DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:references:mime-version:content-type:in-reply-to; q=dns; s=
	default; b=IA8cOi2AAsIstk02Jyih9+61xrOpvWbZfcfBh1swJRQ5yysO0spVi
	9qY9pO5Jhc2WoyTunKUS+qMkffD7zGTT7feSNVOsOvsa7QnkPJRX4GLPYBUAgm8P
	UCPWuP0v14OuplXgISszU+2kL9wMMWrxYDL3hONyezFyJ+qxVSpyQE=
Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
Date: Tue, 6 May 2014 18:39:36 +0200
From: Corinna Vinschen <corinna-cygwin@cygwin.com>
To: cygwin@cygwin.com
Subject: Re: snapshot 05/05: ssh segmentation fault within screen
Message-ID: <20140506163936.GY30918@calimero.vinschen.de>
Reply-To: cygwin@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
References: <5368525F.2070301@shaddybaddah.name>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;	protocol="application/pgp-signature"; boundary="3jK+0sHr6j/jwA0V"
Content-Disposition: inline
In-Reply-To: <5368525F.2070301@shaddybaddah.name>
User-Agent: Mutt/1.5.21 (2010-09-15)

--3jK+0sHr6j/jwA0V
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On May  6 11:09, Shaddy Baddah wrote:
> Hi,
>=20
> I've just dropped snapshot 2014-05-05 into my 64bit Cygwin install.
>=20
> I am getting a segmentation fault running ssh from within a screen
> session. Regardless of the arguments passed:
>=20
> $ ssh -V
> OpenSSH_6.6.1p1, OpenSSL 1.0.1g 7 Apr 2014
>=20
> $ screen
> <cleared screen>
> Screen version 4.01.00devel (GNU) 2-May-06
> ...
>                                             [Press Space or Return to end=
.]
> <cleared screen>
> $ ssh -V
> Segmentation fault (core dumped)

This is by far the worst message I got in the last couple of weeks :(

The problem here is that I thought it would be a good idea to cache
passwd and group data in the cygheap, which is a Cygwin DLL specific
heap containing datastructures propagated to child processes via fork
and execve.

The problem, which I totally not realized since I started implementing
this stuff is, that by propagating this cache to child processes, said
child processes suffer from what the parent process does to the passwd
structures in the cache.

Screen seems to call getpwuid and then sets some of the pointers in the
passwd structure it got from the call to NULL, apparently for some sort
of security, this way overwriting the cached passwd struct for the
current user.  Ssh on the other hand tries to copy the passwd structure,
but it never checks for NULL pointers because, well, the passwd
structure never contains NULL pointers.

This annihilates every advantage the cygheap caching has.

*sob*

Oh well, back to the drawing board.  This will take some time, though.


Thanks,
Corinna

--=20
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

--3jK+0sHr6j/jwA0V
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJTaRBIAAoJEPU2Bp2uRE+ghV0QAI6vDVynKNUxRT2G04aH1D6y
Wm64e3xAOn6WKLlNBGyr+d5xbVhp1lR2MyLILzrfHnbAm6GkPpvyI+uWaBRp2JRr
OmRRzWOMmS8gYsMajJeh4/8a1WcSHFDGGi5GPlI0eLhbtUCqT2lOvmy72qNf58JD
pQb2tertPWu8EoEQBdkzYkVMmomh7zl/QHASIdZpsqR3dz68KRedZ4P2a/0SPxR7
IaOGXFQretfLRAy4RnK/wQS6dR0i2tiKuCpZ1C+wgr/7T6wzG2b81HZ3Bv8Q98Xo
dLf/WlE4/tn1okVp+El4WYJnPyy6N2K9jUqc2er3d2woqdxY4Eq5bNxoVhrG7ziX
KsRBfjmRHM+rpvOH1z5I+2kx84x0pkvDlC3BN2rX8YB1+BqEmEvYpS5CNtRoZXxg
SyDUrIS99e0QlTEhYzvoSH6Jsxmz0MEugrH4f9A4qJzUwXUHOvoByiNlCAsQYvd4
KG50Fx47HempGQ7W02JBF25C9WqQrypZ7EN2Uj9Wx/wDuBTgXv9QJcLmmLxUgU50
FSOAPC9OdLEjasBMOjgZzO+FKMJJ7BNCqE2NrgV1xbi5K3dOrDMXXf9V/DOtoBwS
m+9CDt8mK5LfGNxfMF/hQAXCkTBoDAZqvn7jKGvTrg8u9LUKQkh9IRqTI5D6s6cB
5/tZloEXtW8m0gQIIb6O
=0yY0
-----END PGP SIGNATURE-----

--3jK+0sHr6j/jwA0V--