Bug 183243 - OpenSSH now has a dependency on audit being compiled in kernel
OpenSSH now has a dependency on audit being compiled in kernel
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: openssh (Show other bugs)
rawhide
All Linux
medium Severity high
: ---
: ---
Assigned To: Tomas Mraz
Brian Brock
:
: 183874 184247 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-02-27 14:19 EST by Reuben Farrelly
Modified: 2007-11-30 17:11 EST (History)
3 users (show)

See Also:
Fixed In Version: openssh-4.3p2-4
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-03-06 04:45:01 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Reuben Farrelly 2006-02-27 14:19:31 EST
The FC changelog for OpenSSH shows one of the last changes as:

* Fri Feb 24 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-3
- sshd should prevent login if audit call fails

Unfortunately this breaks SSH if there is no audit daemon installed and running
on the system.

In my case I do not have audit installed as I do not use or need it, so after
this upgrade I can no longer log in via SSH.

If we are going to require audit to be installed and turned on then this needs
to be explicitly documented as this is a change from past behaviour.  However I
recall in a bug report for another package (escapes me now which one) there was
a desire from within Redhat to not require the presence of audit for a system to
function.
Comment 1 Tomas Mraz 2006-02-27 16:52:03 EST
You should have actually test it before reporting.

It will prevent login only if audit call fails AND audit daemon is running. This
is a requirement so resource starvation doesn't allow unaudited system access.
If the daemon isn't running it doesn't do anything.

Of course you have to have audit libraries installed but this is no change from
FC4 package.
Comment 2 Reuben Farrelly 2006-02-27 17:22:01 EST
I don't even have audit installed on that box, and just to be sure:

[root@tornado ~]# ps auxwww | grep -i audit
root      2001  0.0  0.0   4048   612 pts/0    S+   11:21   0:00 grep -i audit
[root@tornado ~]# 

[root@tornado ~]#  rpm -q audit
package audit is not installed
[root@tornado ~]#

audit once (as in, a few weeks ago) was installed due to a dependency issue but
was removed soon after that was resolved (ages ago).
Comment 3 Tomas Mraz 2006-02-28 02:23:36 EST
I'm asking you again - have you actually tested it?

It doesn't depend on audit being installed and running - only audit-libs. This
didn't change at all.

(Actually audit is required probably unnecessarily by vixie-cron package, but
this would be another bug report.)
Comment 4 Reuben Farrelly 2006-02-28 05:04:25 EST
I would not have bothered filing a bug if I hadn't tested it.

It so happens that the problem only occurs with kernels that do not have audit
support.  I was not running the kernel-* rpm at the time but an -mm kernel which
did not have audit support.  Building again with the only change being to enable
audit support allows sshd to work again as expected.

Which then further suggests that the problem is in fact with that latest patch
as I indicated above.  It seems to test for the support of audit in the kernel
but I don't think that the test it actually works (at least not with
2.6.16-rc4-mm2).

If you want to break compatibility with some existing configs or add further
requirements to non Fedora kernels, then I would argue that THIS close to
release is exceptionally bad timing on your part.

The dependency problem with vixie-cron was fixed in vixie-cron 4:4.1-54.FC5
about 2 weeks ago.

Just closing reports as NOTABUG because you can't figure it out or bother
looking into it is just plain lazy on your part.  You could have at least asked
for more information and made a genuine attempt to find out if there is a bug
before closing the report.
Comment 5 Tomas Mraz 2006-02-28 07:42:07 EST
You should have mentioned that you have kernel without audit support compiled in
anyway. Your report just looked like you didn't test it and you just opened the
bug report based on the changelog message.

The test for no audit support in kernel is the same as is in the PAM library
where it should prevent your logins as well if it doesn't work right. Something
is very wrong otherwise.

Could you attach strace output of sshd here?

Attach the strace to running sshd [priv] process after you connect to the
machine before you enter the password (don't use valuable one of course).
Comment 6 Reuben Farrelly 2006-03-01 06:18:47 EST
You're right, I should have mentioned about not having audit support compiled
in.  It didn't occur to me at the time :(
I'm seeing the same thing with both authorized_keys and password authentication.

Anyway, here's the strace..

