Patch-ID# 101710-01
Keywords: security, dump, in.comsat, in.talkd, shutdown, syslogd, write 
Synopsis: ONLINE DISKSUITE (ODS) 1.0: Security update for dump. 
Date: Apr/22/94

Solaris Release: 1.1 

SunOS Release: 4.1.3C 4.1.3 4.1.2

Unbundled Product: ONLINE DISKSUITE (ODS)

Unbundled Release: 1.0

Relevant Architectures: sun4(all)

BugId's fixed with this patch: 1140162 1063519

Xref: Patch 100593 is the non_ODS version of this patch.

Patches accumulated and obsoleted by this patch: 

Patches which conflict with this patch: 

Patches required with this patch: 100272(-07+) 100909(-02+) 101480 101481 101482

Obsoleted by:

Files included with this patch: dump

Problem Description: 

   1140162 Several programs, as originally shipped, could be exploited in an
           obscure way to gain root access.

   1063519 If a level 0 dump is performed with the achive file option (a) then 
	   a 'restore ta' will work just fine. If the dump is an incremental or 
	   partial dump, then restore fails with 'Cannot find file removal list'
           and restore terminates.

Patch Installation Instructions: 

   1) Login as root.

   2) Make a backup copy of the old file (if you have installed any of the
      earlier patch revisions, you may wish to save under another name):
	mv /usr/etc/dump /usr/etc/dump.fcs

   3) Change the permissions on the saved file to prevent its execution:
	chmod 400 /usr/etc/dump.fcs

   4) Copy in the patched file:
	cp sun4/`uname -r`/dump /usr/etc/dump

   5) Set ownership & permissions:
	chown root /usr/etc/dump
	chgrp tty /usr/etc/dump
	chmod 6755 /usr/etc/dump