[scponly] segfault when trying to connect

Tim Donnelly tim at coalliance.org
Thu Aug 2 15:17:21 EDT 2007 

Well, no segfault this time, although it still didn't work.  I applied the patch to a clean copy of the snapshot and it seems to have gone in OK.  I also removed the scponly user and re-ran the make jail command, which also seems to have worked as advertised, although it did give me the comment that my OS (Linux) did not have a platform specific setup script.  Looking at the error messages it appears to me to be a jail problem?

The output of the messages log is below, and the traces are in the usual place.

Thanks

Aug  2 13:05:21 tester sshd[18566]: Accepted keyboard-interactive/pam for scponly from 208.178.237.10 port 40607 ssh2
Aug  2 13:05:21 tester sshd[18577]: subsystem request for sftp
Aug  2 13:05:21 tester scponly[18578]: chrooted binary in place, will chroot()
Aug  2 13:05:21 tester scponly[18578]: 3 arguments in total.
Aug  2 13:05:21 tester scponly[18578]:  arg 0 is scponlyc
Aug  2 13:05:21 tester scponly[18578]:  arg 1 is -c
Aug  2 13:05:21 tester scponly[18578]:  arg 2 is /usr/lib64/ssh/sftp-server
Aug  2 13:05:21 tester scponly[18578]: opened log at LOG_AUTHPRIV, opts 0x00000029
Aug  2 13:05:21 tester scponly[18578]: determined USER is "scponly" from environment
Aug  2 13:05:21 tester scponly[18578]: retrieved home directory of "/home/scponly" for user "scponly"
Aug  2 13:05:21 tester scponly[18578]: Looking at root_dir: /home/scponly
Aug  2 13:05:21 tester scponly[18578]: Looking at root_dir: /scponly
Aug  2 13:05:21 tester scponly[18578]: chrooting to dir: "/home/scponly"
Aug  2 13:05:21 tester scponly[18578]: chdiring to dir: "/"
Aug  2 19:05:21 tester scponly[18578]: setting uid to 1007
Aug  2 19:05:21 tester scponly[18578]: processing request: "/usr/lib64/ssh/sftp-server"
Aug  2 19:05:21 tester scponly[18578]: Using getopt processing for cmd /usr/lib64/ssh/sftp-server  (username: scponly(1007), IP/port: 208.178.237.10 40607 22)
Aug  2 19:05:21 tester scponly[18578]: Unable to find "LOG_SFTP" in the environment
Aug  2 19:05:21 tester scponly[18578]: Found "USER" and setting it to "scponly"
Aug  2 19:05:21 tester scponly[18578]: Unable to find "SFTP_UMASK" in the environment
Aug  2 19:05:21 tester scponly[18578]: Unable to find "SFTP_PERMIT_CHMOD" in the environment
Aug  2 19:05:21 tester scponly[18578]: Unable to find "SFTP_PERMIT_CHOWN" in the environment
Aug  2 19:05:21 tester scponly[18578]: Unable to find "SFTP_LOG_LEVEL" in the environment
Aug  2 19:05:21 tester scponly[18578]: Unable to find "SFTP_LOG_FACILITY" in the environment
Aug  2 19:05:21 tester scponly[18578]: Environment contains "USER=scponly"
Aug  2 19:05:21 tester scponly[18578]: running: /usr/lib64/ssh/sftp-server (username: scponly(1007), IP/port: 208.178.237.10 40607 22)
Aug  2 19:05:21 tester scponly[18578]: failed: /usr/lib64/ssh/sftp-server with error No such file or directory(2) (username: scponly(1007), IP/port: 208.178.237.10 40607 22)

-----Original Message-----
From: Kaleb Pederson [mailto:kibab at icehouse.net] 
Sent: Wednesday, August 01, 2007 7:05 PM
To: scponly at lists.ccs.neu.edu
Cc: Tim Donnelly
Subject: Re: [scponly] segfault when trying to connect

Tim,

I was careless with that last patch, so it doesn't work :(.  I have attached a working patch.  This should be applied to the unpatched snapshot version as
follows:

$ cd scponly-20070718
$ patch -p1 < debug3.patch

This one has been tested, so hopefully it will work for you and sorry for the trouble.

