Patch Name: PHCO_12252 Patch Description: s700_800 10.24 (VVOS) mkfcdb/authck cumulative patch Creation Date: 97/08/28 Post Date: 97/09/30 Hardware Platforms - OS Releases: s700: 10.24 s800: 10.24 Products: N/A Filesets: VirtualVaultOS.VVOS-AUX-IA Automatic Reboot?: No Status: General Release Critical: No Path Name: /hp-ux_patches/s700_800/10.X/PHCO_12252 Symptoms: PHCO_12252: When authck checks the protected password database entries and compares the user audit event setting, it does not check the last audit event. PHCO_11250: When setfiles(1M) and integrity(1M) process a file attribute list (FAL) and they encounter an error, all entries after this error are not processed. Defect Description: PHCO_12252: When authck checks the protected password database entries, it verifies that all the audit events that are turned on for a particular user are valid audit events. It compares the audit events in the protected password database against a list of known valid audit events. While doing this comparison, it never does the check against the last entry in the list of known audit events. PHCO_11250: The file integrity subsystem, particularly with respect to the authcap(4) database routines and the file control database (FCDB), have limited error handling capability. When setfiles(1M) and integrity(1M) process a file attribute list (FAL) and they encounter an error, all entries after this error are not processed. This patch catches these errors in mkfcdb(1M). It runs authck(1M) on each FAL file. If an error is discovered, it does not add the FAL to the master FCDB; however, it reports these errors such that the administrator may take appropriate investigative action. SR: 4701352377 4701356071 4701365270 Patch Files: /tcb/bin/authck /tcb/bin/mkfcdb what(1) Output: /tcb/bin/authck: $Revision: Hewlett-Packard ISSL Level vvos_davis40 $ $Header: Hewlett-Packard ISSL Release vvos_ davis $ $Date: Sat Sep 13 07:51:09 EDT 1997 $ seccmd/authck.c, cmdsmisc, vvos_davis, davis22 $Date : 97/09/12 16:33:01 $ $Revision: 1.17.1.2 PA TCH_10.24 (PHCO_11250) $ lib/libsecurity/acllib.c, libsecurity_acl, vvos_davi s, davis24 $Date: 97/09/12 16:58:59 $ $Revis ion: 1.2.3.2 PATCH_10.24 (PHCO_11251) $ lib/libsecurity/getprdfent.c, libsecurity_ia, vvos_d avis, davis24 $Date: 97/09/12 16:58:53 $ $Re vision: 1.6.1.4 PATCH_10.24 (PHCO_11251) $ lib/libsecurity/getprpwent.c, libsecurity_ia, vvos_d avis, davis24 $Date: 97/09/12 16:58:58 $ $Re vision: 1.9.2.2 PATCH_10.24 (PHCO_11251) $ lib/libsecurity/getprtcent.c, libsecurity_ia, vvos_d avis, davis24 $Date: 97/09/12 16:58:53 $ $Re vision: 1.9 PATCH_10.24 (PHCO_11251) $ lib/libsecurity/identity.c, libsecurity_util, vvos_d avis, davis24 $Date: 97/09/12 16:58:54 $ $Re vision: 1.8 PATCH_10.24 (PHCO_11251) $ lib/libsecurity/mandlib.c, libsecurity_macilb, vvos_ davis, davis24 $Date: 97/09/12 16:58:59 $ $R evision: 1.17 PATCH_10.24 (PHCO_11251) $ lib/libsecurity/privileges.c, libsecurity_util, vvos _davis, davis24 $Date: 97/09/12 16:58:55 $ $ Revision: 1.1.1.12 PATCH_10.24 (PHCO_11251) $ lib/libsecurity/authaudit.c, libsecurity_audit, vvos _davis, davis24 $Date: 97/09/12 16:58:52 $ $ Revision: 1.21 PATCH_10.24 (PHCO_11251) $ lib/libsecurity/subsystems.c, libsecurity_util, vvos _davis, davis24 $Date: 97/09/12 16:58:57 $ $ Revision: 1.10.1.7 PATCH_10.24 (PHCO_11251) $ lib/libsecurity/sec_conf.c, libsecurity_util, vvos_d avis, davis24 $Date: 97/09/12 16:59:00 $ $Re vision: 1.5 PATCH_10.24 (PHCO_11251) $ lib/libsecurity/auditdb.c, libsecurity_audit, vvos_d avis, davis24 $Date: 97/09/12 16:58:57 $ $Re vision: 1.15 PATCH_10.24 (PHCO_11251) $ lib/libsecurity/discr.c, libsecurity_util, vvos_davi s, davis24 $Date: 97/09/12 16:58:52 $ $Revis ion: 1.7 PATCH_10.24 (PHCO_11251) $ lib/libsecurity/fields.c, libsecurity_ia, vvos_davis , davis24 $Date: 97/09/12 16:58:52 $ $Revisi on: 1.10 PATCH_10.24 (PHCO_11251) $ lib/libsecurity/sec_nls.c, libsecurity, vvos_davis, davis24 $Date: 97/09/12 16:58:51 $ $Revision : 1.3 PATCH_10.24 (PHCO_11251) $ lib/libsecurity/getdvagent.c, libsecurity_ia, vvos_d avis, davis24 $Date: 97/09/12 16:58:53 $ $Re vision: 1.14 PATCH_10.24 (PHCO_11251) $ lib/libsecurity/fileattr.c, libsecurity_fs, vvos_dav is, davis24 $Date: 97/09/12 16:58:53 $ $Revi sion: 1.9 PATCH_10.24 (PHCO_11251) $ Internal_Unsupported_Version libc.a_ID@@/main/r10dav /libc_dav/15 /ux/libc/libs/libc/archive_pa1/libc.a_ID Sep 13 1997 10:09:41 /tcb/bin/mkfcdb: seccmd/mkfcdb, cmdsmisc, vvos_davis, davis22 $Date: 97/09/12 16:33:39 $ $Revision: 1.3.1.11 PATC H_10.24 (PHCO_11250) $ $Revision: Hewlett-Packard ISSL 1.3.1.11 seccmd/mkfc db, cmdsmisc, vvos_davis, davis22 $ $Date: 9 7/06/09 11:42:36 $ cksum(1) Output: 3543529009 507904 /tcb/bin/authck 1744602837 3089 /tcb/bin/mkfcdb Patch Conflicts: None Patch Dependencies: None Hardware Dependencies: None Other Dependencies: None Supersedes: PHCO_11250 Equivalent Patches: None Patch Package Size: 560 KBytes Installation Instructions: Please review all instructions and the Hewlett-Packard SupportLine User Guide or your Hewlett-Packard support terms and conditions for precautions, scope of license, restrictions, and, limitation of liability and warranties, before installing this patch. ------------------------------------------------------------ 1. Back up your system before installing a patch. 2. Login as root. 3. Copy the patch to the /tmp directory. 4. Move to the /tmp directory and unshar the patch: cd /tmp sh PHCO_12252 5a. For a standalone system, run swinstall to install the patch: swinstall -x autoreboot=true -x match_target=true \ -s /tmp/PHCO_12252.depot 5b. For a homogeneous NFS Diskless cluster run swcluster on the server to install the patch on the server and the clients: swcluster -i -b This will invoke swcluster in the interactive mode and force all clients to be shut down. WARNING: All cluster clients must be shut down prior to the patch installation. Installing the patch while the clients are booted is unsupported and can lead to serious problems. The swcluster command will invoke an swinstall session in which you must specify: alternate root path - default is /export/shared_root/OS_700 source depot path - /tmp/PHCO_12252.depot To complete the installation, select the patch by choosing "Actions -> Match What Target Has" and then "Actions -> Install" from the Menubar. 5c. For a heterogeneous NFS Diskless cluster: - run swinstall on the server as in step 5a to install the patch on the cluster server. - run swcluster on the server as in step 5b to install the patch on the cluster clients. By default swinstall will archive the original software in /var/adm/sw/patch/PHCO_12252. If you do not wish to retain a copy of the original software, you can create an empty file named /var/adm/sw/patch/PATCH_NOSAVE. Warning: If this file exists when a patch is installed, the patch cannot be deinstalled. Please be careful when using this feature. It is recommended that you move the PHCO_12252.text file to /var/adm/sw/patch for future reference. To put this patch on a magnetic tape and install from the tape drive, use the command: dd if=/tmp/PHCO_12252.depot of=/dev/rmt/0m bs=2k Special Installation Instructions: None