
2044 sshd RET mprotect 0
2044 sshd CALL mmap(0x40135000,0,0x7,0x1014,0xffffffff,0,0,0)
2044 sshd RET mmap 1075007488/0x40135000
2044 sshd CALL close(0x5)
2044 sshd RET close 0
2044 sshd CALL open(0x40053c35,0,0)
2044 sshd NAMI "/usr/lib/libdes.so.6.0"
2044 sshd RET open 5
2044 sshd CALL read(0x5,0xdfbfdccc,0x20)
2044 sshd GIO fd 5 read 32 bytes
"\M-@\M^F\^A\v\0\M^P\0\0\0\^P\0\0\0\0\0\0X\^B\0\0 \0\0\0\0\0\0\0\0\0\0\
\0"
2044 sshd RET read 32/0x20
2044 sshd CALL mmap(0,0xa000,0x5,0x4,0x5,0,0,0)
2044 sshd RET mmap 1075007488/0x40135000
2044 sshd CALL mprotect(0x4013e000,0x1000,0x7)
2044 sshd RET mprotect 0
2044 sshd CALL mmap(0x4013f000,0,0x7,0x1014,0xffffffff,0,0,0)
2044 sshd RET mmap 1075048448/0x4013f000
2044 sshd CALL close(0x5)
2044 sshd RET close 0
2044 sshd CALL open(0x40053b40,0,0)
2044 sshd NAMI "/usr/lib/libwrap.so.1.1"
2044 sshd RET open 5
2044 sshd CALL read(0x5,0xdfbfdccc,0x20)
2044 sshd GIO fd 5 read 32 bytes
"\M-@\M^F\^A\v\0P\0\0\0\^P\0\0t\^A\0\0\M-x\^A\0\0 \0\0\0\0\0\0\0\0\0\0\
\0"
2044 sshd RET read 32/0x20
2044 sshd CALL mmap(0,0x6174,0x5,0x4,0x5,0,0,0)
2044 sshd RET mmap 1075048448/0x4013f000
2044 sshd CALL mprotect(0x40144000,0x1000,0x7)
2044 sshd RET mprotect 0
2044 sshd CALL mmap(0x40145000,0x174,0x7,0x1014,0xffffffff,0,0,0)
2044 sshd RET mmap 1075073024/0x40145000
2044 sshd CALL close(0x5)
2044 sshd RET close 0
2044 sshd CALL open(0x40053980,0,0)
2044 sshd NAMI "/usr/lib/libskey.so.1.0"
2044 sshd RET open 5
2044 sshd CALL read(0x5,0xdfbfdccc,0x20)
2044 sshd GIO fd 5 read 32 bytes
"\M-@\M^F\^A\v\0@\0\0\0000\0\0\0\0\0\0\^\\b\0\0 \0\0\0\0\0\0\0\0\0\0\0"
2044 sshd RET read 32/0x20
2044 sshd CALL mmap(0,0x7000,0x5,0x4,0x5,0,0,0)
2044 sshd RET mmap 1075077120/0x40146000
2044 sshd CALL mprotect(0x4014a000,0x3000,0x7)
2044 sshd RET mprotect 0
2044 sshd CALL mmap(0x4014d000,0,0x7,0x1014,0xffffffff,0,0,0)
2044 sshd RET mmap 1075105792/0x4014d000
2044 sshd CALL close(0x5)
2044 sshd RET close 0
2044 sshd CALL open(0x40053db1,0,0)
2044 sshd NAMI "/usr/lib/libc.so.25.2"
2044 sshd RET open 5
2044 sshd CALL read(0x5,0xdfbfdccc,0x20)
