Bug 183243
| Summary: | OpenSSH now has a dependency on audit being compiled in kernel | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Reuben Farrelly <reuben-redhatbugzilla> |
| Component: | openssh | Assignee: | Tomas Mraz <tmraz> |
| Status: | CLOSED RAWHIDE | QA Contact: | Brian Brock <bbrock> |
| Severity: | high | Docs Contact: | |
| Priority: | medium | ||
| Version: | rawhide | CC: | maxk, pallas, sgrubb |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | openssh-4.3p2-4 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2006-03-06 09:45:01 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Reuben Farrelly
2006-02-27 19:19:31 UTC
You should have actually test it before reporting. It will prevent login only if audit call fails AND audit daemon is running. This is a requirement so resource starvation doesn't allow unaudited system access. If the daemon isn't running it doesn't do anything. Of course you have to have audit libraries installed but this is no change from FC4 package. I don't even have audit installed on that box, and just to be sure: [root@tornado ~]# ps auxwww | grep -i audit root 2001 0.0 0.0 4048 612 pts/0 S+ 11:21 0:00 grep -i audit [root@tornado ~]# [root@tornado ~]# rpm -q audit package audit is not installed [root@tornado ~]# audit once (as in, a few weeks ago) was installed due to a dependency issue but was removed soon after that was resolved (ages ago). I'm asking you again - have you actually tested it? It doesn't depend on audit being installed and running - only audit-libs. This didn't change at all. (Actually audit is required probably unnecessarily by vixie-cron package, but this would be another bug report.) I would not have bothered filing a bug if I hadn't tested it. It so happens that the problem only occurs with kernels that do not have audit support. I was not running the kernel-* rpm at the time but an -mm kernel which did not have audit support. Building again with the only change being to enable audit support allows sshd to work again as expected. Which then further suggests that the problem is in fact with that latest patch as I indicated above. It seems to test for the support of audit in the kernel but I don't think that the test it actually works (at least not with 2.6.16-rc4-mm2). If you want to break compatibility with some existing configs or add further requirements to non Fedora kernels, then I would argue that THIS close to release is exceptionally bad timing on your part. The dependency problem with vixie-cron was fixed in vixie-cron 4:4.1-54.FC5 about 2 weeks ago. Just closing reports as NOTABUG because you can't figure it out or bother looking into it is just plain lazy on your part. You could have at least asked for more information and made a genuine attempt to find out if there is a bug before closing the report. You should have mentioned that you have kernel without audit support compiled in anyway. Your report just looked like you didn't test it and you just opened the bug report based on the changelog message. The test for no audit support in kernel is the same as is in the PAM library where it should prevent your logins as well if it doesn't work right. Something is very wrong otherwise. Could you attach strace output of sshd here? Attach the strace to running sshd [priv] process after you connect to the machine before you enter the password (don't use valuable one of course). You're right, I should have mentioned about not having audit support compiled
in. It didn't occur to me at the time :(
I'm seeing the same thing with both authorized_keys and password authentication.
Anyway, here's the strace..
