Patch Name: PHCO_20534 Patch Description: s700_800 10.26 SD-UX commands cumulative patch Creation Date: 99/12/01 Post Date: 99/12/03 Hardware Platforms - OS Releases: s700: 10.26 s800: 10.26 Products: N/A Filesets: BLS.BLS-CORE SW-DIST.RUPDATE SW-DIST.SD-AGENT SW-DIST.SD-CMDS SW-DIST.SD-ENG-A-MAN Automatic Reboot?: Yes Status: General Superseded Critical: No Path Name: /hp-ux_patches/s700_800/10.X/PHCO_20534 Symptoms: PHCO_20534: In certain configurations, the SD commands will always fail, with the message: /usr/sbin/swagentd: Privilege required for operation PHCO_19560: 1. The SD-UX command set includes commands which must be executed by the root user in traditional Unix. 10.26 systems typically do not have active root user accounts and therefore the SD-UX command set needs a way to be run by other authorized users. 2. Repackaging of 10.20 patch PHCO_15206 for TOS. Defect Description: PHCO_20534: The 'chsubjil' privilege was not being raised appropriatly. PHCO_19560: The SD-UX command set was not ported to 10.26. Repackaging of 10.20 patch PHCO_15206 for TOS. Resolution : There is now a command wrapper, "swwrapper", which acts as a security-aware front-end to the SD-UX command set. This wrapper acts implicitly whenever the original commands are specified. The wrapper specifies that the invoking user must possess the sdcmds authorization for all commands except the "swacl" command, which must be invoked by a user with the isso authorization. SR: 1653189134 1653186429 1653232702 1653256404 4701351148 4701385153 5003378844 5003408831 Patch Files: /usr/lbin/sw/control_utils /usr/lbin/swagent /usr/lib/nls/msg/C/swpackage.cat /usr/lib/nls/msg/C/swutil.cat /usr/lib/sw/sys.defaults /usr/lib/sw/ui/C/smc_jobopts.ui /usr/lib/sw/ui/C/smc_targets.ui /usr/sbin/fpkg2swpkg /usr/sbin/pushAgent /usr/sbin/sd /usr/sbin/swacl /usr/sbin/swagentd /usr/sbin/swconfig /usr/sbin/swcopy /usr/sbin/swdepot /usr/sbin/swinstall /usr/sbin/swjob /usr/sbin/swlist /usr/sbin/swmodify /usr/sbin/swpackage /usr/sbin/swreg /usr/sbin/swremove /usr/sbin/swverify /usr/share/man/man1m.Z/pushAgent.1m /usr/sbin/swwrapper /etc/auth/system/files.fcdb/05.base/PHCO_19560.fcdb /etc/auth/system/files.fcdb/05.base/PHCO_20534.fcdb what(1) Output: /usr/lbin/sw/control_utils: $Revision: 5.15 $ /usr/lbin/swagent: $Revision: 5.1, SD-OV/A.01.02.12, SD-UX/B.10.20.00.1 2, AGENT, PHCO_15206, Optimized, Built Dec 1 5 1998 14:08:51$ ttadjdsa.c $Date: 96/03/12 15:46:32 $ $Revision: 5.4 $ /usr/lib/nls/msg/C/swpackage.cat: None /usr/lib/nls/msg/C/swutil.cat: None /usr/lib/sw/sys.defaults: None /usr/lib/sw/ui/C/smc_jobopts.ui: None /usr/lib/sw/ui/C/smc_targets.ui: None /usr/sbin/fpkg2swpkg: None /usr/sbin/pushAgent: None /usr/sbin/sd: $Revision: 5.2, SD-OV/A.01.02.12, SD-UX/B.10.20.00.1 2, CONTROLLER, PHCO_15206, Optimized, Built Dec 15 1998 14:09:25$ ttadjdsa.c $Date: 96/03/12 15:46:32 $ $Revision: 5.4 $ /usr/sbin/swacl: $Revision: 5.2, SD-OV/A.01.02.12, SD-UX/B.10.20.00.1 2, CONTROLLER, PHCO_15206, Optimized, Built