OBSOLETE Patch-ID# 105621-25 Keywords: security y2000 ITSEC libbsm auditreduce audit_event cron Synopsis: Obsoleted by: 105181-25 SunOS 5.6: c2audit, libbsm and cron patch Date: Nov/10/2000 Solaris Release: 2.6 SunOS Release: 5.6 Unbundled Product: Unbundled Release: Xref: This patch available for x86 as patch 105622 Topic: SunOS 5.6: c2audit, libbsm and cron patch NOTE: Refer to Special Install Instructions section for IMPORTANT specific information on this patch. Relevant Architectures: sparc BugId's fixed with this patch: 1119287 1193651 1216725 1216726 1216727 1216728 1216729 1216730 1216732 1216734 1216735 1216744 1216745 1216746 1221605 1227748 1243241 1243610 4009174 4030300 4053536 4056290 4063161 4086268 4087559 4091316 4094608 4095152 4098820 4099355 4099528 4099944 4100414 4106673 4111104 4120368 4144921 4151799 4153132 4155708 4162091 4162300 4166626 4172702 4176667 4177427 4180250 4183947 4184825 4188193 4194454 4196408 4196541 4204116 4207210 4218800 4224166 4226756 4261967 4304184 4307306 4353965 Changes incorporated in this version: 4353965 Patches accumulated and obsoleted by this patch: 105393-11 105686-02 105845-01 106033-01 106064-01 106075-01 Patches which conflict with this patch: Patches required with this patch: Obsoleted by: 105181-25 Files included with this patch: /etc/security/audit_event /etc/security/bsmconv /etc/security/bsmunconv /kernel/sys/c2audit /usr/bin/at /usr/bin/atq /usr/bin/atrm /usr/bin/crontab /usr/include/bsm/audit_kevents.h /usr/include/bsm/audit_record.h /usr/lib/libbsm.a /usr/lib/libbsm.so.1 /usr/lib/llib-lbsm /usr/lib/llib-lbsm.ln /usr/sbin/allocate /usr/sbin/audit /usr/sbin/auditconfig /usr/sbin/auditd /usr/sbin/auditreduce /usr/sbin/cron /usr/sbin/deallocate /usr/sbin/list_devices /usr/sbin/praudit /usr/sbin/rpc.rexd Problem Description: 4353965 CDE logout / exit fails with Tooltalk message (from 105621-24) 4261967 no cronjobs if homedir of user is NFS mounted and has perm like 0700 4304184 atjobs leaves temporary files (from 105621-23) 4307306 stopping c2 auditing does not always stop auditing in the kernel (from 105621-22) 4224166 TPI messages get flushed if 3rd party module processes M_PROTO in service procedure 4162091 fork in MT process can hang proces in sockfs due to cv_wait/cv_wait_sig dependency (from 105621-21) 4086268 cron with long PATH or SUPATH causes corrupt environment variables 4226756 cron fails to run job at 2am during april DST switchover (from 105621-20) 4183947 garbage tokens in exit(2) audit record (from 105621-19) 4111104 audit attribute token gives incorrect inode number (from 105621-18) 4166626 praudit produces core when it process record of failure event with errno > 128 (from 105621-17) 4218800 cl AUE_CLOSE close(2) events logged regardless of success or failure (from 105621-16) 4204116 cron jobs don't send mail since fix for 4184825 (from 105621-15) 4196408 details of cron command not written to audit trail (from 105621-14) 4207210 cron auditing broken in the 2.6 release (from 105621-13) 4196541 ftpd audit problem (from 105621-12) 4194454 auditing to pipe causes system to panic (from 105621-11) 4180250 file pointer used after being released by RELEASEF (from 105621-10) 4188193 cron BSM records logged as unknown job (from 105621-09) 4172702 libbsm patch 105621-07 causes system to panic when ssh is used (from 105621-08) 1243610 praudit -l output sometimes misses delimiter comma (from 105621-07) 4151799 libbsm attempts to acquire mutex recursively and deadlocks 4153132 auditreduce does not recognize 2/29/2000 4155708 /etc/security/audit_event blank line confuses parsing of file (from 105621-06) 4144921 auditd fails to log all events during bulk audit generation (from 105621-05) 4120368 adminsuite applications have no BSM audit hooks 4095152 deallocating floppy disk or cdrom kills vold and process cannot be restarted (from 105621-04) 1193651 no auditing in rpc.rexd 1216725 auditconfig(1M) uses unknown domain name "SUNW_BSM_AUDITCONFIG" 1216726 audit(1M) uses unknown domain name "SUNW_BSM_AUDIT" 1216727 allocate(1M) uses unknown domain name "SUNW_BSM_ALLOCATE" 1216728 auditd(1M) uses unknown domain name "SUNW_BSM_AUDITD" 1216729 auditreduce(1M) uses unknown domain name "SUNW_BSM_AUDITREDUCE" 1216730 praudit(1M) uses unknown domain name "SUNW_BSM_PRAUDIT" 1216732 auditd command does not use setlocale() function. 1216734 allocate command does not use setlocale( ) function. 1216735 auditconfig command does not use setlocale( ) function. 1216744 allocate command does not use textdomain() function. 1216745 auditconfig command does not use textdomain() function. 1216746 auditd command does not use textdomain() function. 1221605 au_to_acl needs implementing 1227748 the doors subsystem needs auditing 4030300 many 2.6 system calls are not audited. 4098820 libbsm uses unknown domain name 4099528 operations performed by rexecd are not audited by BSM 4120368 adminsuite applications have no BSM audit hooks (from 105621-03) 4099528 operations performed by rexecd are not audited by BSM (from 105621-02) 4087559 aug_save_namask in libbsm gets the machine preselection mask from wrong place (from 105621-01) 1243241 operations performed by rexecd are not audited by BSM (from 105686-02) 4091316 auditreduce -o file= does not appear to work. (from 105686-01) 4094608 year 2000 bug in auditreduce 4053536 AUE_CHDIR in wrong audit class (from 106064-01) 4100414 rexd: can crash system when client is using 'script' command (from 106075-01) 4095152 deallocating a floppy disk or cdrom kills vold & process cannot be restarted (from 105393-11) 4207210 cron auditing broken in the 2.6 release (from 105393-10) 4184825 security hole in cron through improper use of creat (second rework) (from 105393-09) 4184825 security hole in cron through improper use of creat (reworked) (from 105393-08) 4184825 security hole in cron through improper use of creat 4177427 cron spins out of control when fork fails. (from 105393-07) 4176667 'at' command doesn't work properly when specifying 02/29/2000 (from 105393-06) 4162300 cron when patched with 105393-05 has start up errors. (from 105393-05) 1119287 inability to run at command from a BSD diskless from a Solaris 2.1 server (from 105393-04) 1221605 au_to_acl needs implementing 4009174 cron utilities do not propagate audit characteristics of user 4030300 many 2.6 system calls are not audited 4056290 at and cron do not generate audit records (from 105393-03) 4099355 at command sets a ulimit value; the invoking shell specified "unlimited" (from 105393-02) 4099944 'at' does not accept feb 29 under 2.6 (from 105393-01) 4063161 *at* from 512 byte long directory gives bus error. (from 106033-01) 4106673 cron is not year 2000 compliant in 2.6 Patch Installation Instructions: -------------------------------- Refer to the Install.info file within the patch for instructions on using the generic 'installpatch' and 'backoutpatch' scripts provided with each patch. Any other special or non-generic installation instructions should be described below. Special Install Instructions: ----------------------------- Reboot the system after patch installation. README -- Last modified date: Thursday, February 8, 2001