Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 5 Jan 2023 22:57:45 -0800
From:      Xin Li <delphij@delphij.net>
To:        grarpamp <grarpamp@gmail.com>, freebsd-current@freebsd.org
Cc:        freebsd-security@freebsd.org
Subject:   Re: cant login after make installworld: pam_opie.so.6 not found
Message-ID:  <44346488-85be-825c-4a42-1de3f701c3f4@delphij.net>
In-Reply-To: <CAD2Ti283uxj0PoL-N7OdXawK3Qx%2Bm2rt%2Bne1XnCC6WJSbCEdGA@mail.gmail.com>
References:  <CP6P284MB19005029976B118AB19D106DCBF49@CP6P284MB1900.BRAP284.PROD.OUTLOOK.COM> <Y7SikCXbws9OzgNt@albert.catwhisker.org> <CP6P284MB19006490A396B9B323AC1CF2CBF49@CP6P284MB1900.BRAP284.PROD.OUTLOOK.COM> <CAD2Ti283uxj0PoL-N7OdXawK3Qx%2Bm2rt%2Bne1XnCC6WJSbCEdGA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On 2023-01-04 6:59 PM, grarpamp wrote:
>>> looks like the "make delete-old-libs" has deleted that lib pam_opie.so.6
>>> and now I cannot pass the login prompt
>>> says the error "pam_opie.so: not found
> 
>>> how can I get it back? I tried everything and nothing brought it back
> 
>> commit 0aa2700123e22c2b0a977375e087dc2759b8e980
>> Differential Revision: https://reviews.freebsd.org/D36592
> 
> This appeared as perhaps an arbitrary deletion change for some
> unknown non-discussed reason. Someone else posted the problems,
> user features, and alternatives that would preserve and update use of
> OPIE options for FreeBSD users, but again, no one discussed.

Security team has discussed this a decade ago.  See 
https://www.miknet.net/security/skey-dungeon-attack/ for technical details.

And this could have been avoided if user have followed source upgrade 
instructions by performing mergemaster or etcupdate *before* make 
delete-old{-libs}, which is well documented in /usr/src/UPDATING and I 
quote it here:

	To upgrade in-place from stable to current
	----------------------------------------------
	<make sure you have good level 0 dumps>
	make buildworld                                 [9]
	make buildkernel KERNCONF=YOUR_KERNEL_HERE      [8]
	make installkernel KERNCONF=YOUR_KERNEL_HERE
                                                         [1]
	<reboot in single user>                         [3]
	etcupdate -p                                    [5]
	make installworld
	etcupdate -B                                    [4]
	make delete-old                                 [6]
	<reboot>

The order here is very important.

Cheers,

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44346488-85be-825c-4a42-1de3f701c3f4>