Applying FreeBSD-SA-09:07 broke PAM on 7.0

Toomas Aas toomas.aas at
Thu May 7 18:41:44 UTC 2009


Finally I managed to find some time to apply the libc update to our server 
running FreeBSD 7.0 i386. I applied the patch as described in the section 
titled "To patch your present system:" of the advisory.

I didn't notice any errors during the entire process, but after it was 
complete I could no longer log in, either via ssh or locally on the server 
console. The following error messages were returned after entering the 
login name on the console (the password prompt didn't even appear):

login: in openpam_load_module(): no found
login: pam_start(): system error was still present in /usr/lib and there was also a symlink to 
it named, as I saw after rebooting the server into single user 
mode. ldd /usr/lib/ seemed to correctly find all the needed 

Using the fixit CD I copied the original from 7.0 installation 
media to the system and this seems to have solved the problem, leaving me 
to wonder how to actually deal with the security issue. My own thought at 
this point is to bring in a fresh 7.2 source tree and rebuild everything, 
but maybe someone knows a less involved solution? Sounds like something 
else besides libc needs to be rebuilt, but what?

Just a couple of days ago I applied this patch to another system running 
7.1, and there were no problems. I've been running and patching FreeBSD 
since 2001 and never had such a strange problem with a security advisory!

Toomas Aas

More information about the freebsd-questions mailing list