Thanks.

--Kaleb



On Tuesday 31 July 2007, Kaleb Pederson wrote:
> Thanks for trying Tim.  I've attached a newer patch with some more 
> debugging code... but in the process of looking at that code, I 
> noticed that you used the following on the configure line:
>
> --with-sftp-server=/usr/lib64/ssh/
>
> You might want to make that 
> --with-sftp-server=/usr/lib64/ssh/sftp-server,
> although even if that fixes the problem we still need to fix something 
> so it doesn't segfault.
>
> So,... can you try changing the above on the configure line and then 
> try the attached patch?
>
> You'll want to apply this patch slightly differently than the last one:
>
> patch -p1 < debug3.patch
>
> Thanks.
>
> --Kaleb
>
> On Tuesday 31 July 2007, Tim Donnelly wrote:
> > Kaleb,
> >
> > Using the debug2.patch file I again was unable to login to the 
> > server, however this time I did not get the segfault, just a 
> > straight connection closed on the client machine.  I haven't been 
> > rebuilding the chroot jail after each recompile/install, is that something I need to do?
> >
> > The /var/log/messages output is below, and traces are at 
> > http://www.coalliance.org/public.
> >
> > Jul 31 10:01:02 tester sshd[605]: Accepted keyboard-interactive/pam 
> > for scponly from 208.178.237.10 port 54051 ssh2 Jul 31 10:01:02 
> > tester sshd[639]: subsystem request for sftp Jul 31 10:01:02 tester 
> > scponly[640]: chrooted binary in place, will
> > chroot() Jul 31 10:01:02 tester scponly[640]: 3 arguments in total.
> > Jul 31 10:01:02 tester scponly[640]:    arg 0 is scponlyc
> > Jul 31 10:01:02 tester scponly[640]:    arg 1 is -c
> > Jul 31 10:01:02 tester scponly[640]:    arg 2 is
> > /usr/lib64/ssh/sftp-server Jul 31 10:01:02 tester scponly[640]: 
> > opened log at LOG_AUTHPRIV, opts 0x00000029 Jul 31 10:01:02 tester 
> > scponly[640]: determined USER is "scponly" from environment Jul 31 
> > 10:01:02 tester scponly[640]: retrieved home directory of 
> > "/home/scponly" for user "scponly"
> > Jul 31 10:01:02 tester scponly[640]: Looking at root_dir: 
> > /home/scponly Jul 31 10:01:02 tester scponly[640]: Looking at 
> > root_dir: /scponly Jul 31 10:01:02 tester scponly[640]: chrooting to dir: "/home/scponly"
> > Jul 31 10:01:02 tester scponly[640]: chdiring to dir: "/"
> > Jul 31 16:01:02 tester scponly[640]: setting uid to 1007 Jul 31 
> > 16:01:02 tester scponly[640]: processing request:
> > "/usr/lib64/ssh/sftp-server"
> > Jul 31 16:01:02 tester scponly[640]: checking restrictive
> > filenames(username: scponly(1007), IP/port: 208.178.237.10 54051 22) 
> > Jul 31 16:01:02 tester scponly[640]: building arg vector (username:
> > scponly(1007), IP/port: 208.178.237.10 54051 22) Jul 31 16:01:02 
> > tester scponly[640]: substituting known paths (username:
> > scponly(1007), IP/port: 208.178.237.10 54051 22)
> >
> > -----Original Message-----
> > From: Kaleb Pederson [mailto:kibab at icehouse.net]
> > Sent: Wednesday, July 25, 2007 10:33 PM
> > To: scponly at lists.ccs.neu.edu
> > Cc: Tim Donnelly
> > Subject: Re: [scponly] segfault when trying to connect
> >
> > Thanks for trying Tim.
> >
