authdaemond: dlerror: /lib/security/pam_foreground.so: undefined symbol: pam_set_data
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
| libpam-foreground (Ubuntu) |
Low
|
Kees Cook | ||
Bug Description
Binary package hint: libpam-foreground
I've recently installed OSSEC HIDS, which is a system notification daemon that automatically emails a preconfigured email address when significant system events occur. Now, I had this system up and running for just about an hour when I received my first email saying the following:
OSSEC HIDS Notification.
2006 Dec 18 17:31:38
Received From: ucmd->/
Rule: 1002 fired (level 7) -> "Unknown problem somewhere in the system."
Portion of the log(s):
authdaemond: PAM [dlerror: /lib/security/
--END OF NOTIFICATION
This was a shock, and I tried my darndess to figure out what it could be that's causing this problem, but to know avail. I've done crazy things like this:
chrisd@
000018dc A __bss_start
U close
000018dc A _edata
000018dc A _end
U __errno_location
U free
U ioctl
U malloc
U mkdir
U open
U pam_get_data
U pam_get_user
U pam_set_data
0000057b T pam_sm_acct_mgmt
0000056d T pam_sm_authenticate
00000582 T pam_sm_chauthtok
00000589 T pam_sm_
000005ce T pam_sm_open_session
00000574 T pam_sm_setcred
U sprintf
U unlink
U __xstat
But I'm not even sure what the letters mean on the left or what I'm looking for. I think that they are functions, but that's all I really know for now. I've downloaded and installed a prior version of libpam-
I'm completely and utterly stumped. Any advice/
Thank you all very much,
JunkNode
didier (did447-deactivatedaccount) wrote : | #1 |
Changed in libpam-foreground: | |
status: | Unconfirmed → Confirmed |
Roberto Scelzo (robertoscelzo) wrote : | #2 |
Hi didier,
I've got the same problem on a fresh installed server (6.10-amd64) with courier-imap-ssl;
I followed your hint (I have only one occurrence of pam_foreground.so in /etc/common-
Bohdan Kmit' (mit) wrote : | #3 |
Small patch for this bug made on feisty
Bohdan Kmit' (mit) wrote : | #4 |
Small patch for this bug made on feisty
Fabien Tassin (fta) wrote : | #5 |
Same problem here on Gutsy with courier-imap-ssl.
May 27 01:05:27 ix authdaemond: PAM unable to dlopen(
May 27 01:05:27 ix authdaemond: PAM [dlerror: /lib/security/
May 27 01:05:27 ix authdaemond: PAM adding faulty module: /lib/security/
Patch provided by Bohdan fixed it.
Kees Cook (kees) wrote : | #6 |
Thanks for this patch! I've applied it and the build is happening now.
Changed in libpam-foreground: | |
assignee: | nobody → keescook |
status: | Confirmed → Fix Committed |
importance: | Undecided → Low |
Sybrand (sybrand-dok72) wrote : | #7 |
I'm also having same problem. But being kind of newbe to linux i was wondering how to apply this path ??
Kees Cook (kees) wrote : | #8 |
Attached is the final debdiff. For instructions on using this, please see:
https:/
Changed in libpam-foreground: | |
status: | Fix Committed → Fix Released |
Thomas Ohms (tohms) wrote : | #9 |
Kees, could you release me the whole deb-package as I don't have Feisty on my local system anymore and don't like to start compiling on my productive system?!
Cheers,
Thomas
Thomas Ohms (tohms) wrote : | #10 |
Or does anyone else have a built package?!
Kees Cook (kees) wrote : | #11 |
Feisty is 2 releases behind current, so this is unlikely to make SRU. Developer attention is focused on Intrepid now. If you need your own package built, please see the "BuildFromDebdiff" link above.
Thomas Ohms (tohms) wrote : | #12 |
So does that mean you don't have a package?!
Kees Cook (kees) wrote : | #13 |
Correct. It was fixed in Gutsy and forward.
digitalage (iulmit) wrote : | #14 |
Hi everyone and thanks for support. I use to get good informations on Launchpad.net on several issues, however, in few times, I was in the position that I got clear informations about the issue but sadly it didn't help me solve it. It would be very helpful if someone could guide me on applying the patch provided above. I wasn't able to follow the guide on BuildFromDebdiff page (Kees' suggestion) and I'll be very happy if someone could bring some light here, as I'm not the only one in this situation - I've seen threads on ubuntuforums and other forums.
Kees, if you're still around, in your .debdiff file I see paths /tmp/pvr04DowCb
- download your patch (wget http://
- download the source file (apt-get source libpam-foreground)
- extract the tar.gz source file (tar -xvf libpam-
- enter extracted directory (cd libpam-
- run the command "patch -p1 < ../libpam-
Whenever I try to apply the patch, I get the following:
can't find file to patch at input line 4
Perhaps you used the wrong -p or --strip option?
The text leading up to this was:
-------
|diff -Nru /tmp/pvr04DowCb
|--- /tmp/pvr04DowCb
|+++ /tmp/7r5OcF8D3r
-------
File to patch:
Please tell me if I'm doing smth wrong. It would be great if someone could advise me.
Kees Cook (kees) wrote : Re: [Bug 76364] Re: authdaemond: dlerror: /lib/security/pam_foreground.so: undefined symbol: pam_set_data | #15 |
Hi,
On Sun, Jan 04, 2009 at 12:12:26AM -0000, digitalage wrote:
> can't find file to patch at input line 4
> Perhaps you used the wrong -p or --strip option?
The command you ran had, I think, "-p1" in it. Try increasing this number
until the patch applies (I suspect you'll probably need -p3).
--
Kees Cook
Ubuntu Security Team
digitalage (iulmit) wrote : | #16 |
Thanks Kees, your tip allowed me to apply the patch with parameter "-p4". For other readers, I'll post the procedure exactly the way it worked for me, as in my previous post I missed something. So, here is the procedure:
- download your file (wget http://
- download the patch (wget http://
- download the source file (apt-get source libpam-foreground), save it to /tmp
- extract the tar.gz source file (tar -xvf libpam-
- enter extracted directory (cd libpam-
- run the command "patch -p1 < ../libpam-
If this command does not work for you, try other options as Kees suggested above.
However, I was pissed off of this message in log and I deactivated somehow (I guess in /etc/pam.d), but I don't remember how so I cannot make the change back and verify whether this patch removed the error in log or no. I can only say I was able to run the fix and check it other time if i'll run into this issue (at least I know how to do it).
libpam- foreground. so is not compiled with the right options (it needs glibc.so and libpam.so but it's not linked against them).
It works most of the time because glibc.so and libpam.so are loaded at run time by something else, but not in your case or not in the right order.
I'm guessing you're using courier, I don't so I'm not sure but as a workaround:
you can grep for pam_foreground.so in /etc/pam.d/ and comment it.
If there's only one in /etc/pam. d/common- session don't remove it! In this case you need to replace the line
@include common-session
in /etc/pam.d/imap and maybe others with
session required pam_unix.so
Anyway in my understanding for no interactive session pam_foreground does nothing.
> But I'm not even sure what the letters mean on the left or what I'm
> looking for. I think that they are functions, but that's all I really
U undefined in this file, ie need another library.
T defined.