Patch-ID# 110338-03 Keywords: security TSIX privileges cipso tcp panic freeze RIPSO template rlogin SATMP rup kernel intel 2.2.8 cluster FCS Solaris Sun Trusted panic policy_nfs_reply_attrs IPSec Synopsis: Trusted Solaris 8_x86: Security CIPSO TCP kernel support Date: Aug/13/2001 Solaris Release: Trusted_Solaris_8_x86 SunOS Release: Unbundled Product: Unbundled Release: Xref: This patch available for sparc as patch 110337 Topic: Trusted Solaris 8_x86: Security CIPSO TCP kernel support Relevant Architectures: i386 BugId's fixed with this patch: 4291482 4392171 4398524 4401871 4407859 4416420 4418592 4423015 4424862 4431861 4451473 4453634 4456699 4477856 Changes incorporated in this version: 4423015 4424862 4431861 4456699 4477856 Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: 110763-01 or greater Obsoleted by: Files included with this patch: /etc/security/exec_attr /kernel/drv/ip /kernel/drv/tcp /kernel/genunix /kernel/suser_policy/genunix_policy /kernel/tsol_policy/genunix_policy /platform/i86pc/kernel/unix /usr/include/sys/net_secpolicy.h /usr/include/sys/tsol/t6kernel.h /usr/include/sys/tsol/tndb.h /usr/include/sys/tsol/tnet.h /usr/include/sys/tsol/tproc.h Problem Description: (for 110338-03) 4423015 Panic in secpolicy_nfs_modify_reply_attrs due to dereferencing a null pointer 4424862 AH IPSec transport mode broken with CIPSO and RIPSO 4431861 IPSec with CIPSO on TS8 causes panic 4456699 IPSec and CIPSO combination does not work at admin_low label 4477856 CDP/IKE negotiation causes panic when using TSOL template (from 110338-02) 4451473 Patch needed for TS equivalent of 4404947 4453634 Solaris/Trusted Solaris Intel can panic from user process (from 110338-01) 4291482 TSIX over TCP doesn't work 4392171 scripts with forced privileges aren't safe 4398524 CIPSO broken in TS8 4401871 system panics or freezes when using netscape via SWAN DSL 4407859 kernel routine get_rhtp_fromire() returns wrong template 4416420 TSIX has problem with rlogin 4418592 TSIX doesn't work on X86 for rup/rlogin Patch Installation Instructions: -------------------------------- Refer to the man pages for instructions on using the generic 'patchadd' and 'patchrm' scripts. Any other special or non-generic installation instructions should be described below as special instructions. Special Install Instructions: ----------------------------- Note: The steps below assume the patch file has been placed into the ADMIN_LOW subdirectory of /tmp (/tmp is a MLD) and that the patch file label is configured to ADMIN_LOW. Create a role that contains the Software Installation profile (typically the admin role). The patch file should be owned by this role. Keep in mind, after rebooting, contents in the /tmp directory are removed; if saving the patch tarfile is desired, select another MLD such as /var/tmp. 1) Login as a user authorized to assume a role that contains the Software Installation profile; typically the admin role. Assume that role. 2) cd into /tmp and unzip the patch file. A patch directory will be created by the unzip command. $ cd /tmp $ unzip <123456-01.zip> 3) Install the patch by typing: $ patchadd /tmp/ You must reboot for these changes to take effect. Special Backout Instructions: ----------------------------- 1) Login as a user authorized to assume a role that contains the Software Installation profile; typically the admin role. Assume that role. 2) Backout patch by typing: patchrm where is the patch number. $ patchrm 123456-01 You must reboot for these changes to take effect. README -- Last modified date: Monday, August 13, 2001