authdaemond: dlerror: /lib/security/pam_foreground.so: undefined symbol: pam_set_data

Bug #76364 reported by JunkNode on 2006-12-18
44
Affects Status Importance Assigned to Milestone
libpam-foreground (Ubuntu)
Low
Kees Cook
Declined for Feisty by Kees Cook

Bug Description

Binary package hint: libpam-foreground

I've recently installed OSSEC HIDS, which is a system notification daemon that automatically emails a preconfigured email address when significant system events occur. Now, I had this system up and running for just about an hour when I received my first email saying the following:

OSSEC HIDS Notification.
2006 Dec 18 17:31:38

Received From: ucmd->/var/log/syslog
Rule: 1002 fired (level 7) -> "Unknown problem somewhere in the system."
Portion of the log(s):

authdaemond: PAM [dlerror: /lib/security/pam_foreground.so: undefined symbol: pam_set_data]

 --END OF NOTIFICATION

This was a shock, and I tried my darndess to figure out what it could be that's causing this problem, but to know avail. I've done crazy things like this:

chrisd@ucmd:/usr/src$ nm -D /lib/security/pam_foreground.so
000018dc A __bss_start
         U close
000018dc A _edata
000018dc A _end
         U __errno_location
         U free
         U ioctl
         U malloc
         U mkdir
         U open
         U pam_get_data
         U pam_get_user
         U pam_set_data
0000057b T pam_sm_acct_mgmt
0000056d T pam_sm_authenticate
00000582 T pam_sm_chauthtok
00000589 T pam_sm_close_session
000005ce T pam_sm_open_session
00000574 T pam_sm_setcred
         U sprintf
         U unlink
         U __xstat

But I'm not even sure what the letters mean on the left or what I'm looking for. I think that they are functions, but that's all I really know for now. I've downloaded and installed a prior version of libpam-foreground.so (0.2) and it still didn't work. I then proceeded to re-install libpam-foreground (0.3), which still didn't work. Then I got creative and tried that 'nm -D' command with /lib/libpam.so.0 and it showed that it had the proper function (pam_set_data). I tried creating a symbolic link to /lib/libpam.so.0, I then kept getting the same message except now it would say that it couldn't open the shared object or something to that effect.

I'm completely and utterly stumped. Any advice/assistance/bug-fix (given that libpam-foreground is even at fault) would be great.

Thank you all very much,

JunkNode

libpam-foreground.so is not compiled with the right options (it needs glibc.so and libpam.so but it's not linked against them).

It works most of the time because glibc.so and libpam.so are loaded at run time by something else, but not in your case or not in the right order.

I'm guessing you're using courier, I don't so I'm not sure but as a workaround:
you can grep for pam_foreground.so in /etc/pam.d/ and comment it.

If there's only one in /etc/pam.d/common-session don't remove it! In this case you need to replace the line
@include common-session
in /etc/pam.d/imap and maybe others with
session required pam_unix.so
Anyway in my understanding for no interactive session pam_foreground does nothing.

> But I'm not even sure what the letters mean on the left or what I'm
> looking for. I think that they are functions, but that's all I really
U undefined in this file, ie need another library.
T defined.

Changed in libpam-foreground:
status: Unconfirmed → Confirmed
Roberto Scelzo (robertoscelzo) wrote :

Hi didier,

I've got the same problem on a fresh installed server (6.10-amd64) with courier-imap-ssl;
I followed your hint (I have only one occurrence of pam_foreground.so in /etc/common-session) but nothing changed....anyway everything seems working fine even if authdaemond keeps on returning that error message when users connect to their own imap mailbox.

Bohdan Kmit' (mit) wrote :

Small patch for this bug made on feisty

Bohdan Kmit' (mit) wrote :

Small patch for this bug made on feisty

Fabien Tassin (fta) wrote :

Same problem here on Gutsy with courier-imap-ssl.

May 27 01:05:27 ix authdaemond: PAM unable to dlopen(/lib/security/pam_foreground.so)
May 27 01:05:27 ix authdaemond: PAM [dlerror: /lib/security/pam_foreground.so: undefined symbol: pam_set_data]
May 27 01:05:27 ix authdaemond: PAM adding faulty module: /lib/security/pam_foreground.so

Patch provided by Bohdan fixed it.

Kees Cook (kees) wrote :

Thanks for this patch! I've applied it and the build is happening now.

Changed in libpam-foreground:
assignee: nobody → keescook
status: Confirmed → Fix Committed
importance: Undecided → Low
Sybrand (sybrand-dok72) wrote :

I'm also having same problem. But being kind of newbe to linux i was wondering how to apply this path ??

