On Wed, 13 Oct 2021 at 15:09, Darren Tucker <dtucker@xxxxxxxxxxx> wrote: > > On Wed, 13 Oct 2021 at 15:03, Darren Tucker <dtucker@xxxxxxxxxxx> wrote: > [...] > > monitor.h does not define a type 157. Debian's gssapi patch defines > > up to 153 and its selinux patch defines 154 so this is something else > > again. > > Looks like this is Debian's ConsoleKit patch: > > https://sources.debian.org/patches/openssh/1:6.7p1-5+deb8u4/consolekit.patch/ and assuming that's it, the problem is that the patch calls a monitor function from do_setup_env(0 which is called from do_child(), which is in the process forked off to run the user's shell (but before it's exec'ed the shell). You're not supposed to do that, and it causes a race condition when the parent (which *is* supposed to do that) is making monitor calls at the same time. Depending on which order the monitor requests are sent in and which order the child processes get CPU and read the responses you might see this or the inverse failure ("rtype 29 != type 157") or see it work. -- Darren Tucker (dtucker at dtucker.net) GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new) Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