[root@tornado i2c]# strace -p 24661
Process 24661 attached - interrupt to quit
read(6, 

"\0\0\0\r", 4)                  = 4
read(6, "\v\0\0\0\10password", 13)      = 13
time(NULL)                              = 1141211979
getuid32()                              = 0
open("/etc/passwd", O_RDONLY)           = 4
fcntl64(4, F_GETFD)                     = 0
fcntl64(4, F_SETFD, FD_CLOEXEC)         = 0
fstat64(4, {st_mode=S_IFREG|0644, st_size=2442, ...}) = 0
mmap2(NULL, 131072, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xa796a000
read(4, "root:x:0:0:root:/root:/bin/bash\n"..., 131072) = 2442
close(4)                                = 0
munmap(0xa796a000, 131072)              = 0
open("/etc/shadow", O_RDONLY)           = 4
fcntl64(4, F_GETFD)                     = 0
fcntl64(4, F_SETFD, FD_CLOEXEC)         = 0
fstat64(4, {st_mode=S_IFREG|0600, st_size=1624, ...}) = 0
mmap2(NULL, 131072, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xa796a000
read(4, "root:$1$tmDfiF1X$r7x0Z4FW4oL.ALn"..., 131072) = 1624
close(4)                                = 0
munmap(0xa796a000, 131072)              = 0
socket(PF_NETLINK, SOCK_RAW, 9)         = 4
fcntl64(4, F_SETFD, FD_CLOEXEC)         = 0
open("/etc/hosts", O_RDONLY)            = 7
fcntl64(7, F_GETFD)                     = 0
fcntl64(7, F_SETFD, FD_CLOEXEC)         = 0
fstat64(7, {st_mode=S_IFREG|0644, st_size=335, ...}) = 0
mmap2(NULL, 131072, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xa796a000
read(7, "# Do not remove the following li"..., 131072) = 335
read(7, "", 131072)                     = 0
close(7)                                = 0
munmap(0xa796a000, 131072)              = 0
socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 7
connect(7, {sa_family=AF_INET, sin_port=htons(53),
sin_addr=inet_addr("192.168.0.5")}, 28) = 0
fcntl64(7, F_GETFL)                     = 0x2 (flags O_RDWR)
fcntl64(7, F_SETFL, O_RDWR|O_NONBLOCK)  = 0
gettimeofday({1141211979, 599550}, NULL) = 0
poll([{fd=7, events=POLLOUT, revents=POLLOUT}], 1, 0) = 1
send(7, "\330\315\1\0\0\1\0\0\0\0\0\0\twhirlpool\4reub\3net\0"..., 36, 0) = 36
poll([{fd=7, events=POLLIN, revents=POLLIN}], 1, 5000) = 1
ioctl(7, FIONREAD, [86])                = 0
recvfrom(7, "\330\315\205\200\0\1\0\1\0\1\0\1\twhirlpool\4reub\3net"..., 1024,
0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("192.168.0.5")},
[16]) = 86
close(7)                                = 0
readlink("/proc/self/exe", "/usr/sbin/sshd", 4095) = 14
sendto(4, "\220\0\0\0L\4\5\0\1\0\0\0\0\0\0\0PAM: authenticat"..., 144, 0,
{sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = -1 ECONNREFUSED
(Connection refused)
close(4)                                = 0
write(6, "\0\0\0\5\f", 5)               = 5
write(6, "\0\0\0\1", 4)                 = 4
read(6, "\0\0\0\1", 4)                  = 4
read(6, "/", 1)                         = 1
open("/etc/nologin", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory)
getuid32()                              = 0
open("/etc/passwd", O_RDONLY)           = 4
fcntl64(4, F_GETFD)                     = 0
fcntl64(4, F_SETFD, FD_CLOEXEC)         = 0
fstat64(4, {st_mode=S_IFREG|0644, st_size=2442, ...}) = 0
mmap2(NULL, 131072, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xa796a000
read(4, "root:x:0:0:root:/root:/bin/bash\n"..., 131072) = 2442
close(4)                                = 0
munmap(0xa796a000, 131072)              = 0
open("/etc/shadow", O_RDONLY)           = 4
fcntl64(4, F_GETFD)                     = 0
fcntl64(4, F_SETFD, FD_CLOEXEC)         = 0
fstat64(4, {st_mode=S_IFREG|0600, st_size=1624, ...}) = 0
