Applying FreeBSD-SA-09:07 broke PAM on 7.0
Toomas Aas
toomas.aas at raad.tartu.ee
Thu May 7 18:41:44 UTC 2009
Hello!
Finally I managed to find some time to apply the libc update to our server
running FreeBSD 7.0 i386. I applied the patch as described in the section
titled "To patch your present system:" of the advisory.
I didn't notice any errors during the entire process, but after it was
complete I could no longer log in, either via ssh or locally on the server
console. The following error messages were returned after entering the
login name on the console (the password prompt didn't even appear):
login: in openpam_load_module(): no pam_unix.so found
login: pam_start(): system error
pam_unix.so.4 was still present in /usr/lib and there was also a symlink to
it named pam_unix.so, as I saw after rebooting the server into single user
mode. ldd /usr/lib/pam_unix.so.4 seemed to correctly find all the needed
libraries.
Using the fixit CD I copied the original libc.so.7 from 7.0 installation
media to the system and this seems to have solved the problem, leaving me
to wonder how to actually deal with the security issue. My own thought at
this point is to bring in a fresh 7.2 source tree and rebuild everything,
but maybe someone knows a less involved solution? Sounds like something
else besides libc needs to be rebuilt, but what?
Just a couple of days ago I applied this patch to another system running
7.1, and there were no problems. I've been running and patching FreeBSD
since 2001 and never had such a strange problem with a security advisory!
--
Toomas Aas
More information about the freebsd-questions
mailing list