On Wed, Jul 15, 2020 at 10:41:11PM +0200, Thorsten Glaser wrote:
> Package: openssh-server
> Version: 1:8.3p1-1
> Severity: grave
> Justification: renders package unusable
>
> After an upgrade of libc6 today, I can no longer log into my
> system using ssh:
Would it perhaps make sense to reassign this to libc6 first, unless and
until it seems to be a definite bug in OpenSSH? I'd have thought that
this sort of compatibility break would be a glibc bug in any event (if
nothing else it'd need a Breaks even if the fix is in OpenSSH), perhaps
unless OpenSSH is doing something clearly undefined.
Looking at your -ddd output, the failure must be within
sshd.c:privsep_preauth_child. But its setgroups() call seems
straightforward, and I don't see how it could produce EFAULT:
gid_t gidset[1];
[...]
gidset[0] = privsep_pw->pw_gid;
if (setgroups(1, gidset) == -1)
fatal("setgroups: %.100s", strerror(errno));
Is it possible that this is x32-specific in some way? I haven't been
able to reproduce it on amd64 so far. The implementation of setgroups()
also doesn't seem to have changed between the glibc-2.30 and glibc-2.31
tags upstream, though I haven't looked at the Debian patches.
--
Colin Watson (he/him) [cjwat...@debian.org]