[root@tornado i2c]# strace -p 24661
Process 24661 attached - interrupt to quit
read(6,
"\0\0\0\r", 4) = 4
read(6, "\v\0\0\0\10password", 13) = 13
time(NULL) = 1141211979
getuid32() = 0
open("/etc/passwd", O_RDONLY) = 4
fcntl64(4, F_GETFD) = 0
fcntl64(4, F_SETFD, FD_CLOEXEC) = 0
fstat64(4, {st_mode=S_IFREG|0644, st_size=2442, ...}) = 0
mmap2(NULL, 131072, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xa796a000
read(4, "root:x:0:0:root:/root:/bin/bash\n"..., 131072) = 2442
close(4) = 0
munmap(0xa796a000, 131072) = 0
open("/etc/shadow", O_RDONLY) = 4
fcntl64(4, F_GETFD) = 0
fcntl64(4, F_SETFD, FD_CLOEXEC) = 0
fstat64(4, {st_mode=S_IFREG|0600, st_size=1624, ...}) = 0
mmap2(NULL, 131072, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xa796a000
read(4, "root:$1$tmDfiF1X$r7x0Z4FW4oL.ALn"..., 131072) = 1624
close(4) = 0
munmap(0xa796a000, 131072) = 0
socket(PF_NETLINK, SOCK_RAW, 9) = 4
fcntl64(4, F_SETFD, FD_CLOEXEC) = 0
open("/etc/hosts", O_RDONLY) = 7
fcntl64(7, F_GETFD) = 0
fcntl64(7, F_SETFD, FD_CLOEXEC) = 0
fstat64(7, {st_mode=S_IFREG|0644, st_size=335, ...}) = 0
mmap2(NULL, 131072, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xa796a000
read(7, "# Do not remove the following li"..., 131072) = 335
read(7, "", 131072) = 0
close(7) = 0
munmap(0xa796a000, 131072) = 0
socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 7
connect(7, {sa_family=AF_INET, sin_port=htons(53),
sin_addr=inet_addr("192.168.0.5")}, 28) = 0
fcntl64(7, F_GETFL) = 0x2 (flags O_RDWR)
fcntl64(7, F_SETFL, O_RDWR|O_NONBLOCK) = 0
gettimeofday({1141211979, 599550}, NULL) = 0
poll([{fd=7, events=POLLOUT, revents=POLLOUT}], 1, 0) = 1
send(7, "\330\315\1\0\0\1\0\0\0\0\0\0\twhirlpool\4reub\3net\0"..., 36, 0) = 36
poll([{fd=7, events=POLLIN, revents=POLLIN}], 1, 5000) = 1
ioctl(7, FIONREAD, [86]) = 0
recvfrom(7, "\330\315\205\200\0\1\0\1\0\1\0\1\twhirlpool\4reub\3net"..., 1024,
0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("192.168.0.5")},
[16]) = 86
close(7) = 0
readlink("/proc/self/exe", "/usr/sbin/sshd", 4095) = 14
sendto(4, "\220\0\0\0L\4\5\0\1\0\0\0\0\0\0\0PAM: authenticat"..., 144, 0,
{sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = -1 ECONNREFUSED
(Connection refused)
close(4) = 0
write(6, "\0\0\0\5\f", 5) = 5
write(6, "\0\0\0\1", 4) = 4
read(6, "\0\0\0\1", 4) = 4
read(6, "/", 1) = 1
open("/etc/nologin", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory)
getuid32() = 0
open("/etc/passwd", O_RDONLY) = 4
fcntl64(4, F_GETFD) = 0
fcntl64(4, F_SETFD, FD_CLOEXEC) = 0
fstat64(4, {st_mode=S_IFREG|0644, st_size=2442, ...}) = 0
mmap2(NULL, 131072, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xa796a000
read(4, "root:x:0:0:root:/root:/bin/bash\n"..., 131072) = 2442
close(4) = 0
munmap(0xa796a000, 131072) = 0
open("/etc/shadow", O_RDONLY) = 4
fcntl64(4, F_GETFD) = 0
fcntl64(4, F_SETFD, FD_CLOEXEC) = 0
fstat64(4, {st_mode=S_IFREG|0600, st_size=1624, ...}) = 0
mmap2(NULL, 131072, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xa796a000
read(4, "root:$1$tmDfiF1X$r7x0Z4FW4oL.ALn"..., 131072) = 1624
