[arch-dev-public] WARNING: openntpd upgrade breaks openssh on next restart

Roman Kyrylych roman.kyrylych at gmail.com
Mon Nov 2 03:25:52 EST 2009


On Mon, Nov 2, 2009 at 09:48, Vesa Kaihlavirta <vpkaihla at gmail.com> wrote:
> Hey,
>
> I made a screwup on the openntpd package which nastily reveals a
> weakness in openssh and filesystems. I moved away from using
> /var/empty/ as a privsep directory, and removed the directory from the
> package. But since it's empty, it got removed from the system as well
> in the upgrade.
>
> So if you're using openntpd and openssh, BE EXTRA CAREFUL with your
> next upgrade. openssh does not start if /var/empty/ is not there.
>
> Quick fix: after doing pacman -Suy, do mkdir /var/empty as root.
>
> Longer fix: openssh, or perhaps the filesystems package should create
> /var/empty/ and put a hidden file in it so idiots like me won't cause
> accidents in the future.

Correction: the latest openssh package (3.5p1-2)
works around missing /var/empty by creating it in rc.d daemon.


P.S.:
I'm not sure putting a hidden file in /var/empty is not against it's purpose
(which I suppose is "to be empty").
We are discussing ways to eliminate the problem completely.

-- 
Roman Kyrylych (Роман Кирилич)


More information about the arch-dev-public mailing list