Patch-ID# 114332-22 NOTE: *********************************************************************** READ THE TERMS OF THE AGREEMENT ("AGREEMENT") IN THE LEGAL_LICENSE.TXT FILE CAREFULLY BEFORE USING THIS SOFTWARE. BY USING THE SOFTWARE, YOU AGREE TO THE TERMS OF THIS AGREEMENT. IF YOU DO NOT AGREE TO ALL OF THE TERMS, PROMPTLY DESTROY THE UNUSED SOFTWARE. *********************************************************************** Keywords: security cron at vold bsmconv inetd sighup signals hang Synopsis: SunOS 5.9: c2audit & *libbsm.so.1 Patch Date: Aug/23/2005 Install Requirements: Reboot after installation, an alternative may be in Special Install Instructions Solaris Release: 9 SunOS Release: 5.9 Unbundled Product: Unbundled Release: Xref: This patch available for x86 as patch 117469 Topic: SunOS 5.9: c2audit & *libbsm.so.1 Patch *********************************************************** NOTE: This patch may contain one or more OEM-specific platform ports. See the appropriate OEM_NOTES file within the patch for information specific to these platforms. DO NOT INSTALL this patch on an OEM system if a corresponding OEM_NOTES file is not present (or is present, but instructs not to install the patch), unless the OEM vendor directs otherwise. *********************************************************** Relevant Architectures: sparc sparc.sun4u BugId's fixed with this patch: 4383820 4445394 4457028 4473026 4499864 4501255 4592827 4647549 4647683 4647684 4685545 4688063 4712958 4715363 4728819 4732828 4735135 4745590 4750749 4761401 4778984 4779457 4805352 4809341 4818300 4828108 4829732 4833724 4835739 4842901 4845277 4857394 4892034 4904733 4916342 4959077 4975802 5012065 5042248 5064001 5076694 5076801 5082875 5093165 6174905 6192370 6260039 6281786 Changes incorporated in this version: 6281786 Patches accumulated and obsoleted by this patch: 112969-04 113496-01 114327-01 Patches which conflict with this patch: Patches required with this patch: Obsoleted by: Files included with this patch: /etc/init.d/volmgt /etc/rc0.d/K05volmgt /etc/rc1.d/K05volmgt /etc/rc2.d/K05volmgt /etc/rc2.d/S92volmgt (deleted) /etc/rc3.d/S81volmgt /etc/rcS.d/K05volmgt /etc/security/audit_class /etc/security/audit_event /etc/security/audit_record_attr /etc/security/bsmconv /etc/security/bsmunconv /kernel/sys/c2audit /kernel/sys/sparcv9/c2audit /usr/bin/crontab /usr/include/bsm/audit.h /usr/include/bsm/audit_kernel.h /usr/include/bsm/audit_kevents.h /usr/include/bsm/audit_record.h /usr/lib/abi/abi_libbsm.so.1 /usr/lib/abi/sparcv9/abi_libbsm.so.1 /usr/lib/adb/sparcv9/tad /usr/lib/adb/tad /usr/lib/libbsm.a /usr/lib/libbsm.so.1 /usr/lib/sparcv9/libbsm.so.1 /usr/sbin/auditconfig /usr/sbin/bsmrecord /usr/sbin/cron /usr/sbin/inetd /usr/sbin/praudit /usr/share/lib/xml/dtd/adt_record.dtd.1 /usr/share/lib/xml/style/adt_record.xsl.1 Problem Description: 6281786 fatal: vol_init: already a daemon running if you install s9u8_02. (from 114332-21) 6260039 at-jobs which don't have a corresponding ancillary file fail now (from 114332-20) 4685545 audit_inetd_config gets SEGV if /etc/security/audit_event file is empty 4959077 bsmconv should reuse saved audit_startup file if it exists 5076801 The audit-ID for cron jobs with missing ancillary file can be wrong (from 114332-19) 5012065 audit_setfsat_path() panics on kernel initiated file rename (from 114332-18) 5082875 bsmrecord -a > somefile displays uninitialized value message 6192370 L1-A audit records are not being generated (from 114332-17) 5076694 audit records have invalid return for 64 bit apps 6174905 praudit(1M) displays a newline inside path_attr, exec_args, and exec_env tokens (from 114332-16) 5093165 praudit -x needs deal with illegal XML characters (from 114332-15) Previous revision of this patch was respun due to a patch construction error. (from 114332-14) 5064001 *cron* : drops users for good during name service outage (from 114332-13) 5042248 umount2(2) audit record missing path audit token (from 114332-12) 4857394 AUE_MODADDMAJ doesn't check user arguments properly (from 114332-11) 4904733 allocate(1) and friends may SEGV with certain device_maps (from 114332-10) Respun previous revision of this patch to address a packaging issue. (from 114332-09) 4975802 s9 BSM patches break bsm/auditd - replace audit_startup with wrong permissions (from 114332-08) 4892034 Audited system calls hang if auditd killed when audit_policy == 0x5 (argv, cnt) 4916342 *praudit* does not handle multibyte characters. (from 114332-07) 4779457 Cron entries skipped after changing to wintertime 4828108 cron skips jobs 4829732 cron runs job that shouldn't exist. 