Patch Name: PHNE_13618 Patch Description: s700_800 10.0X-10 remote network commands cumulative patch Creation Date: 98/09/11 Post Date: 98/12/02 Hardware Platforms - OS Releases: s700: 10.00 10.01 10.10 s800: 10.00 10.01 10.10 Products: N/A Filesets: InternetSrvcs.INETSVCS-RUN InternetSrvcs.INET-ENG-A-MAN Automatic Reboot?: No Status: General Release Critical: No (superseded patches were critical) PHNE_10637: OTHER rlogin dies intermittenly because of signal SIGUSR1. Path Name: /hp-ux_patches/s700_800/10.X/PHNE_13618 Symptoms: PHNE_13618: rlogin * rlogin does not handle LANG environment variable properly. rlogind * rlogind does not handle long hostname. remsh * ER - remsh with stderr closed returns "fd = 2". * remsh does not handle LANG environment variable properly. remshd * remshd does not update login counters properly. * rexecd does not update trusted systems DB on good logins. rcp * SR: RCP may show file as being there even if it ran out of disk space. * rcp does not check for proper parameters. * rcp does not handle LANG environment variable properly. rdist * rdist does not check for temporary files before creating them. * rdist does not set process resources properly. * rdist does not process distfile properly. * rdist fails if subdirectory exists that matches remote hostname. PHNE_12161: * The lockout feature of trusted systems does not work with rexec. PHNE_11727: * Certain signals cause rlogin to dump core. * Change in rlogind logging. Timeout login events no longer logged. PHNE_10637: * rlogin dies intermittenly because of signal SIGUSR1. PHNE_10081: * rcp does not return correct status with local file copy. PHNE_9218: * RDIST allows copy of certain files without the required permission. PHNE_9217: * RDIST allows copy of certain files without the required permission. PHNE_8889: * remsh/rexec do not force user to change expired password if it is null. PHNE_8806: * Environment variable TERM overflow in rlogin. * Time stamp of rlogind's log message for login failure is set to EST/EDT. PHNE_8494: * RCP invoked with a "-p" option complains of unresolved external symbol "utimes". PHNE_8107: * A bug was found in RDIST which can allow an unprivileged local user to gain unauthorized access. This patch fixes the bug. * RDIST has been enhanced to handle file sizes greater than 2 Giga bytes. This functionality is available as a patch for 10.20. Existing 10.x RDIST does not check for size overflow. As a result, large file transfers from a large file aware RDIST to a 10.x RDIST will not cause graceful termination. This patch will check for size overflow and cause graceful termination if it is the target of a large file transfer. PHNE_7919: * A bug was found in RDIST which can allow an unprivileged local user to gain unauthorized access. This patch fixes the bug. * RDIST has been enhanced to handle file sizes greater than 2 Giga bytes. This functionality is available as a patch for 10.20. Existing 10.x RDIST does not check for size overflow. As a result, large file transfers from a large file aware RDIST to a 10.x RDIST will not cause graceful termination. This patch will check for size overflow and cause graceful termination if it is the target of a large file transfer. PHNE_7917: * RCP has been enhanced to handle file sizes greater than 2 Giga bytes. This functionality is available as a patch for 10.20. Existing 10.x RCP does not check for size overflow. As a result, large file transfers from a RCP which supports large files to a 10.X RCP will not cause graceful termination. This patch will check for size overflow and cause graceful termination if it is the target of a large file transfer. PHNE_7433: * RDIST does not set the owner and group for symbolic links and directories. PHNE_6962: * RDIST sees only the last two of the specified file entries. PHNE_6961: * Interrupts to remsh does not work correctly. PHNE_6815: * Changed the default pathname to include /usr/local/bin and /usr/contrib/bin as per HP-UX 9.x. PHNE_5862: * Rlogind now offers the -B option. PHNE_5379: * Rlogin from a rs-232 