Patch-ID# 117979-01
Keywords: security modload load module non-root nfs otw
Synopsis: Trusted_Solaris_8_HW_7/03: genunix and unix patch
Date: Aug/31/2004


Install Requirements: Reboot after installation                      
                      
Solaris Release: Trusted_Solaris_8_HW_7/03

SunOS Release: Trusted_Solaris_8_HW_7/03

Unbundled Product: 

Unbundled Release: 

Xref: This patch available for x86 as patch 117980

Topic: Trusted_Solaris_8_HW_7/03: genunix and unix patch

Relevant Architectures: sparc.sun4u

BugId's fixed with this patch: 4934078 5045660

Changes incorporated in this version: 4934078 5045660

Patches accumulated and obsoleted by this patch: 

Patches which conflict with this patch: 

Patches required with this patch: 117490-01 or greater

Obsoleted by: 

Files included with this patch: 

/platform/sun4u/kernel/genunix
/platform/sun4u/kernel/sparcv9/genunix
/platform/sun4u/kernel/sparcv9/unix
/platform/sun4u/kernel/unix

Problem Description:

4934078 users shouldn't trigger nfs net traffic for file systems they cannot access
5045660 lofs somehow gets around nfs_otw checks in some corner cases

Patch Installation Instructions:
--------------------------------
Refer to the man pages for instructions on using 'patchadd' and 'patchrm'
scripts provided with Trusted Solaris. Any other special or non-generic
installation instructions should be described below as special instructions.
 
For additional examples please see the appropriate man pages.

Special Install Instructions:
-----------------------------
NOTE 1:	Reboot the system after the patches are installed.
 
NOTE 2: In order to get the full fix for 4934078 one needs to apply
	the following patch:
 
        117826-01 (or newer)    lofs patch
 
The steps below assume the patch has been put into an ADMIN_LOW
directory in /var/tmp and the patch file label is configured to ADMIN_LOW.
 
Create a role which contains the Software Installation profile
(typically admin role is assigned this profile) and whose label
range includes the ADMIN_LOW label.  All the steps in the patch
installation should be executed at ADMIN_LOW.
 
The patch should be owned by this role.
 
        1) Login as a user authorized to assume a role that contains the
        Software Installation profile; typically the admin role.
        Assume that role.
 
        To verify the profile is assigned to the role, type:
        "profiles -l | grep patchadd".
 
        The result should be:
         /usr/sbin/patchadd    uid=0, privs=all, label=admin_low
 
        2) cd into /var/tmp and install the patch file.
 
        # cd /var/tmp
        # patchadd /var/tmp/<patch-id>
 
        where <patch-id> is the patch number.
 
Special Backout Instructions:
-----------------------------
NOTE 1:	Reboot the system the patches are removed.
 
        1) Login as a user authorized to assume a role that contains the
        Software Installation profile; typically the admin role.
        Assume that role.
 
        To verify the profile is assigned to the role, type:
        "profiles -l | grep patchrm".
 
        The result should be:
        /usr/sbin/patchrm    uid=0, privs=all, label=admin_low
 
        2) Backout patch by typing:
 
        # patchrm <patch-id>
 
        where <patch-id> is the patch number.

README -- Last modified date:  Tuesday, August 31, 2004