I just found in /var/log/messages the following: Jul 4 13:38:49 aquarius [drm] Initialized drm 1.0.0 20040925 Jul 4 13:38:49 aquarius ACPI: PCI Interrupt 0000:01:00.0[A] -> GSI 16 (level, low) -> IRQ 16 Jul 4 13:38:49 aquarius [drm] Initialized radeon 1.16.0 20050311 on minor 0: ATI Technologies Inc RV280 [Radeon 9200] Jul 4 13:38:49 aquarius agpgart: Found an AGP 3.0 compliant device at 0000:00:00.0. Jul 4 13:38:49 aquarius agpgart: Putting AGP V3 device at 0000:00:00.0 into 4x mode Jul 4 13:38:49 aquarius agpgart: Putting AGP V3 device at 0000:01:00.0 into 4x mode Jul 4 13:38:49 aquarius [drm] Loading R200 Microcode Jul 4 13:40:01 aquarius cron[18983]: (root) CMD (test -x /usr/sbin/run-crons && /usr/sbin/run-crons ) Jul 4 13:41:59 aquarius : PAM unable to dlopen(/lib/security/pam_console.so) Jul 4 13:41:59 aquarius : PAM [dlerror: /lib/security/pam_console.so: cannot open shared object file: No such file or directo ry] Jul 4 13:41:59 aquarius : PAM adding faulty module: /lib/security/pam_console.so Jul 4 13:41:59 aquarius xdm(pam_unix)[18900]: session opened for user mmokrejs by (uid=0) The file is really not installed. I use pam-0.78-r2. # grep pam_console /etc/pam.d/* /etc/pam.d/kde:session optional pam_console.so /etc/pam.d/kde-np:session optional pam_console.so /etc/pam.d/login:# If you want to enable pam_console, uncomment the following line /etc/pam.d/login:# and read carefully README.pam_console in /usr/share/doc/pam* /etc/pam.d/login:#session optional /lib/security/pam_console.so /etc/pam.d/xdm:session optional pam_console.so /etc/pam.d/xserver:#auth required pam_console.so # # emerge info Portage 2.0.51.22-r1 (default-linux/x86/2005.0, gcc-3.4.4, glibc-2.3.5-r0, 2.6.13-rc1 i686) ================================================================= System uname: 2.6.13-rc1 i686 Intel(R) Pentium(R) 4 CPU 3.00GHz Gentoo Base System version 1.6.12 ccache version 2.4 [disabled] dev-lang/python: 2.3.5, 2.4.1-r1 sys-apps/sandbox: 1.2.8 sys-devel/autoconf: 2.13, 2.59-r7 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.5 sys-devel/binutils: 2.16.1 sys-devel/libtool: 1.5.18-r1 virtual/os-headers: 2.4.19-r1, 2.6.11-r2 ACCEPT_KEYWORDS="x86 ~x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-march=pentium4 -O0 -ggdb" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3.3/env /usr/kde/3.3/share/config /usr/kde/3.3/shutdown /usr/kde/3.4/env /usr/kde/3.4/share/config /usr/kde/3.4/shutdown /usr/kde/3/share/config /usr/lib/X11/xkb /usr/share/config /var/bind /var/qmail/alias /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/texmf/web2c /etc/env.d" CXXFLAGS="-march=pentium4 -O0 -ggdb" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig distcc distlocks sandbox sfperms strict" GENTOO_MIRRORS="ftp://ftp.muni.cz/pub/linux/gentoo http://gentoo.mirror.icd.hu/ http://ftp-stud.fht-esslingen.de/pub/Mirrors/gentoo/ http://gd.tuwien.ac.at/opsys/linux/gentoo/ ftp://ftp.tu-clausthal.de/pub/linux/gentoo/" LINGUAS="cs cz en" MAKEOPTS="-j1" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="x86 X Xaw3d aalib acpi adns afs alsa apache2 apm arts ati avcodec avi bidi bitmap-fonts bonobo caca cdparanoia crypt cscope cups curl dba debug dga directfb distcc divx divx4 divx4linux divx5 divx5linux dv dvb dvd dvdr dvdread emacs emacs-w3 emboss encode esd ethereal evo f77 faac faad faad2 fam fame fbcon ffmpeg flac flash foomaticdb fortran fvwm fvwm2 gb gd gdbm ggi gif gphoto2 gpm gstreamer gtk gtk2 gtkhtml guile i8x0 icc imagemagick imlib imlib2 innodb java jpeg junit lcms leim libg++ libwww live lpthread lzo lzw-tiff mad mcal mesa mikmod mmx mmx2 motif mozilla mp3 mpeg mule mysql ncurses network nls nptl ogg oggvorbis opengl oss pam pda pdflib perl php php4 plotutils png ppds pthread pthreads python qt qtx quicktime readline rtc samba scanner sdl slang slp speex spell sse sse2 sse3 ssl svga tcltk tcpd tetex tex theora thread threads tiff truetype truetype-fonts type1-fonts unicode usb v4l v4l2 vorbis win32 winvidix wmf xine xml xml2 xmms xosd xv xvid xvmc yv12 zeo zlib video_cards_radeon linguas_cs linguas_cz linguas_en userland_GNU kernel_linux elibc_glibc" Unset: ASFLAGS, CTARGET, LANG, LC_ALL, LDFLAGS