mux port to a remote system hangs with no output to the rs-232 device. Defect Description: PHNE_13618: rlogin * rlogin does not handle LANG environment variable properly. rlogind * rlogind does not handle long hostname. remsh * ER - remsh with stderr closed returns "fd = 2". * remsh does not handle LANG environment variable properly. remshd * remshd does not update login counters properly. * rexecd does not update trusted systems DB on good logins. rcp * SR: RCP may show file as being there even if it ran out of disk space. * rcp does not check for proper parameters. * rcp does not handle LANG environment variable properly. rdist * rdist does not check for temporary files before creating them. * rdist does not set process resources properly. * rdist does not process distfile properly. * rdist fails if subdirectory exists that matches remote hostname. PHNE_12161: * On trusted systems, the bad login counter is not updated by rexecd on a login failure. As a result, the lockout feature of trusted systems does not work with rexec. PHNE_11727: * Certain signals cause rlogin to dump core. These signals were not being trapped by the application. Now, rlogin exits gracefully on receiving these signals. * Change in rlogind logging. Timeout login events no longer logged. PHNE_10637: * rlogin dies intermittently because of signal SIGUSR1. PHNE_10081: * rcp returns an exit value of 0 when a local file copy fails. PHNE_9218: * RDIST does not set the userid before certain file operations. PHNE_9217: * RDIST does not set the userid before certain file operations. PHNE_8889: * remshd/rexecd did not check for aging in the case of null passwords. PHNE_8806: * Environment variable TERM overflow in rlogin. * The TZ environment variable was not a part of list of environment variables. As a result TZ was being set to the default (EST/EDT). This resulted in incorrect time stamp for messages logged by rlogind. PHNE_8494: * RCP invoked with a "-p" option complains of unresolved external symbol "utimes" PHNE_8107: * RDIST creates an error message based on a user provided string without checking bounds on the buffer used. This buffer is on the stack, and can therefore be used to execute arbitrary instructions. * The size field in the existing RDIST is an integer. The extraction of size from the received buffer does not check for size overflow. As a result, size becomes negative. Patch PHNE_7920, released for 10.20,will support large files ( > 2G). In order for existing RDIST to behave correctly with this new version, some changes have been made. PHNE_7919: * RDIST creates an error message based on a user provided string without checking bounds on the buffer used. This buffer is on the stack, and can therefore be used to execute arbitrary instructions. * The size field in the existing RDIST is an integer. The extraction of size from the received buffer does not check for size overflow. As a result, size becomes negative. Patch PHNE_7920, released for 10.20,will support large files ( > 2G). In order for existing RDIST to behave correctly with this new version, some changes have been made. PHNE_7917: * The size field in the existing RCP is an integer. The extraction of size from the received buffer does not check for size overflow. As a result size becomes negative. Patch PHNE_7918, released for 10.20, will support large files ( > 2G). In order for existing RCP to behave correctly with this new version some changes have been made. A patch will also be released for the 9.x version. PHNE_7433: * RDIST did not set the owner and group for the copied directories and symbolic links. The change in owner and group was being done only for regular files. PHNE_6962: * RDIST had a bug while getting the list of file names or host names. The start pointer to the list was not saved. Therefore only the last two items in the list are seen by RDIST. PHNE_6961: * The signal is not reset correctly in the signal handler when a SIGINT occurs. As a result, after the first SIGINT, the succesive SIGINT followed the default behaviour. Therefore