OpenSSH has been configured with the following options: User binaries: /usr/bin System binaries: /usr/sbin Configuration files: /etc/ssh Askpass program: /usr/lib/misc/ssh-askpass Manual pages: /usr/share/man/manX PID file: /var/run Privilege separation chroot path: /var/empty sshd default user PATH: /usr/bin:/bin:/usr/sbin:/sbin Manpage format: doc PAM support: yes KerberosV support: no Smartcard support: no S/KEY support: yes TCP Wrappers support: yes MD5 password support: yes IP address in $DISPLAY hack: no Translate v4 in v6 hack: yes BSD Auth support: no Random number source: OpenSSL internal ONLY Host: i686-pc-linux-gnu Compiler: gcc Compiler flags: -march=athlon-xp -O3 -pipe -Wall -Wpointer-arith -Wno-uninitialized Preprocessor flags: Linker flags: Libraries: -lwrap -lpam -ldl -lresolv -lcrypto -lskey -lutil -lz -lnsl -lcrypt . . . a - atomicio.o a - key.o a - dispatch.o a - kex.o a - mac.o a - uidswap.o a - uuencode.o a - misc.o a - monitor_fdpass.o a - rijndael.o a - ssh-dss.o a - ssh-rsa.o a - dh.o a - kexdh.o a - kexgex.o a - kexdhc.o a - kexgexc.o a - scard.o a - msg.o a - progressmeter.o a - dns.o a - entropy.o a - scard-opensc.o a - gss-genr.o ranlib libssh.a gcc -o ssh ssh.o readconf.o clientloop.o sshtty.o sshconnect.o sshconnect1.o sshconnect2.o -L. -Lopenbsd-compat/ -lssh -lopenbsd-compa t -lresolv -lcrypto -lskey -lutil -lz -lnsl -lcrypt gcc -o sshd sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o sshpty.o sshlogin.o servconf.o serverloop.o auth.o auth1.o auth 2.o auth-options.o session.o auth-chall.o auth2-chall.o groupaccess.o auth-skey.o auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o auth2 -none.o auth2-passwd.o auth2-pubkey.o monitor_mm.o monitor.o monitor_wrap.o kexdhs.o kexgexs.o auth-krb5.o auth2-gss.o gss-serv.o gss-s erv-krb5.o loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o -L. -Lopenbsd-compat/ -lssh -lopenbsd-compat -lwrap -lpam -ldl -l resolv -lcrypto -lskey -lutil -lz -lnsl -lcrypt gcc -o ssh-add ssh-add.o -L. -Lopenbsd-compat/ -lssh -lopenbsd-compat -lresolv -lcrypto -lskey -lutil -lz -lnsl -lcrypt gcc -o ssh-keygen ssh-keygen.o -L. -Lopenbsd-compat/ -lssh -lopenbsd-compat -lresolv -lcrypto -lskey -lutil -lz -lnsl -lcrypt gcc -o ssh-keyscan ssh-keyscan.o -L. -Lopenbsd-compat/ -lssh -lopenbsd-compat -lssh -lresolv -lcrypto -lskey -lutil -lz -lnsl -lcrypt gcc -o ssh-keysign ssh-keysign.o readconf.o -L. -Lopenbsd-compat/ -lssh -lopenbsd-compat -lresolv -lcrypto -lskey -lutil -lz -lnsl -lc rypt gcc -o ssh-agent ssh-agent.o -L. -Lopenbsd-compat/ -lssh -lopenbsd-compat -lresolv -lcrypto -lskey -lutil -lz -lnsl -lcrypt gcc -o scp scp.o progressmeter.o -L. -Lopenbsd-compat/ -lssh -lopenbsd-compat -lresolv -lcrypto -lskey -lutil -lz -lnsl -lcrypt gcc -o ssh-rand-helper ssh-rand-helper.o -L. -Lopenbsd-compat/ -lssh -lopenbsd-compat -lresolv -lcrypto -lskey -lutil -lz -lnsl -lcryp t gcc -o sftp-server sftp-server.o sftp-common.o -L. -Lopenbsd-compat/ -lssh -lopenbsd-compat -lresolv -lcrypto -lskey -lutil -lz -lnsl -lcrypt gcc -o sftp progressmeter.o sftp.o sftp-client.o sftp-common.o sftp-glob.o -L. -Lopenbsd-compat/ -lssh -lopenbsd-compat -lresolv -lcry pto -lskey -lutil -lz -lnsl -lcrypt --------------------------- ACCESS VIOLATION SUMMARY --------------------------- LOG FILE = "/tmp/sandbox-net-misc_-_openssh-3.9_p1-7139.log" open_wr: /etc/skey/skeykeys -------------------------------------------------------------------------------- (contents