1 |
A few minutes ago, I discovered that I can't log into my firewall |
2 |
|
3 |
If I try SSH from inside, it gives me my login banner and immediately |
4 |
disconnects, without prompting for a password. This suggested to me that |
5 |
when trying to clean up the mess left by upgrading the shadow package |
6 |
yesterday (and first removing pam-login) as reccomended by a |
7 |
GLSA-200606-02, I left something incorrectly configured. |
8 |
|
9 |
If I try SSH from outside, the connection times out. I don't know why |
10 |
this happens - the iptables configuration should allow SSH connections |
11 |
from outside, and the timing suggests a problem before reaching the |
12 |
login or pam code. |
13 |
|
14 |
If I try to log in via a virtual TTY on a serial port, I get the message |
15 |
"*** glibc detected *** double free or corruption (!prev): 0x142e1cc8 |
16 |
***" (the address varies) after entering a username, but before entering |
17 |
a password. This suggests a problem with either the login or pam |
18 |
software; I can't see how a configuration error could cause this. |
19 |
|
20 |
If I try to log in via the system console, I get the same error as with |
21 |
the serial line. |
22 |
|
23 |
My firewall is running a tightly locked-down minimal install of Gentoo |
24 |
2005.1 with the hardened kernel and toolkit and all relavant security |
25 |
updates applied. I think that the kernel is 2.6.11-hardened-r15. Other |
26 |
than my inability to log in, it seems to be working - the DNS server is |
27 |
still responding, and it still seems to be forwarding packets correctly. |
28 |
The system has been up since some time in late august or early |
29 |
september 2005. |
30 |
|
31 |
I guess that the only way to get into the system and try to fix it is to |
32 |
reboot into single-user mode, but before I take it down for maintenance, |
33 |
I'd like to know if I'm dealing with a software problem or a |
34 |
configuration problem (since with my firewall down, I will have no way |
35 |
to look up more information from the Internet). Does anyone know what |
36 |
this error signifies in this context, or have any suggestions on how to |
37 |
recover? |
38 |
|
39 |
Thanks, |
40 |
Rennie deGraaf |
41 |
|
42 |
-- |
43 |
gentoo-user@g.o mailing list |