close(4) = 0
munmap(0xa796a000, 131072) = 0
time(NULL) = 1141211979
socket(PF_NETLINK, SOCK_RAW, 9) = 4
fcntl64(4, F_SETFD, FD_CLOEXEC) = 0
open("/etc/hosts", O_RDONLY) = 7
fcntl64(7, F_GETFD) = 0
fcntl64(7, F_SETFD, FD_CLOEXEC) = 0
fstat64(7, {st_mode=S_IFREG|0644, st_size=335, ...}) = 0
mmap2(NULL, 131072, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xa796a000
read(7, "# Do not remove the following li"..., 131072) = 335
read(7, "", 131072) = 0
close(7) = 0
munmap(0xa796a000, 131072) = 0
socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 7
connect(7, {sa_family=AF_INET, sin_port=htons(53),
sin_addr=inet_addr("192.168.0.5")}, 28) = 0
fcntl64(7, F_GETFL) = 0x2 (flags O_RDWR)
fcntl64(7, F_SETFL, O_RDWR|O_NONBLOCK) = 0
gettimeofday({1141211979, 606754}, NULL) = 0
poll([{fd=7, events=POLLOUT, revents=POLLOUT}], 1, 0) = 1
send(7, "\36\244\1\0\0\1\0\0\0\0\0\0\twhirlpool\4reub\3net\0"..., 36, 0) = 36
poll([{fd=7, events=POLLIN, revents=POLLIN}], 1, 5000) = 1
ioctl(7, FIONREAD, [86]) = 0
recvfrom(7, "\36\244\205\200\0\1\0\1\0\1\0\1\twhirlpool\4reub\3net\0"..., 1024,
0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("192.168.0.5")},
[16]) = 86
close(7) = 0
readlink("/proc/self/exe", "/usr/sbin/sshd", 4095) = 14
sendto(4, "\214\0\0\0M\4\5\0\2\0\0\0\0\0\0\0PAM: accounting "..., 140, 0,
{sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = -1 ECONNREFUSED
(Connection refused)
close(4) = 0
write(6, "\0\0\0\t0", 5) = 5
write(6, "\0\0\0\1\0\0\0\0", 8) = 8
getpeername(3, {sa_family=AF_INET, sin_port=htons(54582),
sin_addr=inet_addr("192.168.0.7")}, [16]) = 0
time(NULL) = 1141211979
open("/etc/localtime", O_RDONLY) = 4
fstat64(4, {st_mode=S_IFREG|0644, st_size=882, ...}) = 0
fstat64(4, {st_mode=S_IFREG|0644, st_size=882, ...}) = 0
mmap2(NULL, 131072, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xa796a000
read(4, "TZif\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\6\0\0\0\6\0"..., 131072) = 882
close(4) = 0
munmap(0xa796a000, 131072) = 0
--- SIGCHLD (Child exited) @ 0 (0) ---
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=882, ...}) = 0
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=882, ...}) = 0
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=882, ...}) = 0
socket(PF_FILE, SOCK_DGRAM, 0) = 4
fcntl64(4, F_SETFD, FD_CLOEXEC) = 0
connect(4, {sa_family=AF_FILE, path="/dev/log"}, 110) = 0
send(4, "<86>Mar 2 00:19:39 sshd[24661]:"..., 92, MSG_NOSIGNAL) = 92
close(4) = 0
read(6, "\0\0\4\256", 4) = 4
read(6, "\31\0\0\0\24\f\244r\240\274\20\373\0\rG\'\2159;;\322\315"..., 1198) = 1198
close(6) = 0
mmap2(NULL, 1310720, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_ANONYMOUS, -1, 0) =
0xa784a000
munmap(0xa7b3c000, 65536) = 0
waitpid(24662, [{WIFEXITED(s) && WEXITSTATUS(s) == 0}], 0) = 24662
alarm(0) = 103
rt_sigaction(SIGALRM, NULL, {0x7555c820, [], SA_INTERRUPT}, 8) = 0
rt_sigaction(SIGALRM, {SIG_DFL}, NULL, 8) = 0
close(5) = 0
rt_sigaction(SIGCHLD, NULL, {SIG_DFL}, 8) = 0
rt_sigaction(SIGCHLD, {0x75565300, [], 0}, NULL, 8) = 0