Not a vulnerability, reassigning to PAM team. May be related to bug 31877 though...
Reassigning to X11 team, it's not a problem with pam. X11: I'll fix pamd_mimic_system to create pam-0.77 compatible pamd files, you probably want to use that to create /etc/pam.d/xdm.
We do not want to use pam_console with 2.6 kernels and udev any longer, so please just comment those lines until the X team removes them.
Since X clearly does have to retain compat with 2.4, what would you like us to do here?
Who's using 2.4 should be able to put pam_console there, in case just add a commented line which can be just uncommented to enable. Still, it shouldn't be an issue neither on 2.4 as devfs can easily take care of those settings anyway.
*** Bug 98458 has been marked as a duplicate of this bug. ***
Just for clarity, using pam_console or not is not related to using devfs or udev. One can have pam_console enabled or disabled and everything will work with both udev and devfs. In fact, we want to disable pam_console by default for everyone, when using udev it is just more evident that pam_console is not much useful. So you can safely remove the references to pam_console in newer versions of xdm.pamd.
This has been fixed for the modular xdm package btw.
Is anything in portage still doing this?
Think xdm and one apache modulare are the last ones.
xdm in which xorg version?
6.8.99.15-r? here still use it.
Is it really important to you that these Xorg versions are fixed? They're just going to be dropped sooner or later anyway...
Both stable and unstable users get a sys-libs/pam without pam_console. Having pam_console in required makes it impossible to use xdm by default.
6.8.2: files/xdm.pamd:session optional pam_console.so files/xserver.pamd:#auth required pam_console.so The same is true for 6.8.99.15. What are you looking at that's different?
Sorry just grepped for pam_console, it's usually as required as it doesn't work anyway otherwise. So there's no point in leaving pam_console line there anyway.
These lines don't exist in modular at all...I don't think rolling out new filesets for Xorg to get rid of commented lines is necessary at this point. Donnie?
(In reply to comment #17) > These lines don't exist in modular at all...I don't think rolling out new > filesets for Xorg to get rid of commented lines is necessary at this point. Donnie? Might as well do it next time changes are made to the respective versions, but I wouldn't rush.
Alright, I marked with an Inclusion keyword so we'll look at it.
just a clarification to any gentoo user which is getting this error (/lib64 here 'cause i am using amd64 but that is arch dependant): Oct 31 01:28:11 laptop : PAM [dlerror: /lib64/security/pam_console.so: cannot open shared object file: No such file or directory] it is not really a problem as it is being triggered by the following optional configuration (/etc/pam.d/xdm) session optional pam_console.so and which is failing because pam_console.so doesn't get compiled by default in the pam ebuild (unless USE="pam_console" is added) and because pam_console's use is meant to be deprecated in favor of udev/devfs managing of console permissions where possible. in order to get rid of the annoying message just comment the above line, no functionality will be lost because of that.
6.8.2 won't be receiving any more non-security changes, and this bug is fixed in 7.0.