2044 sshd GIO fd 5 read 32 bytes
"\M-@\M^F\^A\v\0\M-0\a\0\0\M^P\0\0<\M-\\^B\0\\C\0\0 \0\0\0\0\0\0\0\0\0\
\0\0"
2044 sshd RET read 32/0x20
2044 sshd CALL mmap(0,0xb1c3c,0x5,0x4,0x5,0,0,0)
2044 sshd RET mmap 1075105792/0x4014d000
2044 sshd CALL mprotect(0x401c8000,0x9000,0x7)
2044 sshd RET mprotect 0
2044 sshd CALL mmap(0x401d1000,0x2dc3c,0x7,0x1014,0xffffffff,0,0,0)
2044 sshd RET mmap 1075646464/0x401d1000
2044 sshd CALL close(0x5)
2044 sshd RET close 0
2044 sshd CALL munmap(0x40053000,0x1000)
2044 sshd RET munmap 0
2044 sshd CALL close(0x4)
2044 sshd RET close 0
2044 sshd CALL close(0x3)
2044 sshd RET close 0
2044 sshd CALL readlink(0x401b55fa,0xdfbfd648,0x3f)
2044 sshd NAMI "/etc/malloc.conf"
2044 sshd RET readlink -1 errno 2 No such file or directory
2044 sshd CALL issetugid
2044 sshd RET issetugid 0
2044 sshd CALL mmap(0,0x1000,0x3,0x1002,0xffffffff,0,0,0)
2044 sshd RET mmap 1074081792/0x40053000
2044 sshd CALL break(0x431ac)
2044 sshd RET break 0
2044 sshd CALL break(0x431ac)
2044 sshd RET break 0
2044 sshd CALL break(0x45000)
2044 sshd RET break 0
2044 sshd CALL break(0x45000)
2044 sshd RET break 0
2044 sshd CALL break(0x46000)
2044 sshd RET break 0
2044 sshd CALL break(0x46000)
2044 sshd RET break 0
2044 sshd CALL break(0x47000)
2044 sshd RET break 0
2044 sshd CALL break(0x47000)
2044 sshd RET break 0
2044 sshd CALL break(0x48000)
2044 sshd RET break 0
2044 sshd CALL break(0x48000)
2044 sshd RET break 0
2044 sshd CALL break(0x49000)
2044 sshd RET break 0
2044 sshd CALL open(0x1916,0,0x1b6)
2044 sshd NAMI "/etc/sshd_config"
2044 sshd RET open 3
2044 sshd CALL fstat(0x3,0xdfbfd2b8)
2044 sshd RET fstat 0
2044 sshd CALL break(0x49000)
2044 sshd RET break 0
2044 sshd CALL break(0x4b000)
2044 sshd RET break 0
2044 sshd CALL read(0x3,0x49000,0x2000)
2044 sshd GIO fd 3 read 2190 bytes
"# $OpenBSD: sshd_config,v 1.48 2002/02/19 02:50:59 deraadt Exp $
# This is the sshd server system-wide configuration file. See sshd(8)
# for more information.
# The strategy used for options in the default sshd_config shipped wit\
h
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.
