Patch-ID# 110337-02 Keywords: security TSIX privileges cipso tcp panic freeze RIPSO template rlogin SATMP rup kernel 2.2.8 cluster FCS Solaris Sun Trusted panic policy_nfs_reply_attrs IPSec Synopsis: Trusted Solaris 8: Security CIPSO TCP kernel support Date: Aug/13/2001 Solaris Release: Trusted_Solaris_8 SunOS Release: Unbundled Product: Unbundled Release: Xref: This patch available for x86 as patch 110338 Topic: Trusted Solaris 8: Security CIPSO TCP kernel support Relevant Architectures: sparc BugId's fixed with this patch: 4291482 4392171 4398524 4401871 4407859 4416420 4418592 4423015 4424862 4431861 4456699 4477856 Changes incorporated in this version: 4423015 4424862 4431861 4456699 4477856 Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: Obsoleted by: Files included with this patch: /etc/security/exec_attr /kernel/drv/ip /kernel/drv/sparcv9/ip /kernel/drv/sparcv9/tcp /kernel/drv/tcp /kernel/genunix /kernel/suser_policy/genunix_policy /kernel/suser_policy/sparcv9/genunix_policy /kernel/tsol_policy/genunix_policy /kernel/tsol_policy/sparcv9/genunix_policy /platform/sun4u/kernel/genunix /platform/sun4u/kernel/sparcv9/genunix /usr/include/sys/net_secpolicy.h /usr/include/sys/tsol/t6kernel.h /usr/include/sys/tsol/tndb.h /usr/include/sys/tsol/tnet.h /usr/include/sys/tsol/tproc.h Problem Description: (for 110337-02) 4423015 Panic in secpolicy_nfs_modify_reply_attrs due to dereferencing a null pointer 4424862 AH IPSec transport mode broken with CIPSO and RIPSO 4431861 IPSec with CIPSO on TS8 causes panic 4456699 IPSec and CIPSO combination does not work at admin_low label 4477856 CDP/IKE negotiation causes panic when using TSOL template (From 110337-01) 4291482 TSIX over TCP doesn't work 4392171 scripts with forced privileges aren't safe 4398524 CIPSO broken in TS8 4401871 system panics or freezes when using netscape via SWAN DSL 4407859 kernel routine get_rhtp_fromire() returns wrong template 4416420 TSIX has problem with rlogin 4418592 TSIX doesn't work on X86 for rup/rlogin Patch Installation Instructions: -------------------------------- Refer to the man pages for instructions on using the generic 'patchadd' and 'patchrm' scripts. Any other special or non-generic installation instructions should be described below as special instructions. Special Install Instructions: ----------------------------- Note: The steps below assume the patch file has been placed into the ADMIN_LOW subdirectory of /tmp (/tmp is a MLD) and that the patch file label is configured to ADMIN_LOW. Create a role that contains the Software Installation profile (typically the admin role). The patch file should be owned by this role. Keep in mind, after rebooting, contents in the /tmp directory are removed; if saving the patch tarfile is desired, select another MLD such as /var/tmp. 1) Login as a user authorized to assume a role that contains the Software Installation profile; typically the admin role. Assume that role. 2) cd into /tmp and unzip the patch file. A patch directory will be created by the unzip command. $ cd /tmp $ unzip <123456-01.zip> 3) Install the patch by typing: $ patchadd /tmp/ Special Backout Instructions: ----------------------------- 1) Login as a user authorized to assume a role that contains the Software Installation profile; typically the admin role. Assume that role. 2) Backout patch by typing: $ patchrm where is the patch number. $ patchrm 123456-01 README -- Last modified date: Monday, August 13, 2001