Dec 15 1998 14:09:25$ ttadjdsa.c $Date: 96/03/12 15:46:32 $ $Revision: 5.4 $ /usr/sbin/swconfig: $Revision: 5.2, SD-OV/A.01.02.12, SD-UX/B.10.20.00.1 2, CONTROLLER, PHCO_15206, Optimized, Built Dec 15 1998 14:09:25$ ttadjdsa.c $Date: 96/03/12 15:46:32 $ $Revision: 5.4 $ /usr/sbin/swcopy: $Revision: 5.2, SD-OV/A.01.02.12, SD-UX/B.10.20.00.1 2, CONTROLLER, PHCO_15206, Optimized, Built Dec 15 1998 14:09:25$ ttadjdsa.c $Date: 96/03/12 15:46:32 $ $Revision: 5.4 $ /usr/sbin/swdepot: $Revision: 5.2, SD-OV/A.01.02.12, SD-UX/B.10.20.00.1 2, CONTROLLER, PHCO_15206, Optimized, Built Dec 15 1998 14:09:25$ ttadjdsa.c $Date: 96/03/12 15:46:32 $ $Revision: 5.4 $ /usr/sbin/swinstall: $Revision: 5.2, SD-OV/A.01.02.12, SD-UX/B.10.20.00.1 2, CONTROLLER, PHCO_15206, Optimized, Built Dec 15 1998 14:09:25$ ttadjdsa.c $Date: 96/03/12 15:46:32 $ $Revision: 5.4 $ /usr/sbin/swjob: $Revision: 5.2, SD-OV/A.01.02.12, SD-UX/B.10.20.00.1 2, CONTROLLER, PHCO_15206, Optimized, Built Dec 15 1998 14:09:25$ ttadjdsa.c $Date: 96/03/12 15:46:32 $ $Revision: 5.4 $ /usr/sbin/swlist: $Revision: 5.2, SD-OV/A.01.02.12, SD-UX/B.10.20.00.1 2, CONTROLLER, PHCO_15206, Optimized, Built Dec 15 1998 14:09:25$ ttadjdsa.c $Date: 96/03/12 15:46:32 $ $Revision: 5.4 $ /usr/sbin/swreg: $Revision: 5.2, SD-OV/A.01.02.12, SD-UX/B.10.20.00.1 2, CONTROLLER, PHCO_15206, Optimized, Built Dec 15 1998 14:09:25$ ttadjdsa.c $Date: 96/03/12 15:46:32 $ $Revision: 5.4 $ /usr/sbin/swremove: $Revision: 5.2, SD-OV/A.01.02.12, SD-UX/B.10.20.00.1 2, CONTROLLER, PHCO_15206, Optimized, Built Dec 15 1998 14:09:25$ ttadjdsa.c $Date: 96/03/12 15:46:32 $ $Revision: 5.4 $ /usr/sbin/swverify: $Revision: 5.2, SD-OV/A.01.02.12, SD-UX/B.10.20.00.1 2, CONTROLLER, PHCO_15206, Optimized, Built Dec 15 1998 14:09:25$ ttadjdsa.c $Date: 96/03/12 15:46:32 $ $Revision: 5.4 $ /usr/sbin/swagentd: $Revision: 5.1, SD-OV/A.01.02.12, SD-UX/B.10.20.00.1 2, DAEMON, PHCO_15206, Optimized, Built Dec 15 1998 14:10:05$ /usr/sbin/swmodify: $Revision: 5.2, SD-OV/A.01.02.12, SD-UX/B.10.20.00.1 2, PACKAGER, PHCO_15206, Optimized, Built No v 24 1998 08:49:52$ ttadjdsa.c $Date: 96/03/12 15:46:32 $ $Revision: 5.4 $ /usr/sbin/swpackage: $Revision: 5.2, SD-OV/A.01.02.12, SD-UX/B.10.20.00.1 2, PACKAGER, PHCO_15206, Optimized, Built No v 24 1998 08:49:52$ ttadjdsa.c $Date: 96/03/12 15:46:32 $ $Revision: 5.4 $ /usr/share/man/man1m.Z/pushAgent.1m: None /usr/sbin/swwrapper: 1999/11/29 Hewlett-Packard HP-UX 10.26 TOS [ ic5dy - DAV17 ] 99/11/24 seccmd/sdcmds/swwrapper.c, hpux, hpux_10.26 , ic5dy Revision 1.10 PATCH_10.26 (PHCO_2053 4) /etc/auth/system/files.fcdb/05.base/PHCO_19560.fcdb: None /etc/auth/system/files.fcdb/05.base/PHCO_20534.fcdb: 99/11/24 etc/auth/system/files.fcdb/05.base/PHCO_205 34.fcdb, hpux, hpux_10.26, ic5dy Revision 1. 