Patch-ID# 110772-02 Keywords: security relabel shadow SMC profiles rights Synopsis: Trusted Solaris 8_x86: /etc/shadow can be relabeled and modload does not work at boot time Date: Feb/15/2001 Solaris Release: Trusted_Solaris_8_x86 SunOS Release: Unbundled Product: Unbundled Release: Xref: This patch available for sparc as patch 110771 Topic: Trusted Solaris 8_x86: /etc/shadow can be relabeled and modload does not work at boot time Relevant Architectures: i386 BugId's fixed with this patch: 4388344 4390118 Changes incorporated in this version: 4388344 4390118 Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: 110763-01 or greater Obsoleted by: Files included with this patch: /etc/security/exec_attr /usr/bin/su /usr/lib/security/pam_unix.so.1 Problem Description: (for 110771-02) Added missing exec_attr change for 4388344 4390118 modload does not work at boot time (from 110771-01) 4388344 /etc/shadow can be relabeled Patch Installation Instructions: -------------------------------- Refer to the man pages for instructions on using the generic 'patchadd' and 'patchrm' scripts. Any other special or non-generic installation instructions should be described below as special instructions. Special Install Instructions: ----------------------------- Note: The steps below assume the patch file has been placed into the ADMIN_LOW subdirectory of /tmp (/tmp is a MLD) and that the patch file label is configured to ADMIN_LOW. Create a role that contains the Software Installation profile (typically the admin role). The patch file should be owned by this role. Keep in mind, after rebooting, contents in the /tmp directory are removed; if saving the patch tarfile is desired, select another MLD such as /var/tmp. 1) Login as a user authorized to assume a role that contains the Software Installation profile; typically the admin role. Assume that role. 2) cd into /tmp and unzip the patch file. A patch directory will be created by the unzip command. $ cd /tmp $ unzip <123456-01.zip> 3) Install the patch by typing: $ patchadd /tmp/ Special Backout Instructions: ----------------------------- 1) Login as a user authorized to assume a role that contains the Software Installation profile; typically the admin role. Assume that role. 2) Backout patch by typing: patchrm where is the patch number. $ patchrm 123456-01 README -- Last modified date: Thursday, February 15, 2001