Patch-ID# 109008-18 Keywords: security at atrm batch cron jobs umount2 audit c2audit audit_event Synopsis: SunOS 5.8_x86: at/atrm/batch/cron patch Date: Apr/28/2004 Install Requirements: Reboot after installation See Special Install Instructions Solaris Release: 8_x86 SunOS Release: 5.8_x86 Unbundled Product: Unbundled Release: Xref: This patch is available for SPARC as patch 109007 Topic: SunOS 5.8_x86: at/atrm/batch/cron patch NOTE: Refer to Special Install Instructions section for IMPORTANT specific information on this patch, especially when applying this patch for security bugid number 4776480. Relevant Architectures: i386 BugId's fixed with this patch: 1253973 4132950 4224166 4261967 4290575 4304184 4307306 4308525 4311626 4312278 4322741 4325997 4331401 4336689 4336959 4339611 4344275 4349180 4353965 4368876 4379735 4387131 4398611 4457028 4473022 4499864 4519829 4525250 4647684 4712958 4732828 4750749 4761401 4776480 4779457 4801947 4828108 4829732 4845277 4857394 4892034 4904733 4925561 Changes incorporated in this version: 4857394 4904733 Patches accumulated and obsoleted by this patch: 108876-13 Patches which conflict with this patch: Patches required with this patch: 108529-01 or greater 108990-01 or greater 108994-01 or greater 108994-18 or greater 108994-31 or greater Obsoleted by: Files included with this patch: /etc/security/audit_class /etc/security/audit_event /etc/security/bsmconv /kernel/sys/c2audit /usr/bin/at /usr/bin/atq /usr/bin/atrm /usr/bin/batch /usr/bin/crontab /usr/bin/pfexec /usr/include/bsm/audit_kevents.h /usr/include/bsm/audit_record.h /usr/lib/abi/abi_libbsm.so.1 /usr/lib/libbsm.a /usr/lib/libbsm.so /usr/lib/libbsm.so.1 /usr/lib/llib-lbsm /usr/lib/llib-lbsm.ln /usr/sbin/auditconfig /usr/sbin/auditd /usr/sbin/cron Problem Description: 4857394 AUE_MODADDMAJ doesn't check user arguments properly 4904733 allocate(1) and friends may SEGV with certain device_maps (from 109008-17) This patch version includes the updated postpatch script needed for bug fix 4892034. (from 109008-16) 4892034 Audited system calls hang if auditd killed when audit_policy == 0x5 (argv, cnt) (from 109008-15) 4925561 pfexec doesn't handle some invalid exec_attr entries correctly (from 109008-14) 4779457 Cron entries skipped after changing to wintertime 4828108 *cron* skips jobs 4829732 cron runs job that shouldn't exist. 4750749 Race condition in cron made worse by Bug Fix 4387131 (from 109008-13) 4845277 cron may dump core on BSM enabled systems (from 109008-12) 4398611 pfexec should directly audit its use 4473022 pfexec without a defined group audits with group -1. 4647684 PSARC/2002/352 Audit Class Expansion (from 109008-11) 4732828 BSM enabled system can panic referencing NULL p_audit_data (from 109008-10) 4801947 S8 cron patch rev -08 requires libbsm patch rev -13 (from 109008-09) 4776480 at -r job name handling and race conditions (from 109008-08) 4457028 c2_bsm and cron are not working together 4712958 c2_bsm should handle at-jobs spawned by unaudited user (from 109008-07) 4519829 cron can skip jobs under certain conditions (from 109008-06) 4387131 BMC Patrol (Best/1) product fails to collect data due to Solaris cron failure. (from 109008-05) 4368876 *at* does not execute 7 submitted jobs during the next cron cycle, takes > 4 min (from 109008-04) 4379735 *at* at, batch, cron allow user not in allow file to run command (from 109008-03) 4261967 no cronjobs if homedir of user is NFS mounted and has perm like 0700 (from 109008-02) 4304184 atjobs leaves temporary files (from 109008-01) 4312278 tasks, projects, extended accounting project (from 108876-13) 4457028 c2_bsm and cron are not working together 4712958 c2_bsm should handle at-jobs spawned by unaudited user 4499864 aug_save_tid_ex does not check for a type IP address type 4761401 auditconfig -setaudit doesn't work on Solaris 8 (from 108876-12) 4132950 no AUE_inetd_connect records recorded. 