Patch-ID# 114332-13 Keywords: security c2_bsm cron aug_save_tid_ex at vold bsmconv auditinfo_addr ai_termid Synopsis: SunOS 5.9: c2audit & *libbsm.so.1 Patch Date: Aug/16/2004 Install Requirements: Reboot after installation Solaris Release: 9 SunOS Release: 5.9 Unbundled Product: Unbundled Release: Xref: This patch available for x86 as patch 116558 Topic: SunOS 5.9: c2audit & *libbsm.so.1 Patch *********************************************************** NOTE: This patch may contain one or more OEM-specific platform ports. See the appropriate OEM_NOTES file within the patch for information specific to these platforms. DO NOT INSTALL this patch on an OEM system if a corresponding OEM_NOTES file is not present (or is present, but instructs not to install the patch), unless the OEM vendor directs otherwise. *********************************************************** Relevant Architectures: sparc sparc.sun4u BugId's fixed with this patch: 4445394 4457028 4473026 4499864 4501255 4592827 4647549 4647683 4647684 4688063 4712958 4715363 4728819 4732828 4735135 4745590 4750749 4761401 4778984 4779457 4805352 4809341 4818300 4828108 4829732 4833724 4835739 4842901 4845277 4857394 4892034 4904733 4916342 4975802 5042248 Changes incorporated in this version: 5042248 Patches accumulated and obsoleted by this patch: 112969-04 114327-01 Patches which conflict with this patch: Patches required with this patch: Obsoleted by: Files included with this patch: /etc/init.d/volmgt /etc/rc0.d/K05volmgt /etc/rc1.d/K05volmgt /etc/rc2.d/K05volmgt /etc/rc3.d/S81volmgt /etc/rcS.d/K05volmgt /etc/security/audit_class /etc/security/audit_event /etc/security/bsmconv /etc/security/bsmunconv /kernel/sys/c2audit /kernel/sys/sparcv9/c2audit /usr/bin/crontab /usr/include/bsm/audit.h /usr/include/bsm/audit_kernel.h /usr/include/bsm/audit_kevents.h /usr/include/bsm/audit_record.h /usr/lib/abi/abi_libbsm.so.1 /usr/lib/abi/sparcv9/abi_libbsm.so.1 /usr/lib/adb/sparcv9/tad /usr/lib/adb/tad /usr/lib/libbsm.a /usr/lib/libbsm.so.1 /usr/lib/sparcv9/libbsm.so.1 /usr/sbin/auditconfig /usr/sbin/cron /usr/sbin/praudit /usr/share/lib/xml/dtd/adt_record.dtd.1 /usr/share/lib/xml/style/adt_record.xsl.1 Problem Description: 5042248 umount2(2) audit record missing path audit token (from 114332-12) 4857394 AUE_MODADDMAJ doesn't check user arguments properly (from 114332-11) 4904733 allocate(1) and friends may SEGV with certain device_maps (from 114332-10) Respun previous revision of this patch to address a packaging issue. (from 114332-09) 4975802 s9 BSM patches break bsm/auditd - replace audit_startup with wrong permissions (from 114332-08) 4892034 audited system calls hang if auditd killed when audit_policy == 0x5 (argv, cnt) 4916342 *praudit* does not handle mutibyte character. (from 114332-07) 4779457 cron entries skipped after changing to wintertime 4828108 *cron* skips jobs 4829732 cron runs job that shouldn't exist. 4750749 race condition in cron made worse by Bug Fix 4387131 (from 114332-06) 4845277 cron may dump core on BSM enabled systems (from 114332-05) 4833724 assert failure in audit_async_block 4835739 update audit dtd and xsl files (from 114332-04) 4445394 PSARC/2002/262 Audit trail noise reduction 4647549 PSARC/2002/377 Audit Trail Translation to XML 4647684 PSARC/2002/352 Audit Class Expansion 4473026 pfexec audit event is in the ad class which produces noise. 4647683 don't disable L1-A in bsmconv 4688063 packaging for audit config files broken for upgrade 4728819 audit locking broken for interrupt context 4735135 praudit is not getopt compliant 4745590 praudit prints the wrong value for 64bit microseconds in the header token 4778984 libbsm au_to_ipc is wrong 4501255 deadlock between auditd and NFS if file close is audited 4818300 missing attributes in some records for public files 4805352 many untranslatable strings are included in praudit.po (from 114332-03) 4732828 BSM enabled system can panic referencing NULL p_audit_data (from 114332-02) Combine cron patch (114327-01) and c2audit patch (114332-01) in one due to the dependency. (from 114332-01) 4457028 c2_bsm and cron are not working together 4712958 c2_bsm should handle at-jobs spawned by unaudited user 4499864 aug_save_tid_ex does not check for a type IP address type 4761401 auditconfig -setaudit doesn't work on Solaris 8 (from 114327-01) 4457028 c2_bsm and cron are not working together 4712958 c2_bsm should handle at-jobs spawned by unaudited user 4499864 aug_save_tid_ex does not check for a type IP address type 4761401 auditconfig -setaudit doesn't work on Solaris 8 (from 112969-04) 4842901 installf does not handle -R option correctly (from 112969-03) 4809341 bsmconv fails when SUNWvolr is not intalled. (from 112969-02) 4715363 Patch 112969-01 can not be added with -R option of patchadd (from 112969-01) 4592827 vold slows down the boot process Patch Installation Instructions: -------------------------------- For Solaris 2.0-2.6 releases, refer to the Install.info file and/or the README within the patch for instructions on using the generic 'installpatch' and 'backoutpatch' scripts provided with each patch. For Solaris 7-9 releases, refer to the man pages for instructions on using 'patchadd' and 'patchrm' scripts provided with Solaris. Any other special or non-generic installation instructions should be described below as special instructions. The following example installs a patch to a standalone machine: example# patchadd /var/spool/patch/104945-02 The following example removes a patch from a standalone system: example# patchrm 104945-02 For additional examples please see the appropriate man pages. Special Install Instructions: ----------------------------- NOTE: To get the complete fix of Audit Enhancement feature, please install the following patches (or newer): 112233-07 Kernel Update patch 115004-01 kbtrans patch 115006-01 kb patch This patch required a change to the the following files that are currently on your system: /etc/security/audit_class /etc/security/audit_event During the installation of this patch, the following files will be added to your system and must be site-merged with any local changes that may be contained in the files that are listed above: /etc/security/audit_class.new /etc/security/audit_event.new README -- Last modified date: Wednesday, September 22, 2004