Patch-ID# 109007-19

NOTE:
***********************************************************************
READ THE TERMS OF THE AGREEMENT ("AGREEMENT") IN THE LEGAL_LICENSE.TXT
FILE CAREFULLY BEFORE USING THIS SOFTWARE. BY USING THE SOFTWARE, YOU
AGREE TO THE TERMS OF THIS AGREEMENT. IF YOU DO NOT AGREE TO ALL OF THE
TERMS, PROMPTLY DESTROY THE UNUSED SOFTWARE.
***********************************************************************

Keywords: security at atrm batch cron umount2 c2audit audit_event inetd sighup
Synopsis: SunOS 5.8: at/atrm/batch/cron patch
Date: Aug/11/2005


Install Requirements: Reboot after installation                      
                      
Solaris Release: 8

SunOS Release: 5.8

Unbundled Product: 

Unbundled Release: 

Xref: This patch is available for x86 as patch 109008

Topic: SunOS 5.8: at/atrm/batch/cron patch
	***********************************************************
	NOTE: This patch may contain one or more OEM-specific platform ports.
	      See the appropriate OEM_NOTES file within the patch for
	      information specific to these platforms.
	      DO NOT INSTALL this patch on an OEM system if a corresponding
	      OEM_NOTES file is not present (or is present, but instructs not
	      to install the patch), unless the OEM vendor directs otherwise.
	      Refer to Special Install Instructions section for
              IMPORTANT specific information on this patch.
	***********************************************************

Relevant Architectures: sparc

BugId's fixed with this patch: 1253973 4132950 4224166 4261967 4290575 4304184 4307306 4308525 4311626 4312278 4314498 4322741 4325997 4331401 4336689 4336959 4339611 4343874 4344275 4345189 4349180 4353965 4368876 4379735 4383820 4387131 4398611 4457028 4473022 4499864 4519829 4521343 4525250 4647684 4685545 4712958 4732828 4750749 4761401 4776480 4779457 4801947 4828108 4829732 4845277 4857394 4892034 4904733 4925561 4959077 5076801

Changes incorporated in this version: 4685545 4959077 5076801

Patches accumulated and obsoleted by this patch: 108875-13 111624-05

Patches which conflict with this patch: 

Patches required with this patch: 108528-01 108989-01 108991-02 108993-01 108997-01 (or greater)

Obsoleted by: 

Files included with this patch: 

/etc/security/audit_class
/etc/security/audit_event
/etc/security/bsmconv
/kernel/sys/c2audit
/kernel/sys/sparcv9/c2audit
/usr/bin/at
/usr/bin/atq
/usr/bin/atrm
/usr/bin/batch
/usr/bin/crontab
/usr/bin/pfexec
/usr/include/bsm/audit_kevents.h
/usr/include/bsm/audit_record.h
/usr/lib/abi/abi_libbsm.so.1
/usr/lib/abi/sparcv9/abi_libbsm.so.1
/usr/lib/libbsm.a
/usr/lib/libbsm.so
/usr/lib/libbsm.so.1
/usr/lib/llib-lbsm
/usr/lib/llib-lbsm.ln
/usr/lib/sparcv9/libbsm.so
/usr/lib/sparcv9/libbsm.so.1
/usr/lib/sparcv9/llib-lbsm.ln
/usr/sbin/auditconfig
/usr/sbin/auditd
/usr/sbin/cron
/usr/sbin/inetd

Problem Description:

4685545 audit_inetd_config gets SEGV if /etc/security/audit_event file is empty
4959077 bsmconv should reuse saved audit_startup file if it exists
5076801 The audit-ID for cron jobs with missing ancillary file can be wrong
 
(from 109007-18)
 
4857394 AUE_MODADDMAJ doesn't check user arguments properly
4904733 allocate(1) and friends may SEGV with certain device_maps
 
(from 109007-17)
 
	This patch version includes the updated postpatch
        script needed for bug fix 4892034.
 
(from 109007-16)
 
4892034 Audited system calls hang if auditd killed when audit_policy == 0x5 (argv, cnt)
 
(from 109007-15)
 
4925561 pfexec doesn't handle some invalid exec_attr entries correctly
 
(from 109007-14)
 
4779457 Cron entries skipped after changing to wintertime
4828108 *cron* skips jobs
4829732 cron runs job that shouldn't exist.
4750749 Race condition in cron made worse by Bug Fix 4387131
 
(from 109007-13)
 
4845277 cron may dump core on BSM enabled systems
 
(from 109007-12)
 
4398611 pfexec should directly audit its use
4473022 pfexec without a defined group audits with group -1.
4647684 PSARC/2002/352 Audit Class Expansion
 
(from 109007-11)
 
4732828 BSM enabled system can panic referencing NULL p_audit_data
 
(from 109007-10)
 
4801947 S8 cron patch rev -08 requires libbsm patch rev -13
 
(from 109007-09)
 
4776480 at -r job name handling and race conditions
 
(from 109007-08)
 
4457028 c2_bsm and cron are not working together
4712958 c2_bsm should handle at-jobs spawned by unaudited user
 
(from 109007-07)
 
4519829 cron can skip jobs under certain conditions
 
(from 109007-06)
 
4387131 BMC Patrol (Best/1) product fails to collect data due to Solaris cron failure.
 
(from 109007-05)
 
4368876 *at* does not execute 7 submitted jobs during the next cron cycle, takes > 4 min
 
