Patch-ID# 117581-03 Keywords: 114880 audio sunray visible applications smartcard removal nscm Synopsis: Trusted_Solaris_8_HW_7/03: dtlogin dtsession patch Date: Oct/29/2004 Install Requirements: Reboot after installation Solaris Release: Trusted_Solaris_8_HW_7/03 SunOS Release: Trusted_Solaris_8_HW_7/03 Unbundled Product: Unbundled Release: Xref: Topic: Trusted_Solaris_8_HW_7/03: dtlogin dtsession patch Relevant Architectures: sparc BugId's fixed with this patch: 5026455 5033132 5038488 5066620 Changes incorporated in this version: 5066620 Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: Obsoleted by: Files included with this patch: /usr/dt/bin/dtsession /usr/dt/config/Xsession.d/0200.dtTsol /usr/dt/config/Xstartup /usr/dt/config/sessionetc Problem Description: 5066620 Detaching a Sun Ray NSCM session kills the session (from 117581-02) 5033132 Application visible to user after user already logged out 5026455 SunRay 2.0/Removing smartcard soon after login, allows the user to gain access. (from 117581-01) 5038488 SunRay patch 114880-04 breaks USB devices & audio on Trusted Solaris Patch Installation Instructions: -------------------------------- Refer to the man pages for instructions on using 'patchadd' and 'patchrm' scripts provided with Trusted Solaris. Any other special or non-generic installation instructions should be described below as special instructions. For additional examples please see the appropriate man pages. Special Install Instructions: ----------------------------- NOTE 1: Reboot the system after the patch is installed. NOTE 2: To obtain the complete fix for bug 5026455, one should install the following patch: 114880-05 (or newer) Sun Ray Server version 2.0 Patch Update and also follow the "Post-Login Security Enhancement for Trusted Solaris" instructions in the README from 114880-05 (or newer). The steps below assume the patch has been put into an ADMIN_LOW directory in /var/tmp and the patch file label is configured to ADMIN_LOW. Create a role which contains the Software Installation profile (typically admin role is assigned this profile) and whose label range includes the ADMIN_LOW label. All the steps in the patch installation should be executed at ADMIN_LOW. The patch should be owned by this role. 1) Login as a user authorized to assume a role that contains the Software Installation profile; typically the admin role. Assume that role. To verify the profile is assigned to the role, type: "profiles -l | grep patchadd". The result should be: /usr/sbin/patchadd uid=0, privs=all, label=admin_low 2) cd into /var/tmp and install the patch file. # cd /var/tmp # patchadd /var/tmp/ where is the patch number. Special Backout Instructions: ----------------------------- NOTE 1: Reboot the system after the patch is removed. 1) Login as a user authorized to assume a role that contains the Software Installation profile; typically the admin role. Assume that role. To verify the profile is assigned to the role, type: "profiles -l | grep patchrm". The result should be: /usr/sbin/patchrm uid=0, privs=all, label=admin_low 2) Backout patch by typing: # patchrm where is the patch number. README -- Last modified date: Friday, October 29, 2004