> > I have attached a patch that will hopefully help us figure out about 
> > where it's failing...
> >
> > Feel free to add in other debug code similar to what I have attached 
> > that might help us figure out where it's segfaulting.
> >
> > Thanks.
> >
> > --Kaleb
> >
> > On Tuesday 24 July 2007, Tim Donnelly wrote:
> > > Kaleb,
> > >
> > > I installed the snapshot version from your post to the list dated 
> > > Jul
> > > 18 and got the same results.  Below I have pasted the 
> > > /var/log/messages output and the trace output is available at the 
> > > same location (www.coalliance.org/public).
> > >
> > > Jul 23 15:23:36 tester sshd[18661]: Accepted 
> > > keyboard-interactive/pam for scponly from 208.178.237.110 port 
> > > 38253 ssh2 Jul 23 15:23:36 tester sshd[18664]: subsystem request 
> > > for sftp Jul 23 15:23:36 tester
> > > scponly[18665]: chrooted binary in place, will
> > > chroot()
> > > Jul 23 15:23:36 tester scponly[18665]: 3 arguments in total.
> > > Jul 23 15:23:36 tester scponly[18665]:  arg 0 is scponlyc Jul 23
> > > 15:23:36 tester scponly[18665]:  arg 1 is -c Jul 23 15:23:36 
> > > tester
> > > scponly[18665]:  arg 2 is /usr/lib64/ssh/sftp-server Jul 23 
> > > 15:23:36 tester scponly[18665]: opened log at LOG_AUTHPRIV, opts
> > > 0x00000029
> > > Jul 23 15:23:36 tester scponly[18665]: determined USER is "scponly"
> > > from environment Jul 23 15:23:36 tester scponly[18665]: retrieved 
> > > home directory of "/home/scponly" for user "scponly"
> > > Jul 23 15:23:36 tester scponly[18665]: Looking at root_dir:
> > > /home/scponly Jul 23 15:23:36 tester scponly[18665]: Looking at
> > > root_dir: /scponly Jul 23 15:23:36 tester scponly[18665]: 
> > > chrooting to
> >
> > dir: "/home/scponly"
> >
> > > Jul 23 15:23:36 tester scponly[18665]: chdiring to dir: "/"
> > > Jul 23 21:23:36 tester scponly[18665]: setting uid to 1007 Jul 23
> > > 21:23:36 tester scponly[18665]: processing request:
> > > "/usr/lib64/ssh/sftp-server"
> > > Jul 23 15:23:36 tester kernel: scponlyc[18665]: segfault at
> > > 0000000000402c89 rip 00002b8aa095d972 rsp 00007fff0a2a1df0 e rror 
> > > 7
> > >
> > > Any ideas?
> > >
> > > -----Original Message-----
> > > From: Kaleb Pederson [mailto:kibab at icehouse.net]
> > > Sent: Friday, July 20, 2007 4:58 PM
> > > To: scponly at lists.ccs.neu.edu
> > > Cc: Tim Donnelly
> > > Subject: Re: [scponly] segfault when trying to connect
> > >
> > > Thanks for the details Tim.
> > >
> > > Can you try the latest CVS or the version I linked to a couple of 
> > > days
> >
> > ago?
> >
> > > I'm not aware of any prcoblems in that area, but I would like to 
> > > know that this is fixed or fix the problem before our next release.
> > >
> > > Thanks.
> > >
> > > --Kaleb
> > >
> > >
> > > _______________________________________________
> > > scponly mailing list
> > > scponly at lists.ccs.neu.edu
> > > https://lists.ccs.neu.edu/bin/listinfo/scponly
> >
> > _______________________________________________
> > scponly mailing list
> > scponly at lists.ccs.neu.edu
> > https://lists.ccs.neu.edu/bin/listinfo/scponly

More information about the scponly mailing list