Summary: Login failure: /usr/lib/ too many open files

From: John Rams <>
Date: Sat Apr 26 2003 - 04:00:03 EDT
Thanks to Casper Dick, Rick Andersonand Alan Bradley.  Following are their
answers. It was badly delayed to summarize. And my bad is a colleague in that
remote site reinstalled OS from jumpstart without preserving the original
config for evaluation and debugging!

Casper's mail:

The error you see is typical for systems that have been hacked with a specific

You should reinstall or ssave the disk for forensic purposes. It likely
contains a few trojans.

Ric's mail:

Last box I saw with this symptom had been rooted.  You'll probably
find a secure shell (version 1) running on a high numbered port,
along with a password capture program.  run nmap against the
box and then telnet to anything that nmap finds listening to
see if the port in question responds with
SSH-other stuff-
If it does, format and reinstall, get the current patches in
-AND- add the following lines to /etc/system so the next
buffer overrun attack falls on the floor instead of getting in.
* Security fix - prevent execution on stack...
set noexec_user_stack=1
set noexec_user_stack_log=1
Be sure you reboot after changing /etc/system...

Alan's Mail:

There is a posting in the archives of a similar problem someone had:

There doesn't seem to be a resolution, but perhaps you could contact them
and see if they did manage to resolve it.

John Rams

> -----Original Message-----
> From:
> [] On Behalf Of
> Sent: Monday, April 07, 2003 3:32 PM
> To:
> Subject: Login failure: /usr/lib/ too many open files
> Managers:
> On an Ultra 60, i am getting following error. How would i
> logon to the system. FTP works with no problem. Tried to copy
> the shared object by ftp, no luck.
> What can i do to resolve without having to reinstall? May be
> booting from cdrom and copying contents of /usr file system.
> $ telnet <IP-address>
> Trying   <IP-address>
> Connected to <IP-address>.
> Escape character is '^]'.
> SunOS 5.8
> login: fatal: /usr/lib/ Too many open files
> Connection closed by foreign host.
> thanks
> John
sunmanagers mailing list
Received on Mon Apr 28 10:26:32 2003

This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:43:09 EST