Patch-ID# 117827-01
Keywords: security nfs otw
Synopsis: Trusted_Solaris_8_HW_7/03_x86: lofs patch
Date: Aug/31/2004


Install Requirements: Reboot after installation                      
                      
Solaris Release: Trusted_Solaris_8_HW_7/03_x86

SunOS Release: Trusted_Solaris_8_HW_7/03_x86

Unbundled Product: 

Unbundled Release: 

Xref: This patch available for SPARC as patch 117826

Topic: Trusted_Solaris_8_HW_7/03_x86: lofs patch

Relevant Architectures: i386

BugId's fixed with this patch: 4934078 5045660

Changes incorporated in this version: 4934078 5045660

Patches accumulated and obsoleted by this patch: 

Patches which conflict with this patch: 

Patches required with this patch: 117491-01 or greater 117980-01 or greater

Obsoleted by: 

Files included with this patch: 

/kernel/fs/lofs

Problem Description:

4934078 users shouldn't trigger nfs net traffic for file systems they cannot access
5045660 lofs somehow gets around nfs_otw checks in some corner cases

Patch Installation Instructions:
--------------------------------
Refer to the man pages for instructions on using 'patchadd' and 'patchrm'
scripts provided with Trusted Solaris. Any other special or non-generic
installation instructions should be described below as special instructions.
 
For additional examples please see the appropriate man pages.

Special Install Instructions:
-----------------------------
NOTE 1: Reboot the system after the patches are installed.
 
The steps below assume the patch has been put into an ADMIN_LOW
directory in /var/tmp and the patch file label is configured to ADMIN_LOW.
 
Create a role which contains the Software Installation profile
(typically admin role is assigned this profile) and whose label
range includes the ADMIN_LOW label.  All the steps in the patch
installation should be executed at ADMIN_LOW.
 
The patch should be owned by this role.
 
        1) Login as a user authorized to assume a role that contains the
        Software Installation profile; typically the admin role.
        Assume that role.
 
        To verify the profile is assigned to the role, type:
        "profiles -l | grep patchadd".
 
        The result should be:
         /usr/sbin/patchadd    uid=0, privs=all, label=admin_low
 
        2) cd into /var/tmp and install the patch file.
 
        # cd /var/tmp
        # patchadd /var/tmp/<patch-id>
 
        where <patch-id> is the patch number.
 
Special Backout Instructions:
-----------------------------
NOTE 1: Reboot the system after the patches are removed.
 
        1) Login as a user authorized to assume a role that contains the
        Software Installation profile; typically the admin role.
        Assume that role.
 
        To verify the profile is assigned to the role, type:
        "profiles -l | grep patchrm".
 
        The result should be:
        /usr/sbin/patchrm    uid=0, privs=all, label=admin_low
 
        2) Backout patch by typing:
 
        # patchrm <patch-id>
 
        where <patch-id> is the patch number.

README -- Last modified date:  Tuesday, August 31, 2004