Patch-ID# 102381-01 Keywords: suntechd forks a child and hang lmdown shuts down lmgrd security hole Synopsis: FLEXlm 4.0 jumbo patch Date: Apr/26/95 Solaris Release: 2.2 2.3 2.4 SunOS Release: 5.2 5.3 5.4 Unbundled Product: FLEXlm Unbundled Release: 4.0 Relevant Architectures: sparc BugId's fixed with this patch: 1139061 1165799 Changes incorporated in this version: 1139061 1165799 Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: Obsoleted by: Files included with this patch: /etc/rc2.d/S85lmgrd /opt/SUNWste/license_tools/License_Request_Form /opt/SUNWste/license_tools/daemon_options /opt/SUNWste/license_tools/lic.SUNW /opt/SUNWste/license_tools/lmdown /opt/SUNWste/license_tools/lmgrd.ste /opt/SUNWste/license_tools/lmhostid /opt/SUNWste/license_tools/lmremove /opt/SUNWste/license_tools/lmreread /opt/SUNWste/license_tools/lmstat /opt/SUNWste/license_tools/lmver /opt/SUNWste/license_tools/man/man1 /opt/SUNWste/license_tools/man/man1/lmdown.1 /opt/SUNWste/license_tools/man/man1/lmgrd.ste.1 /opt/SUNWste/license_tools/man/man1/lmhostid.1 /opt/SUNWste/license_tools/man/man1/lmremove.1 /opt/SUNWste/license_tools/man/man1/lmreread.1 /opt/SUNWste/license_tools/man/man1/lmstat.1 /opt/SUNWste/license_tools/man/man1/lmver.1 /opt/SUNWste/license_tools/suntechd NOTE: This patch contains the FLEXlm 4.0 version of the license manager software. A new option "-x [lmdown | lmremove]" has been added to the license manager, "lmgrd.ste", which will prohibit the shutting down of the license manager (lmgrd.ste) by any user (including root!) from any machine. If this behavior is desired, please modify the start-up script "/etc/rc2.d/S85lmgrd", line 25, to include this new option: $licdir/${lmgrd} -x lmdown -c $licdir/$licfile >> /tmp/license_log 2>&1 & ^^^^^^^^^ please add this option Having done this, the only way to gracefully shut down the license manager (lmgrd.ste) is to become root on the license server, and issue the "kill" command with the lmgrd.ste's pid as the sole parameter: # kill lmgrd.ste's can be found by issuing the "ps -ef | grep lmgrd.ste" command sequence. Do not use "kill -9" to kill lmgrd.ste, as this will cause the vendor daemon (suntechd) NOT to be taken down. Problem Description: Rev 01 1139061: The lmdown command allows a user to shutdown daemons on any server -security. 1165799: license manager fails when over 30 or 50 concurrent compiler users Patch Installation Instructions: -------------------------------- Generic 'installpatch' and 'backoutpatch' scripts are provided within each patch package with instructions appended to this section. Other specific or unique installation instructions may also be necessary and should be described below. Special Install Instructions: ----------------------------- None.