Patch Name: PHNE_12984 Patch Description: s700_800 10.24 (VVOS) Add single level telnetd and ftpd Creation Date: 97/10/31 Post Date: 97/11/24 Hardware Platforms - OS Releases: s700: 10.24 s800: 10.24 Products: N/A Filesets: InternetSrvcs.INETSVCS-RUN InternetSrvcs.INETSVCS-INETD InternetSrvcs.INET-ENG-A-MAN OS-Core.UX-CORE OS-Core.CORE-ENG-A-MAN VirtualVaultOS.VVOS-AUX-IA Automatic Reboot?: Yes Status: General Superseded Critical: No Path Name: /hp-ux_patches/s700_800/10.X/PHNE_12984 Symptoms: PHNE_12984: Users cannot telnet or ftp to a VVOS system. Based on HP-UX patch PHNE_10010: A ftp client could interrupt a data transfer by sending a data close and an ABORT. A timing problem has been observed on the ftpd side. Based on HP-UX patch PHNE_9785: * ftpd returns a 550 after an NLST when the file is not found. * Privileged ports cannot be specified as a part of the PORT command. * An error message "You've GOT to be joking" is displayed when a client specifies a privileged port as a data-port. * The command modtime displays incorrect date and time for some dates. Defect Description: PHNE_12984: Single-level telnetd and ftpd has been added to the VVOS supported feature set. Installation of this patch makes the system capable of providing server side services, to the inside network, for telnet and ftp sessions. The patch will allow users from the inside network to telnet and/or ftp into a VirtualVault machine. Please refer to the special installation instructions on how to enable these services. Based on HP-UX patch PHNE_10010: ftpd has been fixed to handle a simultaneous data close and ABORT appropriately. Based on HP-UX patch PHNE_9785: * ftpd returns a 550 after a NLST when a file is not found. The return code was changed to 450 per RFC 959. * An option "-p" has been added. The PORT command can now specify a privileged port as a data-port if this option is set. * The error message "You've GOT to be joking" has been replaced by "Port command failure". * The command modtime now behaves correctly. SR: 4701372359 4701346098 5003343970 5003344846 5003322867 4701334763 Patch Files: /etc/auth/system/files.fcdb/05.patches/PHNE12984.fcdb /sbin/init.d/inetd /usr/bin/login /usr/lbin/telnetd /usr/lbin/ftpd /usr/lbin/net_daemons/telnetd /usr/lbin/net_daemons/ftpd /usr/share/man/man1m.Z/ftpd.1m /usr/share/man/man1m.Z/telnetd.1m /usr/share/man/man1.Z/login.1 what(1) Output: /etc/auth/system/files.fcdb/05.patches/PHNE12984.fcdb: $Revision: Hewlett-Packard ISSL 1.1 etc/auth/system/ files.fcdb/05.patches/PHNE12984.fcdb, files_ etc, vvos_davis, davis64 $ $Date: 97/10/29 1 6:52:02 $ etc/auth/system/files.fcdb/05.patches/PHNE12984.fcdb , files_etc, vvos_davis, davis64 $Date: 97/1 1/05 08:45:25 $ $Revision: 1.1 PATCH_10.24 ( PHNE_12984) $ /sbin/init.d/inetd: $Revision: Hewlett-Packard ISSL 1.13 services/INETSV CS/scripts/inetd, hpuxinitscripts, vvos_davi s, davis64 $ $Date: 97/10/30 09:20:28 $ /usr/bin/login: $Revision: Hewlett-Packard ISSL Level vvos_davis40 $ $Header: Hewlett-Packard ISSL Release vvos_ davis $ $Date: Wed Nov 5 08:51:57 EST 1997 $ $Revision: 78.6 $ $Source: cmd/login.c, hpuxcmdcntl, vvos_davis, davis 64 $ $Date: 97/11/05 08:45:21 $ $Revision: 1 .23 PATCH_10.24 (PHNE_12984) $ $Source: cmd/login_sec.c, cmdhooks, vvos_davis, davi s64 $ $Date: 97/11/05 08:45:21 $ $Revision: 1.30 PATCH_10.24 (PHNE_12984) $ /usr/lbin/telnetd: $Revision: Hewlett-Packard ISSL Level vvos_davis40 $ $Header: Hewlett-Packard ISSL Release vvos_ davis $ $Date: Wed Nov 5 08:51:57 EST 1997 $ $Source: services/INETSVCS/telnetd/telnetd_wrapper.c , hpuxcmdnet, vvos_davis, davis64 $ $Date: 9 7/11/05 08:45:23 $ $Revision: 1.3 PATCH_10.2 4 (PHNE_12984) $ /usr/lbin/ftpd: $Revision: Hewlett-Packard ISSL Level vvos_davis40 $ $Header: Hewlett-Packard ISSL Release vvos_ davis $ $Date: Wed Nov 5 08:51:57 EST 1997 $ $Source: services/INETSVCS/ftpd/ftpd_wrapper.c, hpux cmdnet, vvos_davis, davis64 $ $Date: 97/11/0 5 08:45:24 $ $Revision: 1.4 PATCH_10.24 (PHN E_12984) $ /usr/lbin/net_daemons/telnetd: $Revision: Hewlett-Packard ISSL Level vvos_davis40 $ $Header: Hewlett-Packard ISSL Release vvos_ davis $ $Date: Wed Nov 5 08:51:57 EST 1997 $ Copyright (c) 1983, 1986 Regents of the University o f California. $Source: services/INETSVCS/telnetd/telnetd.c, hpuxcm dnet, vvos_davis, davis64 $ $Date: 97/11/05 08:45:22 $ $Revision: 1.21.1.4 PATCH_10.24 ( PHNE_12984) $ telnetd.c $Revision: 1.27.212.8 $ $Date: 96/05/06 14 :39:32 $ telnetd.c 5.31 (Berkeley) 2/23/89 /usr/lbin/net_daemons/ftpd: $Revision: Hewlett-Packard ISSL Level vvos_davis40 $ $Header: Hewlett-Packard ISSL Release vvos_ davis $ $Date: Wed Nov 5 08:51:57 EST 1997 $ Copyright (c) 1985, 1988 Regents of the University o f California. $Source: services/INETSVCS/ftpd/ftpd.c, hpuxcmdnet, vvos_davis, davis64 $ $Date: 97/11/05 08:45: 24 $ $Revision: 1.19.1.9 PATCH_10.24 (PHNE_1 2984) $ ftpd.c based on 5.28 (Berkeley) 4/20/89 Revision 1.7.212.1 Wed Nov 5 18:09:27 GMT 1997 ftpcmd.y 5.20 (Berkeley) 2/28/89 $Source: services/INETSVCS/ftpd/glob.c, hpuxcmdnet, vvos_davis, davis64 $ $Date: 97/11/05 08:45: 23 $ $Revision: 1.4.1.4 PATCH_10.24 (PHNE_12 984) $ glob.c 5.7 (Berkeley) 12/14/88 popen.c 5.7 (Berkeley) 2/14/89 $Source: services/INETSVCS/ftpd/ftpd_sec.c, cmdhooks , vvos_davis, davis64 $ $Date: 97/11/05 08:4 5:23 $ $Revision: 1.5.1.7 PATCH_10.24 (PHNE_ 12984) $ logwtmp.c 5.2 (Berkeley) 9/22/88 /usr/share/man/man1m.Z/ftpd.1m: None /usr/share/man/man1m.Z/telnetd.1m: None /usr/share/man/man1.Z/login.1: None cksum(1) Output: 4094008616 1559 /etc/auth/system/files.fcdb/05.patches/ PHNE12984.fcdb 3799915107 1573 /sbin/init.d/inetd 1575815658 61440 /usr/bin/login 113498130 12288 /usr/lbin/telnetd 305067794 12288 /usr/lbin/ftpd 3776802056 45056 /usr/lbin/net_daemons/telnetd 3606663790 86016 /usr/lbin/net_daemons/ftpd 1664642941 8447 /usr/share/man/man1m.Z/ftpd.1m 2422361752 5224 /usr/share/man/man1m.Z/telnetd.1m 1128670498 10494 /usr/share/man/man1.Z/login.1 Patch Conflicts: None Patch Dependencies: s700: 10.24: PHNE_11306 s800: 10.24: PHNE_11307 Hardware Dependencies: None Other Dependencies: None Supersedes: None Equivalent Patches: None Patch Package Size: 320 KBytes Installation Instructions: Please review all instructions and the Hewlett-Packard SupportLine User Guide or your Hewlett-Packard support terms and conditions for precautions, scope of license, restrictions, and, limitation of liability and warranties, before installing this patch. ------------------------------------------------------------ 1. Back up your system before installing a patch. 2. Login as root. 3. Copy the patch to the /tmp directory. 