1 PATCH_10.26 (PHCO_20534) cksum(1) Output: 1872983272 47164 /usr/lbin/sw/control_utils 3416335629 954368 /usr/lbin/swagent 521435351 27364 /usr/lib/nls/msg/C/swpackage.cat 3050554707 64944 /usr/lib/nls/msg/C/swutil.cat 1201548098 99079 /usr/lib/sw/sys.defaults 4160945067 73233 /usr/lib/sw/ui/C/smc_jobopts.ui 859042836 11655 /usr/lib/sw/ui/C/smc_targets.ui 2004123118 192672 /usr/sbin/fpkg2swpkg 2737907432 110869 /usr/sbin/pushAgent 4123899335 1609728 /usr/sbin/sd 4123899335 1609728 /usr/sbin/swacl 4123899335 1609728 /usr/sbin/swconfig 4123899335 1609728 /usr/sbin/swcopy 4123899335 1609728 /usr/sbin/swdepot 4123899335 1609728 /usr/sbin/swinstall 4123899335 1609728 /usr/sbin/swjob 4123899335 1609728 /usr/sbin/swlist 4123899335 1609728 /usr/sbin/swreg 4123899335 1609728 /usr/sbin/swremove 4123899335 1609728 /usr/sbin/swverify 2538232169 446464 /usr/sbin/swagentd 3431885764 770048 /usr/sbin/swmodify 3431885764 770048 /usr/sbin/swpackage 3758846892 4931 /usr/share/man/man1m.Z/pushAgent.1m 405936254 16384 /usr/sbin/swwrapper 4294967295 0 /etc/auth/system/files.fcdb/05.base/ PHCO_19560.fcdb 970055129 2869 /etc/auth/system/files.fcdb/05.base/ PHCO_20534.fcdb Patch Conflicts: None Patch Dependencies: s700: 10.26: PHCO_20022 PHCO_20325 s800: 10.26: PHCO_20022 PHCO_20325 Hardware Dependencies: None Other Dependencies: This patch depends on the reboot(1M) patch. Please insure that patch PHCO_20325 or its superseded patch is already installed. Supersedes: PHCO_19560 Equivalent Patches: PHCO_15206: s700: 10.20 s800: 10.20 Patch Package Size: 4410 KBytes Installation Instructions: Please review all instructions and the Hewlett-Packard SupportLine User Guide or your Hewlett-Packard support terms and conditions for precautions, scope of license, restrictions, and, limitation of liability and warranties, before installing this patch. ------------------------------------------------------------ 1. Back up your system before installing a patch. 2. Login as root. 3. Copy the patch to the /tmp directory. 4. Move to the /tmp directory and unshar the patch: cd /tmp sh PHCO_20534 5a. For a standalone system, run swinstall to install the patch: swinstall -x autoreboot=true -x match_target=true \ -s /tmp/PHCO_20534.depot By default swinstall will archive the original software in /var/adm/sw/patch/PHCO_20534. If you do not wish to retain a copy of the original software, you can create an empty file named /var/adm/sw/patch/PATCH_NOSAVE. WARNING: If this file exists when a patch is installed, the patch cannot be deinstalled. Please be careful when using this feature. It is recommended that you move the PHCO_20534.text file to /var/adm/sw/patch for future reference. To put this patch on a magnetic tape and install from the tape drive, use the command: dd if=/tmp/PHCO_20534.depot of=/dev/rmt/0m bs=2k Special Installation Instructions: 1) The cumulative manpages patch PHCO_20022 or its superseded patch must also be installed. 2) The reboot(1M) patch PHCO_20325 or its superseded patch must also be installed. 3) The message in the swagent.log regarding ": No such file or directory" can be ignored if you swremove this patch from the system. This is due to a known problem with the tar command dealing with softlink.