pkgsrc-Users archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Problem running sshd on Darwin, "dyld: Symbol not found: _allow_severity"

On Thu, Jul 02, 2015 at 03:49:33PM +0200, Joerg Sonnenberger wrote:
> On Thu, Jul 02, 2015 at 01:04:51PM +0200, Andreas Kusalananda Kähäri wrote:
> > However, I'd like to run sshd, but after installing openssh-6.6.1nb7 and
> > rc.subr-20150510, I get this:
> > 
> >     $ sudo /opt/etc/rc.d/sshd start
> >     Starting sshd.
> >     dyld: Symbol not found: _allow_severity
> >       Referenced from: /opt/lib/libwrap.7.dylib
> >       Expected in: flat namespace
> >      in /opt/lib/libwrap.7.dylib
> 
> Using libwrap requires the main binary to supply allow_severity and
> deny_severity. That's a known design issue with it. sshd.c should
> contain the declarations, but maybe they are skipped in your build?
> 
> Joerg
> 

Stripping the binary breaks it.  Long story:

Running "bmake configure", I get "TCP Wrappers support: yes" at the end.
Looking in the work directory, I see

In config.h:

    /* Define if you want TCP Wrappers support */
    #define LIBWRAP 1

The sshd.c source file then says

    #ifdef LIBWRAP
    #include <tcpd.h>
    #include <syslog.h>
    int allow_severity;
    int deny_severity;
    #endif /* LIBWRAP */

So they should definitely be declared... but they're not.

I can see them in sshd.o and in sshd:

    $ otool -v -r sshd.o
    sshd.o:
    Relocation information (__TEXT,__text) 1121 entries
    address  pcrel length extern type    scattered symbolnum/value
    [...]
    00001910 True  long   True   GOT_LD  False     _deny_severity
    00001904 True  long   True   GOT_LD  False     _allow_severity

    $ nm sshd.o | grep severity
    0000000000000004 C _allow_severity
    0000000000000004 C _deny_severity

    $ nm sshd | grep severity
    00000001000a0e80 S _allow_severity
    00000001000a0ea0 S _deny_severity

I then noticed that the symbols had been stripped from the installed
binary in /opt/sbin/sshd, so I modified the Makefile to unset STRIP_OPT
and reinstalled.  NOW IT WORKS!

To verify that it was the stripping of the binary that caused the
problem:

    $ pwd
    /opt/pkg/obj/security/openssh/work/openssh-6.6p1

    $ rm sshd

    $ bmake
(cd openbsd-compat && bmake)
clang -o sshd sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o  audit.o audit-bsm.o audit-linux.o platform.o  sshpty.o sshlogin.o servconf.o serverloop.o  auth.o auth1.o auth2.o auth-options.o session.o  auth-chall.o auth2-chall.o groupaccess.o  auth-skey.o auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o  auth2-none.o auth2-passwd.o auth2-pubkey.o  monitor_mm.o monitor.o monitor_wrap.o kexdhs.o kexgexs.o kexecdhs.o  kexc25519s.o auth-krb5.o  auth2-gss.o gss-serv.o gss-serv-krb5.o  loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o  sftp-server.o sftp-common.o  roaming_common.o roaming_serv.o  sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o  sandbox-seccomp-filter.o sandbox-capsicum.o -L. -Lopenbsd-compat/ -L/opt/lib -L/opt/lib -L/opt/lib -L/usr/lib -fstack-protector-strong -L/opt/lib -pie -lssh -lopenbsd-compat -lwrap -lcrypto -lskey -lz  -lresolv
clang: warning: argument unused during compilation: '-pie'

    $ sudo $PWD/sshd
    (it works)

    $ sudo pkill sshd

    $ strip sshd

    $ sudo $PWD/sshd
    dyld: Symbol not found: _allow_severity
      Referenced from: /opt/lib/libwrap.7.dylib
      Expected in: flat namespace
     in /opt/lib/libwrap.7.dylib

Where do we go from here?

-- 
:: Andreas Kusalananda Kähäri, Bioinformatics Developer, BILS,
:: Uppsala University, Sweden
::----------------------------------------------------------------------
:: My other car is a cdr.
Home | Main Index | Thread Index | Old Index