mmap2(NULL, 131072, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xa796a000
read(4, "root:$1$tmDfiF1X$r7x0Z4FW4oL.ALn"..., 131072) = 1624
close(4)                                = 0
munmap(0xa796a000, 131072)              = 0
time(NULL)                              = 1141211979
socket(PF_NETLINK, SOCK_RAW, 9)         = 4
fcntl64(4, F_SETFD, FD_CLOEXEC)         = 0
open("/etc/hosts", O_RDONLY)            = 7
fcntl64(7, F_GETFD)                     = 0
fcntl64(7, F_SETFD, FD_CLOEXEC)         = 0
fstat64(7, {st_mode=S_IFREG|0644, st_size=335, ...}) = 0
mmap2(NULL, 131072, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xa796a000
read(7, "# Do not remove the following li"..., 131072) = 335
read(7, "", 131072)                     = 0
close(7)                                = 0
munmap(0xa796a000, 131072)              = 0
socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 7
connect(7, {sa_family=AF_INET, sin_port=htons(53),
sin_addr=inet_addr("192.168.0.5")}, 28) = 0
fcntl64(7, F_GETFL)                     = 0x2 (flags O_RDWR)
fcntl64(7, F_SETFL, O_RDWR|O_NONBLOCK)  = 0
gettimeofday({1141211979, 606754}, NULL) = 0
poll([{fd=7, events=POLLOUT, revents=POLLOUT}], 1, 0) = 1
send(7, "\36\244\1\0\0\1\0\0\0\0\0\0\twhirlpool\4reub\3net\0"..., 36, 0) = 36
poll([{fd=7, events=POLLIN, revents=POLLIN}], 1, 5000) = 1
ioctl(7, FIONREAD, [86])                = 0
recvfrom(7, "\36\244\205\200\0\1\0\1\0\1\0\1\twhirlpool\4reub\3net\0"..., 1024,
0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("192.168.0.5")},
[16]) = 86
close(7)                                = 0
readlink("/proc/self/exe", "/usr/sbin/sshd", 4095) = 14
sendto(4, "\214\0\0\0M\4\5\0\2\0\0\0\0\0\0\0PAM: accounting "..., 140, 0,
{sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = -1 ECONNREFUSED
(Connection refused)
close(4)                                = 0
write(6, "\0\0\0\t0", 5)                = 5
write(6, "\0\0\0\1\0\0\0\0", 8)         = 8
getpeername(3, {sa_family=AF_INET, sin_port=htons(54582),
sin_addr=inet_addr("192.168.0.7")}, [16]) = 0
time(NULL)                              = 1141211979
open("/etc/localtime", O_RDONLY)        = 4
fstat64(4, {st_mode=S_IFREG|0644, st_size=882, ...}) = 0
fstat64(4, {st_mode=S_IFREG|0644, st_size=882, ...}) = 0
mmap2(NULL, 131072, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xa796a000
read(4, "TZif\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\6\0\0\0\6\0"..., 131072) = 882
close(4)                                = 0
munmap(0xa796a000, 131072)              = 0
--- SIGCHLD (Child exited) @ 0 (0) ---
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=882, ...}) = 0
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=882, ...}) = 0
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=882, ...}) = 0
socket(PF_FILE, SOCK_DGRAM, 0)          = 4
fcntl64(4, F_SETFD, FD_CLOEXEC)         = 0
connect(4, {sa_family=AF_FILE, path="/dev/log"}, 110) = 0
send(4, "<86>Mar  2 00:19:39 sshd[24661]:"..., 92, MSG_NOSIGNAL) = 92
close(4)                                = 0
read(6, "\0\0\4\256", 4)                = 4
read(6, "\31\0\0\0\24\f\244r\240\274\20\373\0\rG\'\2159;;\322\315"..., 1198) = 1198
close(6)                                = 0
mmap2(NULL, 1310720, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_ANONYMOUS, -1, 0) =
0xa784a000
munmap(0xa7b3c000, 65536)               = 0
waitpid(24662, [{WIFEXITED(s) && WEXITSTATUS(s) == 0}], 0) = 24662
alarm(0)                                = 103
rt_sigaction(SIGALRM, NULL, {0x7555c820, [], SA_INTERRUPT}, 8) = 0
rt_sigaction(SIGALRM, {SIG_DFL}, NULL, 8) = 0
close(5)                                = 0