Kees Cook (kees) wrote :

Attached is the final debdiff. For instructions on using this, please see:

https://wiki.ubuntu.com/UbuntuPackagingGuide/BuildFromDebdiff

Changed in libpam-foreground:
status: Fix Committed → Fix Released
Thomas Ohms (tohms) wrote :

Kees, could you release me the whole deb-package as I don't have Feisty on my local system anymore and don't like to start compiling on my productive system?!

Cheers,
Thomas

Thomas Ohms (tohms) wrote :

Or does anyone else have a built package?!

Kees Cook (kees) wrote :

Feisty is 2 releases behind current, so this is unlikely to make SRU. Developer attention is focused on Intrepid now. If you need your own package built, please see the "BuildFromDebdiff" link above.

Thomas Ohms (tohms) wrote :

So does that mean you don't have a package?!

Kees Cook (kees) wrote :

Correct. It was fixed in Gutsy and forward.

digitalage (iulmit) wrote :

Hi everyone and thanks for support. I use to get good informations on Launchpad.net on several issues, however, in few times, I was in the position that I got clear informations about the issue but sadly it didn't help me solve it. It would be very helpful if someone could guide me on applying the patch provided above. I wasn't able to follow the guide on BuildFromDebdiff page (Kees' suggestion) and I'll be very happy if someone could bring some light here, as I'm not the only one in this situation - I've seen threads on ubuntuforums and other forums.

Kees, if you're still around, in your .debdiff file I see paths /tmp/pvr04DowCb/libpam-foreground-0.3/debian/control and /tmp/7r5OcF8D3r/libpam-foreground-0.3/debian/control. Using the guide on BuildFromDebdiff page, I have no clue how to get directories such pvr04DowCb or 7r5OcF8D3r, to which your patch refers to. This is what I do:
- download your patch (wget http://launchpadlibrarian.net/7755823/Makefile.patch)
- download the source file (apt-get source libpam-foreground)
- extract the tar.gz source file (tar -xvf libpam-foreground_0.3.tar.gz)
- enter extracted directory (cd libpam-foreground-0.3)
- run the command "patch -p1 < ../libpam-foreground_0.3-0ubuntu1.debdiff"
Whenever I try to apply the patch, I get the following:

can't find file to patch at input line 4
Perhaps you used the wrong -p or --strip option?
The text leading up to this was:
--------------------------
|diff -Nru /tmp/pvr04DowCb/libpam-foreground-0.3/Makefile /tmp/7r5OcF8D3r/libpam-foreground-0.3/Makefile
|--- /tmp/pvr04DowCb/libpam-foreground-0.3/Makefile 2006-05-11 03:41:51.000000000 -0700
|+++ /tmp/7r5OcF8D3r/libpam-foreground-0.3/Makefile 2007-06-21 13:05:32.000000000 -0700
--------------------------
File to patch:

Please tell me if I'm doing smth wrong. It would be great if someone could advise me.

Hi,

On Sun, Jan 04, 2009 at 12:12:26AM -0000, digitalage wrote:
> can't find file to patch at input line 4
> Perhaps you used the wrong -p or --strip option?

The command you ran had, I think, "-p1" in it. Try increasing this number
until the patch applies (I suspect you'll probably need -p3).

--
Kees Cook
Ubuntu Security Team

digitalage (iulmit) wrote :

Thanks Kees, your tip allowed me to apply the patch with parameter "-p4". For other readers, I'll post the procedure exactly the way it worked for me, as in my previous post I missed something. So, here is the procedure:

- download your file (wget http://launchpadlibrarian.net/8187075/libpam-foreground_0.3-0ubuntu1.debdiff), save it to /tmp
- download the patch (wget http://launchpadlibrarian.net/7755823/Makefile.patch), save it to /tmp, (I'm not sure it's really necessary, but it's it was there)
- download the source file (apt-get source libpam-foreground), save it to /tmp
- extract the tar.gz source file (tar -xvf libpam-foreground_0.3.tar.gz)
- enter extracted directory (cd libpam-foreground-0.3)
- run the command "patch -p1 < ../libpam-foreground_0.3-0ubuntu1.debdiff"

If this command does not work for you, try other options as Kees suggested above.

However, I was pissed off of this message in log and I deactivated somehow (I guess in /etc/pam.d), but I don't remember how so I cannot make the change back and verify whether this patch removed the error in log or no. I can only say I was able to run the fix and check it other time if i'll run into this issue (at least I know how to do it).

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers