OBSOLETE Patch-ID# 105622-25 Keywords: security y2000 ITSEC libbsm auditreduce audit_event cron Synopsis: Obsoleted by: 105182-24 SunOS 5.6_x86: c2audit, libbsm and cron patch Date: Dec/19/2000 Solaris Release: 2.6_x86 SunOS Release: 5.6_x86 Unbundled Product: Unbundled Release: Xref: This patch available for SPARC as patch 105621 Topic: SunOS 5.6_x86: c2audit, libbsm and cron patch NOTE: Refer to Special Install Instructions section for IMPORTANT specific information on this patch. Relevant Architectures: i386 BugId's fixed with this patch: 1119287 1193651 1216725 1216726 1216727 1216728 1216729 1216730 1216732 1216734 1216735 1216744 1216745 1216746 1221605 1227748 1243241 1243610 4009174 4030300 4053536 4056290 4063161 4086268 4087559 4091316 4094608 4095152 4098820 4099355 4099528 4099944 4100414 4106673 4111104 4120368 4144921 4151799 4153132 4155708 4162091 4162300 4166626 4172702 4176667 4177427 4180250 4183947 4184825 4188193 4194454 4196408 4196541 4204116 4207210 4218800 4224166 4226756 4261967 4304184 4307306 4353965 Changes incorporated in this version: 4353965 Patches accumulated and obsoleted by this patch: 105394-11 105687-02 105846-01 106034-01 106065-01 106076-01 Patches which conflict with this patch: Patches required with this patch: Obsoleted by: 105182-24 Files included with this patch: /etc/security/audit_event /etc/security/bsmconv /etc/security/bsmunconv /kernel/sys/c2audit /usr/bin/at /usr/bin/atq /usr/bin/atrm /usr/bin/crontab /usr/include/bsm/audit_kevents.h /usr/include/bsm/audit_record.h /usr/lib/libbsm.a /usr/lib/libbsm.so.1 /usr/lib/llib-lbsm /usr/lib/llib-lbsm.ln /usr/sbin/allocate /usr/sbin/audit /usr/sbin/auditconfig /usr/sbin/auditd /usr/sbin/auditreduce /usr/sbin/cron /usr/sbin/deallocate /usr/sbin/list_devices /usr/sbin/praudit /usr/sbin/rpc.rexd Problem Description: 4353965 CDE logout / exit fails with Tooltalk message (from 105622-24) 4261967 no cronjobs if homedir of user is NFS mounted and has perm like 0700 4304184 atjobs leaves temporary files (from 105622-23) 4307306 stopping c2 auditing does not always stop auditing in the kernel (from 105622-22) 4224166 TPI messages get flushed if 3rd party module processes M_PROTO in service procedure 4162091 fork in MT process can hang proces in sockfs due to cv_wait/cv_wait_sig dependency (from 105622-21) 4086268 cron with long PATH or SUPATH causes corrupt environment variables 4226756 cron fails to run job at 2am during april DST switchover (from 105622-20) 4183947 garbage tokens in exit(2) audit record (from 105622-19) 4111104 audit attribute token gives incorrect inode number (from 105622-18) 4166626 praudit produces core when it process record of failure event with errno > 128 (from 105622-17) 4218800 cl AUE_CLOSE close(2) events logged regardless of success or failure (from 105622-16) 4204116 cron jobs don't send mail since fix for 4184825 (from 105622-15) 4196408 details of cron command not written to audit trail (from 105622-14) 4207210 cron auditing broken in the 2.6 release (from 105622-13) 4196541 ftpd audit problem (from 105622-12) 4194454 auditing to pipe causes system to panic (from 105622-11) 4180250 file pointer used after being released by RELEASEF (from 105622-10) 4188193 cron BSM records logged as unknown job (from 105622-09) 4172702 libbsm patch 105621-07 causes system to panic when ssh is used (from 105622-08) 1243610 praudit -l output sometimes misses delimiter comma (from 105622-07) 4151799 libbsm attempts to acquire mutex recursively and deadlocks 4153132 auditreduce does not recognize 2/29/2000 4155708 /etc/security/audit_event blank line confuses parsing of file (from 105622-06) 4144921 auditd fails to log all events during bulk audit generation (from 105622-05) 4120368 adminsuite applications have no BSM audit hooks 4095152 deallocating floppy disk or cdrom kills vold and process cannot be restarted (from 105622-04) 1193651 no auditing in rpc.rexd 1216725 auditconfig(1M) uses unknown domain name "SUNW_BSM_AUDITCONFIG" 1216726 audit(1M) uses unknown domain name "SUNW_BSM_AUDIT" 1216727 allocate(1M) uses unknown domain name "SUNW_BSM_ALLOCATE" 1216728 auditd(1M) uses unknown domain name "SUNW_BSM_AUDITD" 1216729 auditreduce(1M) uses unknown domain name "SUNW_BSM_AUDITREDUCE" 1216730 praudit(1M) uses unknown domain name "SUNW_BSM_PRAUDIT" 1216732 auditd command does not use setlocale() function. 1216734 allocate command does not use setlocale( ) function. 1216735 auditconfig command does not use setlocale( ) function. 1216744 allocate command does not use textdomain() function. 1216745 auditconfig command does not use textdomain() function. 1216746 auditd command does not use textdomain() function. 1221605 au_to_acl needs implementing 1227748 the doors subsystem needs auditing 4030300 many 2.6 system calls are not audited. 4098820 libbsm uses unknown domain name 4099528 operations performed by rexecd are not audited by BSM 4120368 adminsuite applications have no BSM audit hooks (from 105622-03) 4099528 operations performed by rexecd are not audited by BSM (from 105622-02) 4087559 aug_save_namask in libbsm gets the machine preselection mask from wrong place (from 105622-01) 1243241 operations performed by rexecd are not audited by BSM (from 105687-02) 4091316 auditreduce -o file= does not appear to work. (from 105687-01) 4094608 year 2000 bug in auditreduce (from 105846-01) 4053536 AUE_CHDIR in wrong audit class (from 106065-01) 4100414 rexd: can crash system when client is using 'script' command (from 106076-01) 4095152 deallocating a floppy disk or cdrom kills vold & process cannot be restarted (from 105394-11) 4207210 cron auditing broken in the 2.6 release (from 105394-10) 4184825 security hole in cron through improper use of creat (second rework) (from 105394-09) 4184825 security hole in cron through improper use of creat (reworked) (from 105394-08) 4184825 security hole in cron through improper use of creat 4177427 cron spins out of control when fork fails (from 105394-07) 4176667 'at' command doesn't work properly when specifying 02/29/2000 (from 105394-06) 4162300 cron when patched with 105393-05 has start up errors. (from 105394-05) 1119287 inability to run at command from a BSD diskless from a Solaris 2.1 server (from 105394-04) 1221605 au_to_acl needs implementing 4009174 cron utilities do not propagate audit characteristics of user 4030300 many 2.6 system calls are not audited 4056290 at and cron do not generate audit records (from 105394-03) 4099355 at command sets a ulimit value; the invoking shell specified "unlimited" (from 105394-02) 4099944 'at' does not accept feb 29 under 2.6 (from 105394-01) 4063161 *at* from 512 byte long directory gives bus error. (from 106034-01) 4106673 cron is not year 2000 compliant in 2.6 Patch Installation Instructions: -------------------------------- Refer to the Install.info file within the patch for instructions on using the generic 'installpatch' and 'backoutpatch' scripts provided with each patch. Any other special or non-generic installation instructions should be described below. Special Install Instructions: ----------------------------- Reboot the system after patch installation. README -- Last modified date: Monday, February 12, 2001