Applying FreeBSD-SA-09:07 broke PAM on 7.0

[Toomas Aas]

Hello!

Finally I managed to find some time to apply the libc update to our server 
running FreeBSD 7.0 i386. I applied the patch as described in the section 
titled "To patch your present system:" of the advisory.

I didn't notice any errors during the entire process, but after it was 
complete I could no longer log in, either via ssh or locally on the server 
console. The following error messages were returned after entering the 
login name on the console (the password prompt didn't even appear):

login: in openpam_load_module(): no pam_unix.so found
login: pam_start(): system error

pam_unix.so.4 was still present in /usr/lib and there was also a symlink to 
it named pam_unix.so, as I saw after rebooting the server into single user 
mode. ldd /usr/lib/pam_unix.so.4 seemed to correctly find all the needed 
libraries.

Using the fixit CD I copied the original libc.so.7 from 7.0 installation 
media to the system and this seems to have solved the problem, leaving me 
to wonder how to actually deal with the security issue. My own thought at 
this point is to bring in a fresh 7.2 source tree and rebuild everything, 
but maybe someone knows a less involved solution? Sounds like something 
else besides libc needs to be rebuilt, but what?

Just a couple of days ago I applied this patch to another system running 
7.1, and there were no problems. I've been running and patching FreeBSD 
since 2001 and never had such a strange problem with a security advisory!

-- 
Toomas Aas