Patch-ID# 100632-08
Keywords: security ARM audit C2 passwd ftp login su secure rpc date
Synopsis: SunSHIELD 1.0: ARM patch release
Date: Nov/01/99

Solaris Release: 1.1.1A 1.1.2

SunOS Release: 4.1.3_U1A 4.1.4

Unbundled Product: SunSHIELD, ARM

Unbundled Release: 1.0

Topic: patches for SunShield ARM

BugId's fixed with this patch: 1086881 1083420 1091486 1097336 1085851 1095401 1098441 1095116 1121527 1176095

Changes incorporated in this version: 1097336

Architectures for which this patch is available: sparc

Patches accumulated and obsoleted by this patch: 100633-01 100653-01 100794-01

Patches which may conflict with this patch: 

Obsoleted by: 

Files included with this patch along with checksums: 

38734    128 sun4/armtool
40276     96 sun4/in.ftpd
21991    656 sun4/init
36437     32 sun4/keyenvoy
14599    176 sun4/libarm.so.0.3
24663    160 sun4/libarm_ps.so.0.3
54993     48 sun4/login
22733     64 sun4/passwd
37720    192 sun4/rpc.armd
17763     96 sun4/rpc.armtod
64726     32 sun4/su
48072     32 sun4/su.5bin


Problem Description:

1086881 ARM causes C2 to audit transactions not requested by audit flags
1083420 user's account does not get validated
1091486 ftp hangs when logging into account with aged password in ARM net
1097336 When running C2 and ARM (sunshield) together causes auditd
        to not record unsuccessful login attempts even though
        flags are set with login. Successful logins are recorded by
        auditd.  ARM does record invalid logins to armd_struct with
        no problems.  Patch 100632-07 did not cover every instance of this error.
1085851 a dynamically-linked program that is forked by a setuid 
	program has access to the callers environmental variables if
        the setuid program sets the real UID equal to the effective 
	UID and the real GID equal to the effective GID before the 
	dynamically-linked program is forked.
1095401 Setup a machine with Unbundled ARM product to allow
        rsh(1) access and use rsh (from this, or from another 
	machine) to execute a command. The command will execute OK, 
	but it will leave two processes and a zombie, behind. The 
	defunct process is the one that executed the command; it is 
	presumably waiting to be reaped by its parent (in.rshd). 
	The in.rshd has vfork'ed the keyenvoy and these two 
	processes are deadlocked; in.rshd is waiting for input 
	from keyenvoy; keyenvoy is waiting for input from in.rshd.
1098441 ARM 1.0 performance problems with large armd_struct file
1121527 Patch 100632-04 causes su to fail with segmentation fault on incorrect passwd
1095116 rpc.armd core dumps
1121527 Patch 100632-04 causes su to fail with segmentation fault on incorrect passwd
1176095 rpc.armd core dumps when armd_struct file size is a multiple of 4096 bytes
xx      years after 1999 are handled incorrectly for non-Y2K compliant versions
        of libc.

NOTE:	Please install 101100-01 yp_bind patch for libc to fix
	bugid 1107235 (rpc.armd accumulates open UDP sockets when NIS 
	service is intermittent).

WARNING: Currently this patch does not support ARM running with
         secure RPC enabled. You can check to see if secure RPC 
         has been enabled by doing a "grep arm /etc/rc.local" and 
         seeing if the `-s` option is included on the rpc.armd daemons.
         If it is, you will need to reinstall ARM with secure rpc 
	 disabled before applying this patch. To do this, initially run 
         `/usr/etc/arm/arm_restore_system`.

Install Instructions: 

Install as root in single user mode.

# Make a copy of the old files:

mv /bin/login /bin/login.ARM_FCS
mv /usr/5bin/su /usr/5bin/su.ARM_FCS
mv /usr/bin/passwd /usr/bin/passwd.ARM_FCS
mv /usr/bin/su /usr/bin/su.ARM_FCS
mv /usr/etc/in.ftpd /usr/etc/in.ftpd.ARM_FCS
mv /sbin/init /sbin/init.ARM_FCS
mv /usr/etc/keyenvoy /usr/etc/keyenvoy.ARM_FCS
mv /usr/etc/rpc.armd /usr/etc/rpc.armd.ARM_FCS
mv /usr/lib/libarm.so.0.3 /usr/lib/libarm.so.0.3.ARM_FCS
mv /usr/lib/libarm_ps.so.0.3 /usr/lib/libarm_ps.so.0.3.ARM_FCS
mv /usr/etc/arm/armtool /usr/etc/arm/armtool.ARM_FCS
mv /usr/etc/rpc.armtod /usr/etc/rpc.armtod.ARM_FCS

# Change permissions on old files so they can't be executed:

chmod 0400 /bin/login.ARM_FCS
chmod 0400 /usr/5bin/su.ARM_FCS 
chmod 0400 /usr/bin/passwd.ARM_FCS
chmod 0400 /usr/bin/su.ARM_FCS
chmod 0400 /usr/etc/in.ftpd.ARM_FCS
chmod 0400 /sbin/init.ARM_FCS
chmod 0400 /usr/etc/keyenvoy.ARM_FCS
chmod 0400 /usr/etc/rpc.armd.ARM_FCS
chmod 0400 /usr/lib/libarm.so.0.3.ARM_FCS
chmod 0400 /usr/lib/libarm_ps.so.0.3.ARM_FCS
chmod 0400 /usr/etc/arm/armtool.ARM_FCS
chmod 0400 /usr/etc/rpc.armtod.ARM_FCS

# Copy new files into place:

cp sun4/in.ftpd /usr/etc/in.ftpd
cp sun4/init /sbin/init
cp sun4/keyenvoy /usr/etc/keyenvoy
cp sun4/libarm.so.0.3 /usr/lib/libarm.so.0.3
cp sun4/libarm_ps.so.0.3 /usr/lib/libarm_ps.so.0.3
cp sun4/login /bin/login
cp sun4/passwd /usr/bin/passwd
cp sun4/rpc.armd /usr/etc/rpc.armd
cp sun4/su /usr/bin/su
cp sun4/su.5bin /usr/5bin/su
cp sun4/armtool /usr/etc/arm/armtool
cp sun4/rpc.armtod /usr/etc/rpc.armtod

# Change the owner and file permissions of the new files:

chown root.staff /bin/login /usr/bin/su /usr/5bin/su /usr/etc/in.ftpd 
chown root.staff /usr/etc/keyenvoy /usr/etc/rpc.armd
chown root.staff /sbin/init /usr/bin/passwd
chown root.staff /usr/etc/arm/armtool
chown root.staff /usr/etc/rpc.armtod
chown root.bin /usr/lib/libarm.so.0.3 /usr/lib/libarm_ps.so.0.3

chmod 4755 /bin/login /usr/bin/su /usr/5bin/su /usr/etc/keyenvoy
chmod 4755 /usr/bin/passwd
chmod 0755 /usr/lib/libarm.so.0.3 /usr/lib/libarm_ps.so.0.3 
chmod 0755 /usr/etc/in.ftpd /usr/etc/rpc.armd
chmod 0755 /sbin/init /usr/etc/arm/armtool /usr/etc/rpc.armtod

# Enter a control-d to bring your system into multi-user mode.