| 1 |
A few minutes ago, I discovered that I can't log into my firewall |
| 2 |
|
| 3 |
If I try SSH from inside, it gives me my login banner and immediately |
| 4 |
disconnects, without prompting for a password. This suggested to me that |
| 5 |
when trying to clean up the mess left by upgrading the shadow package |
| 6 |
yesterday (and first removing pam-login) as reccomended by a |
| 7 |
GLSA-200606-02, I left something incorrectly configured. |
| 8 |
|
| 9 |
If I try SSH from outside, the connection times out. I don't know why |
| 10 |
this happens - the iptables configuration should allow SSH connections |
| 11 |
from outside, and the timing suggests a problem before reaching the |
| 12 |
login or pam code. |
| 13 |
|
| 14 |
If I try to log in via a virtual TTY on a serial port, I get the message |
| 15 |
"*** glibc detected *** double free or corruption (!prev): 0x142e1cc8 |
| 16 |
***" (the address varies) after entering a username, but before entering |
| 17 |
a password. This suggests a problem with either the login or pam |
| 18 |
software; I can't see how a configuration error could cause this. |
| 19 |
|
| 20 |
If I try to log in via the system console, I get the same error as with |
| 21 |
the serial line. |
| 22 |
|
| 23 |
My firewall is running a tightly locked-down minimal install of Gentoo |
| 24 |
2005.1 with the hardened kernel and toolkit and all relavant security |
| 25 |
updates applied. I think that the kernel is 2.6.11-hardened-r15. Other |
| 26 |
than my inability to log in, it seems to be working - the DNS server is |
| 27 |
still responding, and it still seems to be forwarding packets correctly. |
| 28 |
The system has been up since some time in late august or early |
| 29 |
september 2005. |
| 30 |
|
| 31 |
I guess that the only way to get into the system and try to fix it is to |
| 32 |
reboot into single-user mode, but before I take it down for maintenance, |
| 33 |
I'd like to know if I'm dealing with a software problem or a |
| 34 |
configuration problem (since with my firewall down, I will have no way |
| 35 |
to look up more information from the Internet). Does anyone know what |
| 36 |
this error signifies in this context, or have any suggestions on how to |
| 37 |
recover? |
| 38 |
|
| 39 |
Thanks, |
| 40 |
Rennie deGraaf |
| 41 |
|
| 42 |
-- |
| 43 |
gentoo-user@g.o mailing list |
Archives