rt_sigaction(SIGCHLD, NULL, {SIG_DFL}, 8) = 0
rt_sigaction(SIGCHLD, {0x75565300, [], 0}, NULL, 8) = 0
rt_sigaction(SIGTERM, NULL, {SIG_DFL}, 8) = 0
rt_sigaction(SIGTERM, {0x75563ed0, [], 0}, NULL, 8) = 0
rt_sigaction(SIGINT, NULL, {SIG_DFL}, 8) = 0
rt_sigaction(SIGINT, {0x75563ed0, [], 0}, NULL, 8) = 0
rt_sigaction(SIGQUIT, NULL, {SIG_DFL}, 8) = 0
rt_sigaction(SIGQUIT, {0x75563ed0, [], 0}, NULL, 8) = 0
pipe([4, 5])                            = 0
fcntl64(4, F_SETFD, FD_CLOEXEC)         = 0
fcntl64(5, F_SETFD, FD_CLOEXEC)         = 0
fcntl64(4, F_GETFL)                     = 0 (flags O_RDONLY)
fcntl64(4, F_SETFL, O_RDONLY|O_NONBLOCK) = 0
fcntl64(5, F_GETFL)                     = 0x1 (flags O_WRONLY)
fcntl64(5, F_SETFL, O_WRONLY|O_NONBLOCK) = 0
select(5, [3 4], [], NULL, NULL)        = 1 (in [3])
rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
read(3, "\207\366\312\214\314^\7i\6\260K\274\253\16\346h\25&\030"..., 16384) = 64
ioctl(-1, SNDCTL_TMR_TIMEBASE or TCGETS, 0xafd6c628) = -1 EBADF (Bad file
descriptor)
ioctl(-1, SNDCTL_TMR_TIMEBASE or TCGETS, 0xafd6c628) = -1 EBADF (Bad file
descriptor)
select(5, [3 4], [3], NULL, NULL)       = 1 (out [3])
rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
write(3, "\252\f\10\32\214\"\365\253\357*\304\350!&\374\33\337\266"..., 48) = 48
select(5, [3 4], [], NULL, NULL)        = 1 (in [3])
rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
read(3, "e\315j\364\3566\326g\2542\211=\t|\333\320<\274\363\346"..., 16384) = 448
open("/dev/ptmx", O_RDWR)               = 6
statfs("/dev/pts", {f_type="DEVPTS_SUPER_MAGIC", f_bsize=4096, f_blocks=0,
f_bfree=0, f_bavail=0, f_files=0, f_ffree=0, f_fsid={0, 0}, f_namelen=255,
f_frsize=4096}) = 0
ioctl(6, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(6, TIOCGPTN, [1])                 = 0
stat64("/dev/pts/1", {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 1), ...}) = 0
statfs("/dev/pts/1", {f_type="DEVPTS_SUPER_MAGIC", f_bsize=4096, f_blocks=0,
f_bfree=0, f_bavail=0, f_files=0, f_ffree=0, f_fsid={0, 0}, f_namelen=255,
f_frsize=4096}) = 0
ioctl(6, TIOCSPTLCK, [0])               = 0
ioctl(6, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(6, TIOCGPTN, [1])                 = 0
stat64("/dev/pts/1", {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 1), ...}) = 0
open("/dev/pts/1", O_RDWR|O_NOCTTY)     = 7
ioctl(7, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0
readlink("/proc/self/fd/7", "/dev/pts/1", 4095) = 10
ioctl(7, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(7, SNDCTL_TMR_START or TCSETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(7, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0
open("/etc/group", O_RDONLY)            = 8
fcntl64(8, F_GETFD)                     = 0
fcntl64(8, F_SETFD, FD_CLOEXEC)         = 0
fstat64(8, {st_mode=S_IFREG|0644, st_size=899, ...}) = 0
mmap2(NULL, 131072, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xa782a000
read(8, "root:x:0:root,reuben\nbin:x:1:roo"..., 131072) = 899
close(8)                                = 0
munmap(0xa782a000, 131072)              = 0
stat64("/dev/pts/1", {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 1), ...}) = 0
open("/proc/filesystems", O_RDONLY|O_LARGEFILE) = 8
read(8, "nodev\tsysfs\nnodev\trootfs\nnodev\tb"..., 4095) = 260
close(8)                                = 0
ioctl(6, TIOCSWINSZ, {ws_row=28, ws_col=80, ws_xpixel=0, ws_ypixel=0}) = 0
open("/etc/security/pam_env.conf", O_RDONLY|O_LARGEFILE) = 8
fstat64(8, {st_mode=S_IFREG|0644, st_size=3088, ...}) = 0
mmap2(NULL, 131072, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xa782a000