of logfile are a single line matching the open_wr above) Reproducible: Always Steps to Reproduce: 1. euse -E skey 2. ACCEPT_KEYWORDS="~x86" emerge "=net-misc/openssh-3.9_p1" Portage 2.0.50-r9 (default-x86-2004.2, gcc-3.3.4, glibc-2.3.4.20040808-r0, 2.6.8) ================================================================= System uname: 2.6.8 i686 AMD Athlon(TM) XP 1800+ Gentoo Base System version 1.5.2 distcc 2.16 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632) [disabled] ccache version 2.3 [enabled] Autoconf: sys-devel/autoconf-2.59-r4 Automake: sys-devel/automake-1.8.5-r1 ACCEPT_KEYWORDS="x86 ~x86" AUTOCLEAN="yes" CFLAGS="-march=athlon-xp -O3 -funroll-loops -pipe" CHOST="i686-pc-linux-gnu" COMPILER="gcc3" CONFIG_PROTECT="/etc /usr/X11R6/lib/X11/xkb /usr/kde/2/share/config /usr/kde/3.3/share/config:/usr/kde/3.3/env:/usr/kde/3.3/shutdown /usr/kde/3/share/config /usr/lib/mozilla/defaults/pref /usr/share/config /usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/ /usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/ /usr/share/texmf/xdvi/ /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-march=athlon-xp -O3 -funroll-loops -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="autoaddcvs buildpkg ccache sandbox" MAKEOPTS="-j3" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/overlays/portage /usr/local/overlays/bmg-main /usr/local/overlays/bmg-gnome" USE="3dnow X aac aalib accounting acl acpi acpi4linux adns aim alsa amd apache2 arts asterisk async audiofile avantgo avi berkdb cap caps cddb cdr cgi chroot clamav crypt cscope cups curl dga dillo directfb divx4linux dnd dnsdb dv dvd dvdr encode erandom escreen esd etwin f77 faad fam fastcgi fbcon fbdev fdftk ffmpeg fftw flac flash fmod foomaticdb freetype fs gd gdbm gif glut gmp gnutls gphoto2 gpm gps gstreamer gtk gtk2 guile hbci icq ieee1394 imagemagick imap imlib imlib2 ipv6 irmc jabber jack jack-tmpfs java javascript jce jikes jpeg junit kde ladcca lcd lcms ldap lesstif libcaca libg++ libwww lirc live lua lzw-tiff mad maildir mailwrapper matroska mbox mcal md5sum memlimit mikmod mmap mmx mng monkey mono motif mozilla moznocompose moznoirc moznomail mozp3p mozsvg mpeg mpeg4 mpi msn mysql nas ncurses netcdf nls nptl nvidia oav objc offensive ofx oggvorbis opengl operanom2 oscar oss pam pda pdflib perl pic pie png postgres ppds pthreads python qt quicktime readline ruby samba sasl scanner sdl silc skey slang slp snmp speedo spell sse ssl svg svga tcltk tcpd tetex theora threads tiff transcode truetype type1 unicode usb v4l v4l2 vanilla vim-with-x virus-scan wmf wxwin wxwindows x86 xface xfs xgetdefault xine xinerama xml xml2 xmms xosd xprint xv xvid yahoo zlib"
Description: Yeah, this happens 'cause you previously had OpenSSH installed w/s/key. Unfortunately, the porter didn't notice setkeys is 600, thus the sandbox can't replace/update it. Quick fix: till a permanent workaround is in portage: temporarily chmod 777 /etc/skey/skeykeys (or delete it) and thy build shalt be complete ;-)
setting 777 on the file isnt the way to go ... plus that didnt fix anything on my machine ... this problem seems to step from the skey library ... the configure test is what fails ... look through the config.log and you'll see the ACCESS_DENIED message ... it happens when configure tries to build & run this bit of code: #include "stdio.h" #include "skey.h" int main() { (void)skeychallenge(NULL,"name","",0); }
Fixed in CVS, thanks!
