OpenSSH-2.9.X and GCC-2.95.3

From: Geoff Collis (geoff@andale.com)
Date: 10/24/01


Message-ID: <3C33BA4DEAB2D511A16900500488E66111D546@mail.vendorhub.com>
From: Geoff Collis <geoff@andale.com>
To: SUN-sec Mailinglist <focus-sun@securityfocus.com>
Subject: OpenSSH-2.9.X and GCC-2.95.3
Date: Wed, 24 Oct 2001 11:39:17 -0700

I have recently been struggling with an issue that affects OpenSSH-2.9X
release on Solaris 2.6, 7 and 8 when compiled with gcc-2.95.3 (gcc was
downloaded from www.sunfreeware.com).

The latest release OpenSSH-2.9.9p2 builds correctly, but scp does not work
at all, regardless of authentication method, it simply crashes before
transferring anything. By running sshd -D on the remote side, it appears to
coredump on the remote system. I tried removing "-g -O2" from CFLAGS, I
still get the same problem on all Solaris versions, 2.6, 7 and 8.

OpenSSH-2.9p1 compiles OK, but "ssh-keygen -p" dumps core when you try to
change the passphrase in the key file (RSA1, RSA and DSA).

For the moment at least I have a combination that works, OpenSSH-2.9p1 built
with default CFLAGS, and ssh-keygen built from the OpenSSH-2.9.9p2 source
but with "-g -O2" removed from the CFLAGS.

I would like to run OpenSSH-2.9.9p2 everywhere because of the security
issues with OpenSSH-2.9p1.

Given that I get the same problems on Solaris 2.6, 7 and 8, I suspect this
is either a problem with my config, the source and/or maybe the gcc version.
I do make some changes to configure, namely:

  ./configure --prefix= /usr/local/depot/openssh-2.9.9p2 \
  --sysconfdir=/etc/ssh \
  --with-tcp-wrappers \
  --with-prngd-socket=/var/opt/egd-pool \
  --without-rsh --with-pam \
  --with-default-path=/sbin:/usr/sbin:/bin:/usr/local/sbin:/usr/local/bin

I create symlinks to the binaries, man pages in
/usr/local/depot/openssh-2.9.9p2 as part of building a SUN package from the
compiled source (pkgmk/pkgadd etc).

Has anyone else run into similar problems?

- Geoff Collis