Port 22
Protocol 2,1
#ListenAddress 0.0.0.0
#ListenAddress ::
# HostKey for protocol version 1
HostKey /etc/ssh_host_key
# HostKeys for protocol version 2
HostKey /etc/ssh_host_rsa_key
HostKey /etc/ssh_host_dsa_key
# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 768
# Logging
#obsoletes QuietMode and FascistLogging
SyslogFacility AUTH
LogLevel INFO
# Authentication:
LoginGraceTime 600
PermitRootLogin no
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
# rhosts authentication should not be used
RhostsAuthentication no
# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_host\
s
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
IgnoreUserKnownHosts no
# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes
PermitEmptyPasswords no
# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
# Kerberos options
# KerberosAuthentication automatically enabled if keyfile exists
#KerberosAuthentication yes
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
# AFSTokenPassing automatically enabled if k_hasafs() is true
#AFSTokenPassing yes
# Kerberos TGT Passing only works with the AFS kaserver
#KerberosTgtPassing no
X11Forwarding no
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
KeepAlive yes
UseLogin no
MaxStartups 10
# no default banner path
#Banner /some/path
#VerifyReverseMapping no
# override default of no subsystems
#Subsystem sftp /usr/libexec/sftp-server
"
2044 sshd RET read 2190/0x88e
2044 sshd CALL getuid
2044 sshd RET getuid 0
2044 sshd CALL getuid
2044 sshd RET getuid 0
2044 sshd CALL getuid
2044 sshd RET getuid 0
2044 sshd CALL getuid
2044 sshd RET getuid 0
2044 sshd CALL read(0x3,0x49000,0x2000)
2044 sshd RET read 0
2044 sshd CALL close(0x3)
2044 sshd RET close 0
2044 sshd CALL socket(0x18,0x2,0)
2044 sshd RET socket 3
2044 sshd CALL close(0x3)
2044 sshd RET close 0
2044 sshd CALL socket(0x2,0x2,0)
2044 sshd RET socket 3
2044 sshd CALL close(0x3)
2044 sshd RET close 0
2044 sshd CALL getuid
2044 sshd RET getuid 0
2044 sshd CALL geteuid
2044 sshd RET geteuid 0
2044 sshd CALL getgid
2044 sshd RET getgid 0
2044 sshd CALL getegid
2044 sshd RET getegid 0
2044 sshd CALL open(0xdfbfd70c,0,0x1b6)
2044 sshd NAMI "/etc/krb.extra"
2044 sshd RET open -1 errno 2 No such file or directory
2044 sshd CALL getuid
2044 sshd RET getuid 0
2044 sshd CALL geteuid
2044 sshd RET geteuid 0
2044 sshd CALL getgid
2044 sshd RET getgid 0
2044 sshd CALL getegid
2044 sshd RET getegid 0
2044 sshd CALL access(0x40063f7d,0x4)
2044 sshd NAMI "/etc/kerberosIV/srvtab"
2044 sshd RET access -1 errno 2 No such file or directory
2044 sshd CALL xfspioctl(0x14,0,0x800c5603,0xdfbfd7dc,0)
2044 sshd RET xfspioctl -1 errno 78 Function not implemented
2044 sshd CALL open(0x440a0,0,0xdfbfd808)
2044 sshd NAMI "/etc/ssh_host_key"
2044 sshd RET open 3
2044 sshd CALL fstat(0x3,0xdfbfd778)
2044 sshd RET fstat 0
2044 sshd CALL getuid
2044 sshd RET getuid 0
2044 sshd CALL lseek(0x3,0,0,0,0x2)
2044 sshd RET lseek 526/0x20e
2044 sshd CALL lseek(0x3,0,0,0,0)
2044 sshd RET lseek 0
2044 sshd CALL read(0x3,0x49000,0x20e)
2044 sshd GIO fd 3 read 526 bytes
"SSH PRIVATE KEY FILE FORMAT 1.1
(snipped)
\0"
2044 sshd RET read 526/0x20e
2044 sshd CALL lseek(0x3,0,0,0,0)
2044 sshd RET lseek 0
2044 sshd CALL lseek(0x3,0,0,0,0x2)
2044 sshd RET lseek 526/0x20e
2044 sshd CALL lseek(0x3,0,0,0,0)
2044 sshd RET lseek 0
2044 sshd CALL read(0x3,0x49000,0x20e)
2044 sshd GIO fd 3 read 526 bytes
"SSH PRIVATE KEY FILE FORMAT 1.1
(snipped)
\0"
2044 sshd RET read 526/0x20e
2044 sshd PSIG SIGSEGV SIG_DFL
2044 sshd NAMI "sshd.core"
As a normal user, 'ssh' also segfaults. As root, it
simply hangs, never to return.
I would GREATLY appreciate any help with this - I can
get code to the machine, but I'm dead in the water if
I can't get this fixed. Thanks much, folks.
Benny
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
A 'good' landing is one from which you can walk away. A 'great'
landing is one after which they can use the plane again.
--Rules of the Air, #8