[arch-dev-public] WARNING: openntpd upgrade breaks openssh on next restart

Vesa Kaihlavirta vpkaihla at gmail.com
Mon Nov 2 02:48:08 EST 2009


I made a screwup on the openntpd package which nastily reveals a
weakness in openssh and filesystems. I moved away from using
/var/empty/ as a privsep directory, and removed the directory from the
package. But since it's empty, it got removed from the system as well
in the upgrade.

So if you're using openntpd and openssh, BE EXTRA CAREFUL with your
next upgrade. openssh does not start if /var/empty/ is not there.

Quick fix: after doing pacman -Suy, do mkdir /var/empty as root.

Longer fix: openssh, or perhaps the filesystems package should create
/var/empty/ and put a hidden file in it so idiots like me won't cause
accidents in the future.


More information about the arch-dev-public mailing list