Patch-ID# 114954-01 Keywords: security exec_attr ip unpriv proc raw packages ifconfig Synopsis: Trusted Solaris 8 4/01: exec_attr patch Date: May/01/2003 Install Requirements: None Solaris Release: Trusted_Solaris_8_4/01 SunOS Release: N/A Unbundled Product: Unbundled Release: Xref: Topic: Trusted Solaris 8 4/01: exec_attr patch Relevant Architectures: sparc BugId's fixed with this patch: 4777620 Changes incorporated in this version: 4777620 Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: Obsoleted by: Files included with this patch: /etc/security/exec_attr Problem Description: 4777620 port fix for 4737861 ip module allows an unpriv proc to generate raw ip pk. Patch Installation Instructions: -------------------------------- Refer to the man pages for instructions on using the generic 'patchadd' and 'patchrm' scripts. Any other special or non-generic installation instructions should be described below as special instructions. Special Install Instructions: ----------------------------- Note 1: In order to get the full fix for 4777620 port fix for 4737861 ip module allows an unpriv proc to generate raw ip pk you must also install 114953-01 (or higher) after installing this patch. You must reboot in order for the patches to take effect, but it is not necessary to reboot between adding this patch and adding patch 114953-01 (or higher). Note 2: It is recommended to save a copy of the /etc/security/exec_attr file before installing this patch. The installation of this patch will merge the current version of the /etc/security/exec_attr file and new changes from the patch. Any custom modifications made in the current /etc/security/exec_attr file will remain after the patch is installed. The patch removal process will not restore the /etc/security/exec_attr file to the state before the patch installation; it will leave the /etc/security/exec_attr file untouched, in the exact state before the patch removal. Note 3: The steps below assume the patch file has been placed into the ADMIN_LOW subdirectory of /tmp (/tmp is a MLD) and that the patch file label is configured to ADMIN_LOW. Create a role that contains the Software Installation profile (typically the admin role). The patch file should be owned by this role. Keep in mind, after rebooting, contents in the /tmp directory are removed; if saving the patch tarfile is desired, select another MLD such as /var/tmp. 1) Login as a user authorized to assume a role that contains the Software Installation profile; typically the admin role. Assume that role. 2) cd into /tmp and unzip the patch file. A patch directory will be created by the unzip command. # cd /tmp # unzip <123456-01.zip> 3) Install the patch by typing: # patchadd /tmp/ Special Backout Instructions: ----------------------------- Please see Note 2 in Special Installation Instructions section. README -- Last modified date: Thursday, May 1, 2003