This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: Does anyone have ssh problem with glibc 2.31?
- From: Rich Felker <dalias at libc dot org>
- To: "H.J. Lu" <hjl dot tools at gmail dot com>
- Cc: "Rodriguez Bahena, Victor" <victor dot rodriguez dot bahena at intel dot com>, Florian Weimer <fweimer at redhat dot com>, GNU C Library <libc-alpha at sourceware dot org>
- Date: Fri, 14 Feb 2020 11:39:38 -0500
- Subject: Re: Does anyone have ssh problem with glibc 2.31?
- References: <CAMe9rOos7cA9k4+hkucG2XBX_SKH2DfbDc=4w=DvkMS+Suxm8A@mail.gmail.com> <874kvt2odw.fsf@oldenburg2.str.redhat.com> <20200214160804.GL1663@brightrain.aerifal.cx> <CAMe9rOp=505AWjLw+e3KR6Yp4qkSGCKPz-FuTAJYG-wa3iRjPg@mail.gmail.com>
On Fri, Feb 14, 2020 at 08:24:12AM -0800, H.J. Lu wrote:
> On Fri, Feb 14, 2020 at 8:08 AM Rich Felker <dalias@libc.org> wrote:
> >
> > On Fri, Feb 14, 2020 at 04:13:15PM +0100, Florian Weimer wrote:
> > > * H. J. Lu:
> > >
> > > > I got a report that ssh to localhost didn't work with glibc 2.31:
> > > >
> > > > $ ssh -vv test@localhost
> > > > verify journalctl for messages like
> > > > Feb 13 16:11:12 clr-c8ac6e4ce4c94ca4ac9188a967175ec3 sshd[297]: Server
> > > > listening on :: port 22.
> > > > Feb 13 16:11:59 clr-c8ac6e4ce4c94ca4ac9188a967175ec3 sshd[313]:
> > > > pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0
> > > > tty=ssh ruser= rhost=127.0.0.1 user=test
> > > >
> > > > They had to downgrade to glibc 2.30. Has anyone seen anything similar?
> > >
> > > It's seccomp-related. OpenSSH and systemd need updating.
> >
> > Yes, OpenSSH is missing seccomp rules to allow the time64 versions of
> > some syscalls. I forget whether it only affects systems without vdso
> > or all (32-bit) systems. Adélie Linux already has a patch as part of
> > this commit:
> >
> > https://code.foxkit.us/adelie/packages/commit/fc1725b12ffae83614d3792ec9a8fae764fa8213
> >
>
> Adding Victor.
Reportedly it's fixed upstream now and in the 8.2 release.
BTW this and other breaking issues are documented in the Adélie Linux
time64 wiki page: https://wiki.adelielinux.org/wiki/Project:Time64
Rich