(from 109007-04)
 
4379735 *at* at, batch, cron allow user not in allow file to run command
 
(from 109007-03)
 
4261967 no cronjobs if homedir of user is NFS mounted and has perm like 0700
 
(from 109007-02)
 
4304184 atjobs leaves temporary files
 
(from 109007-01)
 
4312278 tasks, projects, extended accounting project
 
(from 108875-13)
 
4457028 c2_bsm and cron are not working together
4712958 c2_bsm should handle at-jobs spawned by unaudited user
4499864 aug_save_tid_ex does not check for a type IP address type
4761401 auditconfig -setaudit doesn't work on Solaris 8
 
(from 108875-12)
 
4132950 no AUE_inetd_connect records recorded.
4311626 na masks in audit_control are not set at system boot
 
(from 108875-11)
 
4525250 Certain security relevant system calls are not auditable.
 
(from 108875-10)
 
4331401 segmentation violation in au_user_mask()
 
(from 108875-09)
 
4349180 praudit on Solaris 8 cannot print audit log files produced by auditd on Solaris8
1253973 bsm does not audit write or writev system calls
 
(from 108875-08)
 
4353965 CDE logout / exit fails with Tooltalk message
 
(from 108875-07)
 
4339611 BSM does not work with some of the option.
4344275 64 bit problem with libbsm audit_class.c
 
(from 108875-06)
 
4336689 typo's in /etc/security/audit_event
4336959 audit record ID's incorrect for xmknod, xstat, lxstat
 
(from 108875-05)
 
4325997 BSM lacks hooks to support administrator authentication
 
(from 108875-04)
 
4307306 stopping c2 auditing does not always stop auditing in the kernel
 
(from 108875-03)
 
4322741 Recent change to sonode structure needlessly breaks lsof
 
(from 108875-02)
 
4224166 TPI messages get flushed if 3rd party module processes M_PROTO in service procedure
4290575 2nd connect() to determine status of non-blocking connect sends extra Syn
 
(from 108875-01)
 
4308525 The umount2 system call is not audited
 
(from 111624-05)
 
4521343 inetd outputs wrong error messages
 
(from 111624-04)
 
4383820 inetd is hanging and needs to be killed and restarted
 
(from 111624-03)
 
4132950 no AUE_inetd_connect records recorded.
4314498 inetd generates two audit records instead of one
 
(from 111624-02)
 
4345189 inetd fails to monitor outstanding wait services after a SIGHUP
 
(from 111624-01)
 
4343874 *inetd* rpc calls fail: Illegal file descriptor

Patch Installation Instructions:
--------------------------------
 
For Solaris 2.0-2.6 releases, refer to the Install.info file and/or
the README within the patch for instructions on using the generic
'installpatch' and 'backoutpatch' scripts provided with each patch.
 
For Solaris 7-10 releases, refer to the man pages for instructions
on using 'patchadd' and 'patchrm' scripts provided with Solaris.
Any other special or non-generic installation instructions should be
described below as special instructions.  The following example
installs a patch to a standalone machine:
 
       example# patchadd /var/spool/patch/104945-02
 
The following example removes a patch from a standalone system:
 
       example# patchrm 104945-02
 
For additional examples please see the appropriate man pages.

Special Install Instructions:
-----------------------------
 
Reboot the system after patch installation.
 
        NOTE 1: To get the complete support for Tasks, Projects and
                Accounting, one needs to also install the following patches:
 
                108995-01 (or newer)    /usr/lib/libproc.so.1 patch
                109025-01 (or newer)    /usr/bin/sparcv7/truss and
                                        /usr/bin/sparcv9/truss patch
                109003-01 (or newer)    /etc/init.d/acctadm and
                                        /usr/sbin/acctadm patch
                109009-01 (or newer)    /etc/magic and /usr/bin/file patch
                109019-01 (or newer)    /usr/bin/priocntl patch
                109027-01 (or newer)    /usr/bin/wracct patch
                109011-01 (or newer)    /usr/bin/id and /usr/xpg4/bin/id patch
                109013-01 (or newer)    /usr/bin/lastcomm patch
                109015-01 (or newer)    /usr/bin/newtask patch
                108999-01 (or newer)    PAM patch
                109021-01 (or newer)    /usr/bin/projects patch
                109023-01 (or newer)    /usr/bin/sparcv7/ps and
                                        /usr/bin/sparcv9/ps patch
                109005-01 (or newer)    /sbin/su.static and /usr/bin/su patch
                109035-01 (or newer)    useradd/userdel/usermod patch
                109029-01 (or newer)    perl patch
                109017-01 (or newer)    /usr/bin/pgrep and /usr/bin/pkill patch
                109033-01 (or newer)    /usr/bin/sparcv7/prstat and
                                        /usr/bin/sparcv9/prstat patch
                109037-01 (or newer)    /var/yp/Makefile and
                                        /var/yp/nicknames patch
                109031-01 (or newer)    projadd/projdel/projmod patch
 
 
        NOTE 2: To get the complete fix for 4224166 (TPI messages get
                flushed if 3rd party module processes), one needs to
                also install the following patches:
 
                109043-01 (or newer)    sonode adb macro patch
                109041-01 (or newer)    sockfs patch
                109045-01 (or newer)    /usr/sbin/sparcv7/crash and
                                        /usr/sbin/sparcv9/crash patch

README -- Last modified date:  Thursday, August 11, 2005