rt_sigaction(SIGTERM, NULL, {SIG_DFL}, 8) = 0
rt_sigaction(SIGTERM, {0x75563ed0, [], 0}, NULL, 8) = 0
rt_sigaction(SIGINT, NULL, {SIG_DFL}, 8) = 0
rt_sigaction(SIGINT, {0x75563ed0, [], 0}, NULL, 8) = 0
rt_sigaction(SIGQUIT, NULL, {SIG_DFL}, 8) = 0
rt_sigaction(SIGQUIT, {0x75563ed0, [], 0}, NULL, 8) = 0
pipe([4, 5]) = 0
fcntl64(4, F_SETFD, FD_CLOEXEC) = 0
fcntl64(5, F_SETFD, FD_CLOEXEC) = 0
fcntl64(4, F_GETFL) = 0 (flags O_RDONLY)
fcntl64(4, F_SETFL, O_RDONLY|O_NONBLOCK) = 0
fcntl64(5, F_GETFL) = 0x1 (flags O_WRONLY)
fcntl64(5, F_SETFL, O_WRONLY|O_NONBLOCK) = 0
select(5, [3 4], [], NULL, NULL) = 1 (in [3])
rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
read(3, "\207\366\312\214\314^\7i\6\260K\274\253\16\346h\25&\030"..., 16384) = 64
ioctl(-1, SNDCTL_TMR_TIMEBASE or TCGETS, 0xafd6c628) = -1 EBADF (Bad file
descriptor)
ioctl(-1, SNDCTL_TMR_TIMEBASE or TCGETS, 0xafd6c628) = -1 EBADF (Bad file
descriptor)
select(5, [3 4], [3], NULL, NULL) = 1 (out [3])
rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
write(3, "\252\f\10\32\214\"\365\253\357*\304\350!&\374\33\337\266"..., 48) = 48
select(5, [3 4], [], NULL, NULL) = 1 (in [3])
rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
read(3, "e\315j\364\3566\326g\2542\211=\t|\333\320<\274\363\346"..., 16384) = 448
open("/dev/ptmx", O_RDWR) = 6
statfs("/dev/pts", {f_type="DEVPTS_SUPER_MAGIC", f_bsize=4096, f_blocks=0,
f_bfree=0, f_bavail=0, f_files=0, f_ffree=0, f_fsid={0, 0}, f_namelen=255,
f_frsize=4096}) = 0
ioctl(6, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(6, TIOCGPTN, [1]) = 0
stat64("/dev/pts/1", {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 1), ...}) = 0
statfs("/dev/pts/1", {f_type="DEVPTS_SUPER_MAGIC", f_bsize=4096, f_blocks=0,
f_bfree=0, f_bavail=0, f_files=0, f_ffree=0, f_fsid={0, 0}, f_namelen=255,
f_frsize=4096}) = 0
ioctl(6, TIOCSPTLCK, [0]) = 0
ioctl(6, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(6, TIOCGPTN, [1]) = 0
stat64("/dev/pts/1", {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 1), ...}) = 0
open("/dev/pts/1", O_RDWR|O_NOCTTY) = 7
ioctl(7, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0
readlink("/proc/self/fd/7", "/dev/pts/1", 4095) = 10
ioctl(7, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(7, SNDCTL_TMR_START or TCSETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(7, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0
open("/etc/group", O_RDONLY) = 8
fcntl64(8, F_GETFD) = 0
fcntl64(8, F_SETFD, FD_CLOEXEC) = 0
fstat64(8, {st_mode=S_IFREG|0644, st_size=899, ...}) = 0
mmap2(NULL, 131072, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xa782a000
read(8, "root:x:0:root,reuben\nbin:x:1:roo"..., 131072) = 899
close(8) = 0
munmap(0xa782a000, 131072) = 0
stat64("/dev/pts/1", {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 1), ...}) = 0
open("/proc/filesystems", O_RDONLY|O_LARGEFILE) = 8
read(8, "nodev\tsysfs\nnodev\trootfs\nnodev\tb"..., 4095) = 260
close(8) = 0
ioctl(6, TIOCSWINSZ, {ws_row=28, ws_col=80, ws_xpixel=0, ws_ypixel=0}) = 0
