Patch-ID# 116614-02
Keywords: security modload load module non-root nfs otw
Synopsis: Trusted_Solaris_8_HW_12/02: genunix and unix patch
Date: May/21/2004


Install Requirements: Reboot after installation                      
                      
Solaris Release: Trusted_Solaris_8_HW_12/02

SunOS Release: Trusted_Solaris_8_HW_12/02

Unbundled Product: 

Unbundled Release: 

Xref: This patch available for x86 as patch 116615

Topic: Trusted_Solaris_8_HW_12/02: genunix and unix patch

Relevant Architectures: sparc

BugId's fixed with this patch: 4918003 4931908 4932041 4934078

Changes incorporated in this version: 4931908 4932041 4934078

Patches accumulated and obsoleted by this patch: 

Patches which conflict with this patch: 

Patches required with this patch: 116146-03 or greater

Obsoleted by: 

Files included with this patch: 

/kernel/genunix
/platform/sun4u/kernel/genunix
/platform/sun4u/kernel/sparcv9/genunix
/platform/sun4u/kernel/sparcv9/unix
/platform/sun4u/kernel/unix

Problem Description:

4931908 df -k ignores mac
4932041 proc tools produce revealing error messages to unprivileged subjects
4934078 users shouldn't trigger nfs net traffic for file systems they cannot access
 
(from 116614-01)
 
4918003 TS8 needs fix for 4729683

Patch Installation Instructions:
--------------------------------
 
Refer to the man pages for instructions on using 'patchadd' and 'patchrm'
scripts provided with Trusted Solaris. Any other special or non-generic
installation instructions should be described below as special instructions.
 
For additional examples please see the appropriate man pages.

Special Install Instructions:
-----------------------------
NOTE 1:  Reboot immediately after the patch is installed.
 
NOTE 2:  In order to get the full fix for 4934078
         one  will also need to apply the following patch:
 
	 117571-01 (or newer)    lofs patch
 
The steps below assume the patch has been put into an ADMIN_LOW
directory in /var/tmp and the patch file label is configured to ADMIN_LOW.
 
Create a role which contains the Software Installation profile
(typically admin role is assigned this profile) and whose label
range includes the ADMIN_LOW label.  All the steps in the patch
installation should be executed at ADMIN_LOW.
 
The patch should be owned by this role.
 
        1) Login as a user authorized to assume a role that contains the
        Software Installation profile; typically the admin role.
        Assume that role.
 
        To verify the profile is assigned to the role, type:
        "profiles -l | grep patchadd".
 
        The result should be:
         /usr/sbin/patchadd    uid=0, privs=all, label=admin_low
 
        2) cd into /var/tmp and install the patch file.
 
        # cd /var/tmp
        # patchadd /var/tmp/<patch-id>
 
        where <patch-id> is the patch number.
 
Special Backout Instructions:
-----------------------------
NOTE 1:  Reboot immediately after the patch is removed.
 
        1) Login as a user authorized to assume a role that contains the
        Software Installation profile; typically the admin role.
        Assume that role.
 
        To verify the profile is assigned to the role, type:
        "profiles -l | grep patchrm".
 
        The result should be:
        /usr/sbin/patchrm    uid=0, privs=all, label=admin_low
 
        2) Backout patch by typing:
 
        # patchrm <patch-id>
 
        where <patch-id> is the patch number.

README -- Last modified date:  Friday, May 21, 2004