What is Escalations Supplement erg712694, the ergfix for Xserver? Problem Fixed ------------- Ergfix for erg712694. When an end-user starts X servers, and /tmp/.X11-unix, /tmp/.ICE-unix, /tmp/.font-unix directories are not there, then these directories are get created by end users and then it is left for later user by processes (X servers, xfs etc) under other UID's. In this case, there may be man in the middle attack and may grab passwords. This ergfix, implements fail-soft mechanism for checking permissions and owner of these directories - - /tmp/.X11-unix - /tmp/.ICE-unix - /tmp/.font-unix Fail-soft means, if the permission is not set properly, the component would try to set it properly. If it is unable to do that, it would generate error/warning message(s), but the component would not fail. Also, the owner and permissions of these directories are tried to be set correctly even if X servers are started by an end-user; it generates error message if it fails in doing so. Contents -------- /usr/X/bin/Xnest /usr/X/bin/Xsco /usr/X/bin/Xvfb /usr/X/bin/xfs /usr/X/lib/libICE.a /usr/X/lib/libICE.so.6.0 /usr/src/ihvkit/display/usrlib/libfont.a /usr/src/ihvkit/display/Xserver/lib/libos.a Software Notes and Recommendations ---------------------------------- erg712694 should only be installed on: UnixWare 7.1.4 Warning ------- This package is produced by the SCO Escalations Research Group and is not intended for general distribution. It has been produced to address a particular problem and has not been tested in all system configurations. Installation Instructions ------------------------- 1. Download the erg712694.Z file to the /tmp directory on your machine. 2. As root, add the package to your system using these commands: $ su - Password: # zcat /tmp/erg712694.Z | pkgadd -d - Alternatively, this package may be installed in quiet mode, that is, without displaying the release notes and asking for confirmation. To do this, use these commands: $ su - Password: # zcat /tmp/erg712694.Z | pkgadd -qd - all 3. There is no need to reboot the system after installing this package. However, if your system is running any libraries or commands that are contained in this package, then these programs will continue to run with the old versions of these libraries or commands until the system is rebooted. Note that when all necessary patches have been installed, it is good practice to reboot the system at the earliest opportunity. This will ensure that no programs continue to run with the old libraries or commands. Removal Instructions -------------------- 1. As root, remove the package using these commands: $ su - Password: # pkgrm erg712694 2. Reboot the system after removing this package. If you have questions regarding this supplement, or the product on which it is installed, please contact your software supplier.