open("/etc/security/pam_env.conf", O_RDONLY|O_LARGEFILE) = 8
fstat64(8, {st_mode=S_IFREG|0644, st_size=3088, ...}) = 0
mmap2(NULL, 131072, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xa782a000
read(8, "# $Date: 2005/08/16 12:27:42 $\n#"..., 131072) = 3088
read(8, "", 131072) = 0
close(8) = 0
munmap(0xa782a000, 131072) = 0
open("/etc/environment", O_RDONLY|O_LARGEFILE) = 8
fstat64(8, {st_mode=S_IFREG|0644, st_size=0, ...}) = 0
mmap2(NULL, 131072, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xa782a000
read(8, "", 131072) = 0
close(8) = 0
munmap(0xa782a000, 131072) = 0
socket(PF_NETLINK, SOCK_RAW, 9) = 8
fcntl64(8, F_SETFD, FD_CLOEXEC) = 0
open("/etc/hosts", O_RDONLY) = 9
fcntl64(9, F_GETFD) = 0
fcntl64(9, F_SETFD, FD_CLOEXEC) = 0
fstat64(9, {st_mode=S_IFREG|0644, st_size=335, ...}) = 0
mmap2(NULL, 131072, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xa782a000
read(9, "# Do not remove the following li"..., 131072) = 335
read(9, "", 131072) = 0
close(9) = 0
munmap(0xa782a000, 131072) = 0
socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 9
connect(9, {sa_family=AF_INET, sin_port=htons(53),
sin_addr=inet_addr("192.168.0.5")}, 28) = 0
fcntl64(9, F_GETFL) = 0x2 (flags O_RDWR)
fcntl64(9, F_SETFL, O_RDWR|O_NONBLOCK) = 0
gettimeofday({1141211979, 626238}, NULL) = 0
poll([{fd=9, events=POLLOUT, revents=POLLOUT}], 1, 0) = 1
send(9, "\377B\1\0\0\1\0\0\0\0\0\0\twhirlpool\4reub\3net\0"..., 36, 0) = 36
poll([{fd=9, events=POLLIN, revents=POLLIN}], 1, 5000) = 1
ioctl(9, FIONREAD, [86]) = 0
recvfrom(9, "\377B\205\200\0\1\0\1\0\1\0\1\twhirlpool\4reub\3net\0"..., 1024, 0,
{sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("192.168.0.5")},
[16]) = 86
close(9) = 0
readlink("/proc/self/exe", "/usr/sbin/sshd", 4095) = 14
sendto(8, "\220\0\0\0O\4\5\0\3\0\0\0\0\0\0\0PAM: setcred acc"..., 144, 0,
{sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = -1 ECONNREFUSED
(Connection refused)
close(8) = 0
clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD,
child_tidptr=0xa7b5b6f8) = 24689
close(7) = 0
dup(6) = 7
dup(6) = 8
getsockopt(3, SOL_TCP, TCP_NODELAY, [0], [4]) = 0
setsockopt(3, SOL_TCP, TCP_NODELAY, [1], 4) = 0
getsockname(3, {sa_family=AF_INET, sin_port=htons(22),
sin_addr=inet_addr("192.168.0.5")}, [16]) = 0
setsockopt(3, SOL_IP, IP_TOS, [16], 4) = 0
ioctl(7, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(6, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(6, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0
fcntl64(7, F_GETFL) = 0x2 (flags O_RDWR)
fcntl64(7, F_SETFL, O_RDWR|O_NONBLOCK) = 0
fcntl64(6, F_GETFL) = 0x802 (flags O_RDWR|O_NONBLOCK)
select(8, [3 4 7], [3], NULL, NULL) = 1 (out [3])
rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
write(3, "\\\365\327@\207.\324\224y\33\342\240^\245\3564\4Q@\20\246"..., 48) = 48
select(8, [3 4 7], [], NULL, NULL) = 1 (in [7])
--- SIGCHLD (Child exited) @ 0 (0) ---
rt_sigaction(SIGCHLD, NULL, {0x75565300, [], 0}, 8) = 0
write(5, "\0", 1) = 1
sigreturn() = ? (mask now [])
rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
waitpid(-1, [{WIFEXITED(s) && WEXITSTATUS(s) == 255}], WNOHANG) = 24689
close(6) = 0
open("/etc/passwd", O_RDONLY) = 6
fcntl64(6, F_GETFD) = 0
fcntl64(6, F_SETFD, FD_CLOEXEC) = 0
fstat64(6, {st_mode=S_IFREG|0644, st_size=2442, ...}) = 0
mmap2(NULL, 131072, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xa782a000
read(6, "root:x:0:0:root:/root:/bin/bash\n"..., 131072) = 2442
close(6) = 0
munmap(0xa782a000, 131072) = 0
geteuid32() = 0
gettimeofday({1141211979, 636556}, NULL) = 0
access("/var/run/utmpx", F_OK) = -1 ENOENT (No such file or directory)
open("/var/run/utmp", O_RDWR) = 6
fcntl64(6, F_GETFD) = 0
fcntl64(6, F_SETFD, FD_CLOEXEC) = 0
_llseek(6, 0, [0], SEEK_SET) = 0
alarm(0) = 0
rt_sigaction(SIGALRM, {0xa7c97cd0, [], 0}, {SIG_DFL}, 8) = 0
alarm(1) = 0
fcntl64(6, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0
read(6, "\10\0\0\0\234\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(6, "\2\0\0\0\0\0\0\0~\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(6, "\1\0\0\0003N\0\0~\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(6, "\10\0\0\0\327\4\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(6, "\6\0\0\0\34\t\0\0ttyS0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(6, "\6\0\0\0\35\t\0\0tty1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(6, "\6\0\0\0\36\t\0\0tty2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(6, "\6\0\0\0\37\t\0\0tty3\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(6, "\6\0\0\0 \t\0\0tty4\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(6, "\6\0\0\0!\t\0\0tty5\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(6, "\6\0\0\0\"\t\0\0tty6\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(6, "", 384) = 0
fcntl64(6, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
alarm(0) = 1
rt_sigaction(SIGALRM, {SIG_DFL}, NULL, 8) = 0
close(6) = 0
time(NULL) = 1141211979
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=882, ...}) = 0
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=882, ...}) = 0
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=882, ...}) = 0
socket(PF_FILE, SOCK_DGRAM, 0) = 6
fcntl64(6, F_SETFD, FD_CLOEXEC) = 0
connect(6, {sa_family=AF_FILE, path="/dev/log"}, 110) = 0
send(6, "<86>Mar 2 00:19:39 sshd[24661]:"..., 84, MSG_NOSIGNAL) = 84
close(6) = 0
getuid32() = 0
chown32("/dev/pts/1", 0, 0) = 0
chmod("/dev/pts/1", 0666) = 0
close(8) = 0
waitpid(-1, 0xafd6c7b8, WNOHANG) = -1 ECHILD (No child processes)
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
read(7, 0xafd6873c, 16384) = -1 EIO (Input/output error)
close(7) = 0
select(8, [3 4], [3], NULL, NULL) = 2 (in [4], out [3])
read(4, "\0", 1) = 1
read(4, 0xafd6c7bb, 1) = -1 EAGAIN (Resource temporarily
unavailable)
rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
write(3, "|\vc\346(\277\227B\302\344\303(\247@\336U\30B\0\251\355"..., 128) = 128
select(8, [3 4], [], NULL, NULL) = 1 (in [3])
rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