read(8, "# $Date: 2005/08/16 12:27:42 $\n#"..., 131072) = 3088
read(8, "", 131072)                     = 0
close(8)                                = 0
munmap(0xa782a000, 131072)              = 0
open("/etc/environment", O_RDONLY|O_LARGEFILE) = 8
fstat64(8, {st_mode=S_IFREG|0644, st_size=0, ...}) = 0
mmap2(NULL, 131072, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xa782a000
read(8, "", 131072)                     = 0
close(8)                                = 0
munmap(0xa782a000, 131072)              = 0
socket(PF_NETLINK, SOCK_RAW, 9)         = 8
fcntl64(8, F_SETFD, FD_CLOEXEC)         = 0
open("/etc/hosts", O_RDONLY)            = 9
fcntl64(9, F_GETFD)                     = 0
fcntl64(9, F_SETFD, FD_CLOEXEC)         = 0
fstat64(9, {st_mode=S_IFREG|0644, st_size=335, ...}) = 0
mmap2(NULL, 131072, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xa782a000
read(9, "# Do not remove the following li"..., 131072) = 335
read(9, "", 131072)                     = 0
close(9)                                = 0
munmap(0xa782a000, 131072)              = 0
socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 9
connect(9, {sa_family=AF_INET, sin_port=htons(53),
sin_addr=inet_addr("192.168.0.5")}, 28) = 0
fcntl64(9, F_GETFL)                     = 0x2 (flags O_RDWR)
fcntl64(9, F_SETFL, O_RDWR|O_NONBLOCK)  = 0
gettimeofday({1141211979, 626238}, NULL) = 0
poll([{fd=9, events=POLLOUT, revents=POLLOUT}], 1, 0) = 1
send(9, "\377B\1\0\0\1\0\0\0\0\0\0\twhirlpool\4reub\3net\0"..., 36, 0) = 36
poll([{fd=9, events=POLLIN, revents=POLLIN}], 1, 5000) = 1
ioctl(9, FIONREAD, [86])                = 0
recvfrom(9, "\377B\205\200\0\1\0\1\0\1\0\1\twhirlpool\4reub\3net\0"..., 1024, 0,
{sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("192.168.0.5")},
[16]) = 86
close(9)                                = 0
readlink("/proc/self/exe", "/usr/sbin/sshd", 4095) = 14
sendto(8, "\220\0\0\0O\4\5\0\3\0\0\0\0\0\0\0PAM: setcred acc"..., 144, 0,
{sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = -1 ECONNREFUSED
(Connection refused)
close(8)                                = 0
clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD,
child_tidptr=0xa7b5b6f8) = 24689
close(7)                                = 0
dup(6)                                  = 7
dup(6)                                  = 8
getsockopt(3, SOL_TCP, TCP_NODELAY, [0], [4]) = 0
setsockopt(3, SOL_TCP, TCP_NODELAY, [1], 4) = 0
getsockname(3, {sa_family=AF_INET, sin_port=htons(22),
sin_addr=inet_addr("192.168.0.5")}, [16]) = 0
setsockopt(3, SOL_IP, IP_TOS, [16], 4)  = 0
ioctl(7, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(6, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(6, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0
fcntl64(7, F_GETFL)                     = 0x2 (flags O_RDWR)
fcntl64(7, F_SETFL, O_RDWR|O_NONBLOCK)  = 0
fcntl64(6, F_GETFL)                     = 0x802 (flags O_RDWR|O_NONBLOCK)
select(8, [3 4 7], [3], NULL, NULL)     = 1 (out [3])
rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
write(3, "\\\365\327@\207.\324\224y\33\342\240^\245\3564\4Q@\20\246"..., 48) = 48
select(8, [3 4 7], [], NULL, NULL)      = 1 (in [7])
--- SIGCHLD (Child exited) @ 0 (0) ---
rt_sigaction(SIGCHLD, NULL, {0x75565300, [], 0}, 8) = 0
write(5, "\0", 1)                       = 1
sigreturn()                             = ? (mask now [])
rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
waitpid(-1, [{WIFEXITED(s) && WEXITSTATUS(s) == 255}], WNOHANG) = 24689
close(6)                                = 0
open("/etc/passwd", O_RDONLY)           = 6
fcntl64(6, F_GETFD)                     = 0
