OpenSSH can not start and the system log shows grsec sending signal 11 to the sshd process Aug 28 03:09:07 charanda kernel: grsec: From 148.246.115.48: signal 11 sent to /vservers/hijo/usr/sbin/sshd[sshd:5111] uid/euid:0/0 gid/egid:0/0, parent /vservers/hijo/bin/bash[bash:14469] uid/euid:0/0 gid/egid:0/0 Reproducible: Always Steps to Reproduce: 1. emerge -u sshd 2. /usr/sbin/sshd 3. Actual Results: /usr/sbin/sshd Segmentation fault Expected Results: no segmentation fault Portage 2.0.50-r10 (hardened-x86-2004.0, gcc-3.3.4, glibc-2.3.3.20040420-r1, 2.4.27-grsec2.0.1-vs1.28) ================================================================= System uname: 2.4.27-grsec2.0.1-vs1.28 i686 Intel(R) Celeron(R) CPU 2.40GHz Gentoo Base System version 1.5.3 Autoconf: sys-devel/autoconf-2.59-r4 Automake: sys-devel/automake-1.8.5-r1 ACCEPT_KEYWORDS="x86 ~x86" AUTOCLEAN="yes" CFLAGS="-march=i686 -O3 -pipe" CHOST="i686-pc-linux-gnu" COMPILER="" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/share/config /var/bind /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-march=i686 -O3 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="autoaddcvs buildpkg ccache fixpackages nostrip sandbox sfperms strict userpriv usersandbox" GENTOO_MIRRORS="http://gentoo.osuosl.org http://distro.ibiblio.org/pub/Linux/distributions/gentoo" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/usr/src" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.namerica.gentoo.org/gentoo-portage" USE="apache2 berkdb chroot crypt curl debug erandom gd gif gmp hardened imap innodb jpeg libwww mbox mcal md5sum memlimit mmx mpeg mysql ncurses neural nls nptl pam pdflib perl pg-intdatetime pg-vacuumdelay pic pie png postgres python readline ruby sftplogging shaper slang softquota spell ssl tcpd threads tiff truetype unicode vhosts x86 xml xml2 zlib"
Something is wrong your ssh then. It's not a bug with hardened
Since this bug was rejected by hardened then this bug should belong to either Core system or Base layout. I am reopening the bug because it has got no solution... OpenSSH 3.8.1_p1-r2 and before run with no problems. The one that gets killed is 3.9_p1.
Can somebody please reassign this bug to the correct OpenSSH mainteiners? Sorry for reopening the bug, but it doesn't seem to be resolved.
Sandino Simply because you see grsec "logging" that your sshd is segfaulting does not mean that grsec is killing your sshd. In fact grsec does not really kill processes. Please read the read the grsec docs for more info. I know of one other person that something like this happened to but it was his fault as he failed to run etc-update after upgrading.
I have changed the summary to indicate that sshd segfaults for some reason. Now I dont't see the reason why not reassigning the bug to the OpenSSH mainteiners. The sshd just dies and I don't know how to fix it.
As solar pointed out: try updating your config files in /etc (with etc-update or dispatch-conf) if you have done so already and still using and old cfg, ry re-emerging openssh and do use the stock openssh config file. then check your cflags finally you can run (emerge strace first) strace sshd to get an idea or compile ssh without stripping the binary and (emerge gdb first) gdb /usr/sbin/sshd r (<= in gdb) after segfault type "bt" (<= means backtrace) see man gdb for more info hope this helps
Using the stock openssh config file fixed the problem....
changing resolution to INVALID
See this bug: http://bugs.gentoo.org/show_bug.cgi?id=65776
I looked at bug 65776 but I can't reproduce the segfault anymore.