4311626 na masks in audit_control are not set at system boot (from 108876-11) 4525250 Certain security relevant system calls are not auditable. (from 108876-10) 4331401 segmentation violation in au_user_mask() (from 108876-09) 4349180 praudit on Solaris 8 cannot print audit log files produced by auditd on Solaris8 1253973 bsm does not audit write or writev system calls (from 108876-08) 4353965 CDE logout / exit fails with Tooltalk message (from 108876-07) 4339611 BSM does not work with some of the option. 4344275 64 bit problem with libbsm audit_class.c (from 108876-06) 4336689 typo's in /etc/security/audit_event 4336959 audit record ID's incorrect for xmknod, xstat, lxstat (from 108876-05) 4325997 BSM lacks hooks to support administrator authentication (from 108876-04) 4307306 stopping c2 auditing does not always stop auditing in the kernel (from 108876-03) 4322741 Recent change to sonode structure needlessly breaks lsof (from 108876-02) 4224166 TPI messages get flushed if 3rd party module processes M_PROTO in service procedure 4290575 2nd connect() to determine status of non-blocking connect sends extra Syn (from 108876-01) 4308525 The umount2 system call is not audited Patch Installation Instructions: -------------------------------- For Solaris 2.0-2.6 releases, refer to the Install.info file and/or the README within the patch for instructions on using the generic 'installpatch' and 'backoutpatch' scripts provided with each patch. For Solaris 7-9 releases, refer to the man pages for instructions on using 'patchadd' and 'patchrm' scripts provided with Solaris. Any other special or non-generic installation instructions should be described below as special instructions. The following example installs a patch to a standalone machine: example# patchadd /var/spool/patch/104945-02 The following example removes a patch from a standalone system: example# patchrm 104945-02 For additional examples please see the appropriate man pages. Special Install Instructions: ----------------------------- NOTE 1: To get the complete support for Tasks, Projects and Accounting, one needs to install the following patches: 108529-01 (or newer) kernel update patch 108994-01 (or newer) nss and ldap patch 108990-01 (or newer) /usr/kernel/sys/acctctl and /usr/kernel/sys/exacctsys patch 108996-01 (or newer) /usr/lib/libproc.so.1 patch 108992-02 (or newer) libc patch 109026-01 (or newer) /usr/bin/i86/truss patch 109004-01 (or newer) /etc/init.d/acctadm and /usr/sbin/acctadm patch 109010-01 (or newer) /etc/magic and /usr/bin/file patch 109020-01 (or newer) /usr/bin/priocntl patch 109028-01 (or newer) /usr/bin/wracct patch 108998-01 (or newer) libexacct and libproject patch 109012-01 (or newer) /usr/bin/id and /usr/xpg4/bin/id patch 109014-01 (or newer) /usr/bin/lastcomm patch 109016-01 (or newer) /usr/bin/newtask patch 109000-01 (or newer) PAM patch 109022-01 (or newer) /usr/bin/projects patch 109024-01 (or newer) /usr/bin/i86/ps patch 109006-01 (or newer) /sbin/su.static and /usr/bin/su patch 109036-01 (or newer) useradd/userdel/usermod patch 109030-01 (or newer) perl patch 109018-01 (or newer) /usr/bin/pgrep and /usr/bin/pkill patch 109034-01 (or newer) /usr/bin/i86/prstat patch 109038-01 (or newer) /var/yp/Makefile and /var/yp/nicknames patch 109032-01 (or newer) projadd/projdel/projmod patch NOTE 2: To get the complete fix for 4224166 (TPI messages get flushed if 3rd party module processes), one needs to install the following patches: 109044-01 (or newer) sonode adb macro patch 109042-01 (or newer) sockfs patch 109046-01 (or newer) /usr/sbin/i86/crash patch NOTE 3: To get the complete fix for bug 4132950 (no AUE_inetd_connect records recorded.) please install the following patch: 111625-03 (or newer) inetd patch README -- Last modified date: Wednesday, April 28, 2004