4. Move to the /tmp directory and unshar the patch: cd /tmp sh PHNE_12984 5a. For a standalone system, run swinstall to install the patch: swinstall -x autoreboot=true -x match_target=true \ -s /tmp/PHNE_12984.depot 5b. For a homogeneous NFS Diskless cluster run swcluster on the server to install the patch on the server and the clients: swcluster -i -b This will invoke swcluster in the interactive mode and force all clients to be shut down. WARNING: All cluster clients must be shut down prior to the patch installation. Installing the patch while the clients are booted is unsupported and can lead to serious problems. The swcluster command will invoke an swinstall session in which you must specify: alternate root path - default is /export/shared_root/OS_700 source depot path - /tmp/PHNE_12984.depot To complete the installation, select the patch by choosing "Actions -> Match What Target Has" and then "Actions -> Install" from the Menubar. 5c. For a heterogeneous NFS Diskless cluster: - run swinstall on the server as in step 5a to install the patch on the cluster server. - run swcluster on the server as in step 5b to install the patch on the cluster clients. By default swinstall will archive the original software in /var/adm/sw/patch/PHNE_12984. If you do not wish to retain a copy of the original software, you can create an empty file named /var/adm/sw/patch/PATCH_NOSAVE. Warning: If this file exists when a patch is installed, the patch cannot be deinstalled. Please be careful when using this feature. It is recommended that you move the PHNE_12984.text file to /var/adm/sw/patch for future reference. To put this patch on a magnetic tape and install from the tape drive, use the command: dd if=/tmp/PHNE_12984.depot of=/dev/rmt/0m bs=2k Special Installation Instructions: Installation of this patch makes the system capable of providing server side telnet and ftp services to the inside network. To enable these services, which will let users from the inside network telnet and/or ftp into the system, the system administrator will have to perform the following steps - 1. Login as root in a system window. 2. Enable desired service(s) by uncommenting the following lines in /etc/inetd.conf: #ftp stream tcp nowait root /usr/lbin/ftpd ftpd -l #telnet stream tcp nowait root /usr/lbin/telnetd telnetd to read: ftp stream tcp nowait root /usr/lbin/ftpd ftpd -l telnet stream tcp nowait root /usr/lbin/telnetd telnetd 3. Unlock desired pseudo terminals (ttyp0, ttyp1...etc) in the terminal control database. Each tty has two entries. - Make a safe copy of the terminal control database, /etc/auth/system/ttys. - Edit the database (/etc/auth/system/ttys) pty/ttyp0:t_devname=pty/ttyp0:t_lock:chkent: ttyp0:t_devname=ttyp0:chkent: For each set of entries make the following modifications: If a field t_lock exists for the entry, just add an @ sign at the end of the field. (t_lock@) If the field does not exist, add the entire field, t_lock@, to the entry. ( The field separator is a : ) pty/ttyp0:t_devname-pty/ttyp0:t_lock@:chkent: ttyp0:t_devname=ttyp0:t_lock@:chkent: 4. Run "/tcb/bin/authck -t" to check the internal consistency of the Terminal Control database. 5. Run "/tcb/bin/setfiles" to set system file attributes. 6. Run "/usr/sbin/inetd -c" to force the inetd to reread /etc/inetd.conf. NOTE: The patch should be installed after VirtualVault 3.0 is installed.