read(3, "\332v/\257K\263B\346\257\337\36\7!\16I\2\222\366\204\254"..., 16384) = 32
select(8, [3 4], [], NULL, NULL) = 1 (in [3])
rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
read(3, "", 16384) = 0
rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
open("/etc/security/pam_env.conf", O_RDONLY|O_LARGEFILE) = 6
fstat64(6, {st_mode=S_IFREG|0644, st_size=3088, ...}) = 0
mmap2(NULL, 131072, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xa782a000
read(6, "# $Date: 2005/08/16 12:27:42 $\n#"..., 131072) = 3088
read(6, "", 131072) = 0
close(6) = 0
munmap(0xa782a000, 131072) = 0
open("/etc/environment", O_RDONLY|O_LARGEFILE) = 6
fstat64(6, {st_mode=S_IFREG|0644, st_size=0, ...}) = 0
mmap2(NULL, 131072, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xa782a000
read(6, "", 131072) = 0
close(6) = 0
munmap(0xa782a000, 131072) = 0
socket(PF_NETLINK, SOCK_RAW, 9) = 6
fcntl64(6, F_SETFD, FD_CLOEXEC) = 0
open("/etc/hosts", O_RDONLY) = 7
fcntl64(7, F_GETFD) = 0
fcntl64(7, F_SETFD, FD_CLOEXEC) = 0
fstat64(7, {st_mode=S_IFREG|0644, st_size=335, ...}) = 0
mmap2(NULL, 131072, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xa782a000
read(7, "# Do not remove the following li"..., 131072) = 335
read(7, "", 131072) = 0
close(7) = 0
munmap(0xa782a000, 131072) = 0
socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 7
connect(7, {sa_family=AF_INET, sin_port=htons(53),
sin_addr=inet_addr("192.168.0.5")}, 28) = 0
fcntl64(7, F_GETFL) = 0x2 (flags O_RDWR)
fcntl64(7, F_SETFL, O_RDWR|O_NONBLOCK) = 0
gettimeofday({1141211979, 650909}, NULL) = 0
poll([{fd=7, events=POLLOUT, revents=POLLOUT}], 1, 0) = 1
send(7, "\352\237\1\0\0\1\0\0\0\0\0\0\twhirlpool\4reub\3net\0"..., 36, 0) = 36
poll([{fd=7, events=POLLIN, revents=POLLIN}], 1, 5000) = 1
ioctl(7, FIONREAD, [86]) = 0
recvfrom(7, "\352\237\205\200\0\1\0\1\0\1\0\1\twhirlpool\4reub\3net"..., 1024,
0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("192.168.0.5")},
[16]) = 86
close(7) = 0
readlink("/proc/self/exe", "/usr/sbin/sshd", 4095) = 14
sendto(6, "\220\0\0\0P\4\5\0\4\0\0\0\0\0\0\0PAM: setcred acc"..., 144, 0,
{sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = -1 ECONNREFUSED
(Connection refused)
close(6) = 0
munmap(0xa7f6e000, 13680) = 0
munmap(0xa79a4000, 95332) = 0
munmap(0xa7f6c000, 6112) = 0
munmap(0xa7f6a000, 7696) = 0
munmap(0xa799c000, 30944) = 0
munmap(0xa798e000, 46496) = 0
munmap(0xa798a000, 14844) = 0
munmap(0xa79da000, 4432) = 0
shutdown(3, 2 /* send and receive */) = 0
close(3) = 0
munmap(0xa7b57000, 14008) = 0
exit_group(0) = ?
Process 24661 detached
Hmm, the difference between checks in libpam and openssh sshd is in that libpam tolerates 0 returned from audit_log_user_message but sshd doesn't. That's a bug. Steve, any comments? *** Bug 183874 has been marked as a duplicate of this bug. *** Latest update to openssh in rawhide (4.3p2-4) fixes this, and, at least from my perspective the bug report can be closed. Tomas - I'll leave it up to you to close if you are happy.. *** Bug 184247 has been marked as a duplicate of this bug. *** |