4750749 Race condition in cron made worse by bugfix 4387131 (from 114332-06) 4845277 cron may dump core on BSM enabled systems (from 114332-05) 4833724 Assert failure in audit_async_block 4835739 update audit dtd and xsl files (from 114332-04) 4445394 PSARC/2002/262 Audit trail noise reduction 4647549 PSARC/2002/377 Audit Trail Translation to XML 4647684 PSARC/2002/352 Audit Class Expansion 4473026 pfexec audit event is in the ad class which produces noise. 4647683 Don't disable L1-A in bsmconv 4688063 packaging for audit config files broken for upgrade 4728819 audit locking broken for interrupt context 4735135 praudit is not getopt compliant 4745590 praudit prints the wrong value for 64bit microseconds in the header token 4778984 libbsm au_to_ipc is wrong 4501255 deadlock between auditd and NFS if file close is audited 4818300 missing attributes in some records for public files 4805352 Many untranslatable strings are included in praudit.po (from 114332-03) 4732828 BSM enabled system can panic referencing NULL p_audit_data (from 114332-02) Combine cron patch (114327-01) and c2audit patch (114332-01) in one due to the dependency. (from 114332-01) 4457028 c2_bsm and cron are not working together 4712958 c2_bsm should handle at-jobs spawned by unaudited user 4499864 aug_save_tid_ex does not check for a type IP address type 4761401 auditconfig -setaudit doesn't work on Solaris 8 (from 114327-01) 4457028 c2_bsm and cron are not working together 4712958 c2_bsm should handle at-jobs spawned by unaudited user 4499864 aug_save_tid_ex does not check for a type IP address type 4761401 auditconfig -setaudit doesn't work on Solaris 8 (from 112969-04) 4842901 installf does not handle -R option correctly (from 112969-03) 4809341 bsmconv fails when SUNWvolr is not installed. (from 112969-02) 4715363 Patch 112969-01 can not be added with -R option of patchadd (from 112969-01) 4592827 vold slows down the boot process (from 113496-01) 4383820 inetd is hanging and needs to be killed and restarted Patch Installation Instructions: -------------------------------- For Solaris 2.0-2.6 releases, refer to the Install.info file and/or the README within the patch for instructions on using the generic 'installpatch' and 'backoutpatch' scripts provided with each patch. For Solaris 7-10 releases, refer to the man pages for instructions on using 'patchadd' and 'patchrm' scripts provided with Solaris. Any other special or non-generic installation instructions should be described below as special instructions. The following example installs a patch to a standalone machine: example# patchadd /var/spool/patch/104945-02 The following example removes a patch from a standalone system: example# patchrm 104945-02 For additional examples please see the appropriate man pages. Special Install Instructions: ----------------------------- NOTE 1: To get the complete fix of Audit Enhancement feature, please install the following patches: 115004-01 (or greater) kbtrans patch 115006-01 (or greater) kb patch 112233-07 (or greater) Kernel Update patch This patch required a change to the following files that are currently on your system: /etc/security/audit_class /etc/security/audit_event During the installation of this patch, the following files will be added to your system and must be site-merged with any local changes that may be contained in the files that are listed above: /etc/security/audit_class.new /etc/security/audit_event.new README -- Last modified date: Tuesday, August 23, 2005