Patch-ID# 101178-01
Keywords: C2-BSM crt.o trap.o uword.o locore.o integer umul udiv sdiv crashme security
Synopsis: C2-BSM 4.1.2: SPARC Integer division/multiplication bug 
can be used to gain root; simulating unimplemented instructions will give 
bad traps
Date: Sep/09/93
 
SunOS release: 4.1.2 
 
Unbundled Product: C2/BSM
 
Unbundled Release: 4.1.2
 
Topic: security fix for integer division/mult on SPARC architectures, fix for sdiv
 
BugId's fixed with this patch: 1032053 1069072 1071053 1082751

Changes incorporated in this version:  

	This is the C2-BSM version of SunOS 4.1.2 patchid 100376-04.

Architectures for which this patch is available: sun4, sun4c, sun4m: SPARC 
only bug

Patches which may conflict with this patch: 100109-02 (obsoleted)

BSM patch must be installed on the target system:


Obsoleted by:

Problem Description: Integer division/mult on sparc can be used to gain root 
access; simulating unimplemented instructions will give bad traps.  This patch
both obsoletes and is incompatible with patch 100109-02.

BugId 1032053:  getreg should use fuword() when simulating instructions
BugId 1069072:  Integer division on sparc can be used to gain root access
BugId 1071053:  Integer multiplication on sparc can be used to gain root access
BugId 1082751:  segmentation violation caused by sdiv, udiv


INSTALL: 

Note that the install instructions are different for SunOS 4.1.2, sun4m kernel
architecture.  For this OS/arch, refer to the separate section below for 
installing this version.  The installation instructions for all other versions
follows:

=============================================================================

Installation instructions for all versions EXCEPT SunOS 4.1.2, sun4m.  For
this version refer to the instructions that follow this section.


As root:
For your correct OS version, and architecture type:

mv /sys/`arch -k`/OBJ/trap.o /sys/`arch -k`/OBJ/trap.o.OLD
mv /sys/`arch -k`/OBJ/crt.o /sys/`arch -k`/OBJ/crt.o.OLD
mv /sys/`arch -k`/OBJ/uword.o /sys/`arch -k`/OBJ/uword.o.OLD
cp `arch -k`/4.1.2/trap.o /sys/`arch -k`/OBJ/trap.o
cp `arch -k`/4.1.2/crt.o /sys/`arch -k`/OBJ/crt.o
cp `arch -k`/4.1.2/uword.o /sys/`arch -k`/OBJ/uword.o

A new kernel will need to be configured (/etc/config), made, and installed.
Please refer to the System and Network Administration Manual on building and
configuring a custom kernel.


=============================================================================

Installation instructions for SunOS 4.1.2, sun4m.  For all other versions
refer to the instructions that precede this section.

This version requires changes made by patch 100542-04 (IPI - Galaxy jumbo 
patch).  Obtain patch 100542-04 and follow the instructions for its
installation; however, loading trap.o and configuring a new kernel are 
not necessary.  This will be done as part of the installation for this
patch.

Now, for this patch (100376-04), follow the following instructions as root:

mv /sys/sun4m/OBJ/trap.o /sys/sun4m/OBJ/trap.o.OLD
mv /sys/sun4m/OBJ/crt.o /sys/sun4m/OBJ/crt.o.OLD
mv /sys/sun4m/OBJ/uword.o /sys/sun4m/OBJ/uword.o.OLD
cp sun4m/4.1.2/trap.o /sys/sun4m/OBJ/trap.o
cp sun4m/4.1.2/crt.o /sys/sun4m/OBJ/crt.o
cp sun4m/4.1.2/uword.o /sys/sun4m/OBJ/uword.o
 
A new kernel will need to be configured (/etc/config), made, and installed.
Please refer to the System and Network Administration Manual on building and
configuring a custom kernel.