Patch-ID# 115834-01 Keywords: security dlsym dlclose linker initfirst crle rtld symlinks secure ld_preload Synopsis: Trusted_Solaris_8_HW_12/02_x86: linker patch Date: Oct/10/2003 Install Requirements: Additional instructions may be listed below Reboot after installation Solaris Release: Trusted_Solaris_8_HW_12/02_x86 SunOS Release: Trusted_Solaris_8_HW_12/02_x86 Unbundled Product: Unbundled Release: Xref: This patch available for SPARC as patch 115833 Topic: Trusted_Solaris_8_HW_12/02_x86: linker patch Relevant Architectures: i386 BugId's fixed with this patch: 4856677 4874204 Changes incorporated in this version: 4856677 4874204 Patches accumulated and obsoleted by this patch: 109148-23 Patches which conflict with this patch: Patches required with this patch: Obsoleted by: Files included with this patch: /etc/lib/ld.so.1 /etc/lib/libdl.so.1 /usr/bin/crle /usr/bin/ldd /usr/bin/pvs /usr/bin/sotruss /usr/bin/whocalls /usr/ccs/bin/ar /usr/ccs/bin/dump /usr/ccs/bin/elfdump /usr/ccs/bin/ld /usr/ccs/bin/mcs /usr/ccs/bin/nm /usr/ccs/bin/size /usr/ccs/bin/strip /usr/demo/ELF/Makefile /usr/demo/ELF/README /usr/demo/ELF/acom.c /usr/demo/ELF/dcom.c /usr/demo/ELF/dispsyms.c /usr/demo/ELF/pcom.c /usr/demo/librtld_db/common/rdb.h /usr/demo/librtld_db/i386/rdb_mach.h /usr/demo/link_audit/man/sotruss.man (deleted) /usr/demo/link_audit/man/whocalls.man (deleted) /usr/include/dlfcn.h /usr/include/gelf.h /usr/include/libelf.h /usr/include/link.h /usr/include/rtld_db.h /usr/include/sys/elf.h /usr/include/sys/elf_386.h /usr/include/sys/elf_M32.h /usr/include/sys/elf_SPARC.h /usr/include/sys/elf_ia64.h /usr/include/sys/elf_notes.h /usr/include/sys/elftypes.h /usr/include/sys/link.h /usr/include/sys/machelf.h /usr/include/sys/note.h /usr/lib/0@0.so.1 /usr/lib/ld.so.1 /usr/lib/ld/map.bssalign /usr/lib/ld/map.default /usr/lib/ld/map.noexstk /usr/lib/lddstub /usr/lib/libcrle.so.1 /usr/lib/libdl.so /usr/lib/libdl.so.1 /usr/lib/libelf.a /usr/lib/libelf.so /usr/lib/libelf.so.1 /usr/lib/libld.so.2 /usr/lib/libld.so.3 (deleted) /usr/lib/liblddbg.so.4 /usr/lib/libldfeature.a /usr/lib/libldstab.so.1 /usr/lib/librtld.so.1 /usr/lib/librtld_db.so /usr/lib/librtld_db.so.1 /usr/lib/link_audit/32 /usr/lib/link_audit/ldprof.so.1 /usr/lib/link_audit/truss.so.1 /usr/lib/link_audit/who.so.1 /usr/lib/secure/32 Problem Description: 4856677 Port patch 109147-23 to phoenix to support forte 4874204 Port fix for 4872634 Large LD_PRELOAD values can cause SEGV of process to TS Patch Installation Instructions: -------------------------------- Refer to the man pages for instructions on using 'patchadd' and 'patchrm' scripts provided with Trusted Solaris. Any other special or non-generic installation instructions should be described below as special instructions. For additional examples please see the appropriate man pages. Special Install Instructions: ----------------------------- Note 1: Reboot after installing the patch for changes to take effect. Note 2: This patch brings Trusted Solaris 8 12/02 up-to-date with respect to Solaris patches 109148-23. It includes fixes for the following Solaris bugs: 4461340 4504895 4624658 4714146 4715815 4728822 4730110 4730433 4731183 4739660 4743413 4744337 4745129 4745932 4746231 4753066 4754751 4755674 4765536 4766815 4770484 4770494 4772927 4774727 4775738 4778247 4778418 4779976 4783869 4787579 4790194 4792461 4793721 4796237 4802194 4804328 4806476 4811951 4816378 4817314 This patch does not obsolete nor accumulate the Solaris 8 patch 109148-23, this patch is only to be installed on Trusted Solaris 8 HW 12/02 systems. The steps below assume the patch has been put into an ADMIN_LOW directory in /var/tmp and the patch file label is configured to ADMIN_LOW. Create a role which contains the Software Installation profile (typically admin role is assigned this profile) and whose label range includes the ADMIN_LOW label. All the steps in the patch installation should be executed at ADMIN_LOW. The patch should be owned by this role. 1) Login as a user authorized to assume a role that contains the Software Installation profile; typically the admin role. Assume that role. To verify patchadd is in the profile assigned to the role, type: "profiles -l | grep patchadd". The result should be: /usr/sbin/patchadd uid=0, privs=all, label=admin_low 2) cd into /var/tmp and install the patch file. # cd /var/tmp # patchadd /var/tmp/ where is the patch number. Special Backout Instructions: ----------------------------- Note: Reboot after removing the patch for changes to take effect. 1) Login as a user authorized to assume a role that contains the Software Installation profile; typically the admin role. Assume that role. To verify patchrm is in the profile assigned to the role, type: "profiles -l | grep patchrm". The result should be: /usr/sbin/patchrm uid=0, privs=all, label=admin_low 2) Backout patch by typing: # patchrm where is the patch number. README -- Last modified date: Friday, October 10, 2003