Patch-ID# 114953-01
Keywords: security ip IPV6 home address unpriv proc raw packets
Synopsis: Trusted Solaris 8 4/01: ip patch
Date: May/01/2003

Install Requirements: None                      
                      
Solaris Release: Trusted_Solaris_8_4/01

SunOS Release: N/A

Unbundled Product: 

Unbundled Release: 

Xref: 

Topic: Trusted Solaris 8 4/01: ip patch

Relevant Architectures: sparc

BugId's fixed with this patch: 4777620 4777815

Changes incorporated in this version: 4777620 4777815

Patches accumulated and obsoleted by this patch: 

Patches which conflict with this patch: 

Patches required with this patch: 

Obsoleted by: 

Files included with this patch: 

/kernel/drv/ip
/kernel/drv/sparcv9/ip

Problem Description:

4777620 port fix for 4737861 ip module allows an unpriv proc to generate raw ip pk.     
4777815 port fix for 4621278 IPv6 home address option has security concerns

Patch Installation Instructions:
-------------------------------- 
Refer to the man pages for instructions on using the
generic 'patchadd' and 'patchrm' scripts.
Any other special or non-generic installation
instructions should be described below as special instructions.

Special Install Instructions:
----------------------------- 
Note 1:
 
In order to retain full ip functionality for some configurations, 
you must install 114954-01 (or higher) before installing this patch. 
It is not necessary to reboot between adding patch 114954-01 (or higher) 
and this patch, but you must reboot after installing this patch in 
order for the patches to take effect.
 
Note 2:
 
The steps below assume the patch file has been placed
into the ADMIN_LOW subdirectory of /tmp (/tmp is a MLD)
and that the patch file label is configured to ADMIN_LOW.
Create a role that contains the Software Installation profile
(typically the admin role).  The patch file should be owned
by this role.  Keep in mind, after rebooting, contents in the
/tmp directory are removed; if saving the patch tarfile is
desired, select another MLD such as /var/tmp.
 
        1) Login as a user authorized to assume a role that
        contains the Software Installation profile; typically
        the admin role.  Assume that role. 
 
        2) cd into /tmp and unzip the patch file.  A patch
        directory will be created by the unzip command.
 
        # cd /tmp
        # unzip <123456-01.zip>
 
        3) Install the patch by typing:
 
        # patchadd /tmp/<patch_dir>
 
Special Backout Instructions:
-----------------------------
 
 
        1) Login as a user authorized to assume a role that contains
        the Software Installation profile; typically the admin role.
        Assume that role.
 
        2) Backout patch by typing:
 
        # patchrm <patch-id>
 
        where <patch-id> is the patch number.

README -- Last modified date:  Thursday, May 1, 2003