fcntl64(6, F_SETFD, FD_CLOEXEC)         = 0
fstat64(6, {st_mode=S_IFREG|0644, st_size=2442, ...}) = 0
mmap2(NULL, 131072, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xa782a000
read(6, "root:x:0:0:root:/root:/bin/bash\n"..., 131072) = 2442
close(6)                                = 0
munmap(0xa782a000, 131072)              = 0
geteuid32()                             = 0
gettimeofday({1141211979, 636556}, NULL) = 0
access("/var/run/utmpx", F_OK)          = -1 ENOENT (No such file or directory)
open("/var/run/utmp", O_RDWR)           = 6
fcntl64(6, F_GETFD)                     = 0
fcntl64(6, F_SETFD, FD_CLOEXEC)         = 0
_llseek(6, 0, [0], SEEK_SET)            = 0
alarm(0)                                = 0
rt_sigaction(SIGALRM, {0xa7c97cd0, [], 0}, {SIG_DFL}, 8) = 0
alarm(1)                                = 0
fcntl64(6, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0
read(6, "\10\0\0\0\234\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(6, "\2\0\0\0\0\0\0\0~\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(6, "\1\0\0\0003N\0\0~\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(6, "\10\0\0\0\327\4\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(6, "\6\0\0\0\34\t\0\0ttyS0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(6, "\6\0\0\0\35\t\0\0tty1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(6, "\6\0\0\0\36\t\0\0tty2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(6, "\6\0\0\0\37\t\0\0tty3\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(6, "\6\0\0\0 \t\0\0tty4\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(6, "\6\0\0\0!\t\0\0tty5\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(6, "\6\0\0\0\"\t\0\0tty6\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 384) = 384
read(6, "", 384)                        = 0
fcntl64(6, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0
alarm(0)                                = 1
rt_sigaction(SIGALRM, {SIG_DFL}, NULL, 8) = 0
close(6)                                = 0
time(NULL)                              = 1141211979
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=882, ...}) = 0
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=882, ...}) = 0
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=882, ...}) = 0
socket(PF_FILE, SOCK_DGRAM, 0)          = 6
fcntl64(6, F_SETFD, FD_CLOEXEC)         = 0
connect(6, {sa_family=AF_FILE, path="/dev/log"}, 110) = 0
send(6, "<86>Mar  2 00:19:39 sshd[24661]:"..., 84, MSG_NOSIGNAL) = 84
close(6)                                = 0
getuid32()                              = 0
chown32("/dev/pts/1", 0, 0)             = 0
chmod("/dev/pts/1", 0666)               = 0
close(8)                                = 0
waitpid(-1, 0xafd6c7b8, WNOHANG)        = -1 ECHILD (No child processes)
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
read(7, 0xafd6873c, 16384)              = -1 EIO (Input/output error)
close(7)                                = 0
select(8, [3 4], [3], NULL, NULL)       = 2 (in [4], out [3])
read(4, "\0", 1)                        = 1
read(4, 0xafd6c7bb, 1)                  = -1 EAGAIN (Resource temporarily
unavailable)
rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
write(3, "|\vc\346(\277\227B\302\344\303(\247@\336U\30B\0\251\355"..., 128) = 128
select(8, [3 4], [], NULL, NULL)        = 1 (in [3])
rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
read(3, "\332v/\257K\263B\346\257\337\36\7!\16I\2\222\366\204\254"..., 16384) = 32
select(8, [3 4], [], NULL, NULL)        = 1 (in [3])
rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
