OpenSSH has some peculiar handling around command ...

[Filligree]

Reminds me that OpenSSH fails with some insane error indicating memory corruption if you try to run it with tcmalloc, which can happen by accident if you call it from a Python program that uses it.

(tcmalloc is commonly used to fix memory 'leaks' (fragmentation?) in Pytorch, so this happens a lot to me. At least, I've been bitten twice.)

It's hard to imagine what might be going on to make it sensitive to the details of malloc/free... and I'm not sure that I want to.

[citrin_ru]

It might be a good idea not to pass current environment (including LD_PRELOAD for tcmalloc) to security sensitive external commands.

[zeusk]

I̵t̵'̵s̵ ̵n̵o̵t̵ ̵a̵b̵o̵u̵t̵ ̵L̵D̵_̵P̵R̵E̵L̵O̵A̵D̵;̵ ̵m̵o̵r̵e̵ ̵l̵i̵k̵e̵ ̵y̵o̵u̵'̵r̵e̵ ̵c̵a̵l̵l̵i̵n̵g̵ ̵c̵l̵o̵n̵e̵ ̵i̵n̵ ̵p̵y̵t̵h̵o̵n̵ ̵p̵r̵o̵c̵e̵s̵s̵ ̵a̵n̵d̵ ̵t̵h̵e̵ ̵p̵r̵o̵c̵e̵s̵s̵ ̵a̵l̵r̵e̵a̵d̵y̵ ̵h̵a̵s̵ ̵t̵c̵m̵a̵l̵l̵o̵c̵ ̵o̵v̵e̵r̵r̵i̵d̵i̵n̵g̵ ̵m̵a̵l̵l̵o̵c̵ ̵i̵n̵ ̵t̵h̵e̵ ̵a̵d̵d̵r̵e̵s̵s̵ ̵s̵p̵a̵c̵e̵.̵

[AshamedCaptain]

This makes no sense. The moment you call exec the entire address space would go away.

[Filligree]

In this case it was about LD_PRELOAD. The behaviour is still surprising. I would've expected it to be a drop in replacement -- it is in most cases.

Sure, sanitizing the environment for process calls is doable, but this also means I can't use libssh2 at all.

[yjftsjthsd-h]

Hang on - you can't use libssh2, or openssh? They're totally separate projects

[Filligree]

I tried OpenSSH, libssh and libssh2. All three fail, though admittedly I don't know for sure this was the cause of failure for the two latter; they gave me no diagnostics.

They all worked fine without LD_PRELOAD though, so...

[bheadmaster]

OpenSSH security features are tightly coupled to the underlying OS. I remember reading the code and seeing how sshd forks and re-execs itself in order to leverage dynamic library address randomization in each connection. I wouldn't be surprised if there are some malloc/free-related tweaks in a similar manner.