read(3, "", 16384)                      = 0
rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
open("/etc/security/pam_env.conf", O_RDONLY|O_LARGEFILE) = 6
fstat64(6, {st_mode=S_IFREG|0644, st_size=3088, ...}) = 0
mmap2(NULL, 131072, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xa782a000
read(6, "# $Date: 2005/08/16 12:27:42 $\n#"..., 131072) = 3088
read(6, "", 131072)                     = 0
close(6)                                = 0
munmap(0xa782a000, 131072)              = 0
open("/etc/environment", O_RDONLY|O_LARGEFILE) = 6
fstat64(6, {st_mode=S_IFREG|0644, st_size=0, ...}) = 0
mmap2(NULL, 131072, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xa782a000
read(6, "", 131072)                     = 0
close(6)                                = 0
munmap(0xa782a000, 131072)              = 0
socket(PF_NETLINK, SOCK_RAW, 9)         = 6
fcntl64(6, F_SETFD, FD_CLOEXEC)         = 0
open("/etc/hosts", O_RDONLY)            = 7
fcntl64(7, F_GETFD)                     = 0
fcntl64(7, F_SETFD, FD_CLOEXEC)         = 0
fstat64(7, {st_mode=S_IFREG|0644, st_size=335, ...}) = 0
mmap2(NULL, 131072, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xa782a000
read(7, "# Do not remove the following li"..., 131072) = 335
read(7, "", 131072)                     = 0
close(7)                                = 0
munmap(0xa782a000, 131072)              = 0
socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 7
connect(7, {sa_family=AF_INET, sin_port=htons(53),
sin_addr=inet_addr("192.168.0.5")}, 28) = 0
fcntl64(7, F_GETFL)                     = 0x2 (flags O_RDWR)
fcntl64(7, F_SETFL, O_RDWR|O_NONBLOCK)  = 0
gettimeofday({1141211979, 650909}, NULL) = 0
poll([{fd=7, events=POLLOUT, revents=POLLOUT}], 1, 0) = 1
send(7, "\352\237\1\0\0\1\0\0\0\0\0\0\twhirlpool\4reub\3net\0"..., 36, 0) = 36
poll([{fd=7, events=POLLIN, revents=POLLIN}], 1, 5000) = 1
ioctl(7, FIONREAD, [86])                = 0
recvfrom(7, "\352\237\205\200\0\1\0\1\0\1\0\1\twhirlpool\4reub\3net"..., 1024,
0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("192.168.0.5")},
[16]) = 86
close(7)                                = 0
readlink("/proc/self/exe", "/usr/sbin/sshd", 4095) = 14
sendto(6, "\220\0\0\0P\4\5\0\4\0\0\0\0\0\0\0PAM: setcred acc"..., 144, 0,
{sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = -1 ECONNREFUSED
(Connection refused)
close(6)                                = 0
munmap(0xa7f6e000, 13680)               = 0
munmap(0xa79a4000, 95332)               = 0
munmap(0xa7f6c000, 6112)                = 0
munmap(0xa7f6a000, 7696)                = 0
munmap(0xa799c000, 30944)               = 0
munmap(0xa798e000, 46496)               = 0
munmap(0xa798a000, 14844)               = 0
munmap(0xa79da000, 4432)                = 0
shutdown(3, 2 /* send and receive */)   = 0
close(3)                                = 0
munmap(0xa7b57000, 14008)               = 0
exit_group(0)                           = ?
Process 24661 detached
Comment 7 Tomas Mraz 2006-03-01 07:25:55 EST
Hmm, the difference between checks in libpam and openssh sshd is in that libpam
tolerates 0 returned from audit_log_user_message but sshd doesn't. That's a bug.

Steve, any comments?
Comment 8 Tomas Mraz 2006-03-03 06:01:54 EST
*** Bug 183874 has been marked as a duplicate of this bug. ***
Comment 9 Reuben Farrelly 2006-03-04 06:08:05 EST
Latest update to openssh in rawhide (4.3p2-4) fixes this, and, at least from my
perspective the bug report can be closed.
Tomas - I'll leave it up to you to close if you are happy..
Comment 10 Tomas Mraz 2006-03-07 16:06:46 EST
*** Bug 184247 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.