any trapping of SIGINT in a program executed by remsh failed the second time. PHNE_6815: * Pathname accidentally got changed. PHNE_5862: The -B option is a new feature. PHNE_5379: Rlogin from a rs-232 mux port to a remote system hangs with no output to the rs-232 device. Occurs only with muxes which use the mux2 driver. The problem is timing related and showed up when the rlogin patch PHNE_4843 was installed. (700 series systems are not affected.) SR: 4701381525 1653188235 5003422279 5003392761 5003394536 1653234070 5003360909 5003314096 5003301994 1653210096 5003371351 1653206573 4701350389 4701320101 1653173971 5003247312 5003223669 5003116178 5003113019 1653135780 1653199000 5003335646 4701340471 4701329367 5003309831 5003281329 5003307967 Patch Files: /usr/lbin/remshd /usr/lbin/rexecd /usr/lbin/rlogind /usr/bin/rlogin /usr/bin/remsh /usr/bin/rcp /usr/bin/rexec /usr/bin/rdist /usr/share/man/man1m.Z/rlogind.1m what(1) Output: /usr/lbin/remshd: Copyright (c) 1983, 1988 The Regents of the Universi ty of California. rshd.c 5.17.1.2 (Berkeley) 2/7/89 remshd.c $Revision: 1.34.112.6 $ /usr/lbin/rexecd: Copyright (c) 1983, 1988 The Regents of the Universi ty of California. rexecd.c 5.7 (Berkeley) 1/4/89 rexecd.c $Revision: 1.34.112.6 $ /usr/lbin/rlogind: Copyright (c) 1983, 1988 The Regents of the Universi ty of California. rlogind.c $Header: rlogind.c,v 1.16.112.15 98/08/19 00:14:51 hnt Exp $ rlogind.c 5.22.1.7 (Berkeley) 2/7/89 /usr/bin/rlogin: Copyright (c) 1983 The Regents of the University of California. rlogin.c $Revision: 1.35.112.7 $ $Date: 98/08/19 00: 03:48 $ /usr/bin/remsh: Copyright (c) 1983 The Regents of the University of California. remsh.c $Revision: 1.28.112.5 $ $Date: 98/08/18 22:3 9:40 $ rsh.c 5.7 (Berkeley) 9/20/88 /usr/bin/rcp: Copyright (c) 1983 The Regents of the University of California. rcp.c $Revision: 1.16.112.16 $ $Date: 98/09/07 21:34 :08 $ rcp.c 5.20 (Berkeley) 5/23/89 $Id: snprintf.c,v 1.6 1997/09/12 15:43:06 sob beta15 sob $ excerpted from conf.c 8.333 (Berkeley ) 1/21/97 /usr/bin/rexec: Copyright (c) 1983 The Regents of the University of California. remsh.c $Revision: 1.28.112.5 $ $Date: 98/08/18 22:3 9:40 $ rsh.c 5.7 (Berkeley) 9/20/88 /usr/bin/rdist: $Revision: 1.1.112.4 Wed Oct 7 09:14:21 GMT 1998$ $Id: snprintf.c,v 1.6 1997/09/12 15:43:06 sob beta15 sob $ excerpted from conf.c 8.333 (Berkeley ) 1/21/97 /usr/share/man/man1m.Z/rlogind.1m: None cksum(1) Output: 1857092271 24576 /usr/lbin/remshd 285802111 24576 /usr/lbin/rexecd 3779736230 28672 /usr/lbin/rlogind 408238199 24576 /usr/bin/rlogin 3533829778 16384 /usr/bin/remsh 1466087632 32768 /usr/bin/rcp 3533829778 16384 /usr/bin/rexec 2242338802 69632 /usr/bin/rdist 748681107 2990 /usr/share/man/man1m.Z/rlogind.1m Patch Conflicts: None Patch Dependencies: None Hardware Dependencies: None Other Dependencies: None Supersedes: PHNE_5379 PHNE_5862 PHNE_6815 PHNE_6961 PHNE_6962 PHNE_7433 PHNE_7917 PHNE_7919 PHNE_8107 PHNE_8494 PHNE_8806 PHNE_8889 PHNE_9217 PHNE_9218 PHNE_10081 PHNE_10637 PHNE_11727 PHNE_12161 Equivalent Patches: None Patch Package Size: 300 KBytes Installation Instructions: Please review all instructions and the Hewlett-Packard SupportLine User Guide or your Hewlett-Packard support terms and conditions for precautions, scope of license, restrictions, and, limitation of liability and warranties, before installing this patch. ------------------------------------------------------------ 1. Back up your system before installing a patch. 2. Login as root. 3. Copy the patch to the /tmp directory. 4. Move to the /tmp directory and unshar the patch: cd /tmp sh PHNE_13618 5a. For a standalone system, run swinstall to install the patch: swinstall -x autoreboot=true -x match_target=true \ -s /tmp/PHNE_13618.depot 5b. For a homogeneous NFS Diskless cluster run swcluster on the server to install the patch on the server and the clients: swcluster -i -b This will invoke swcluster in the interactive mode and force all clients to be shut down. WARNING: All cluster clients must be shut down prior to the patch installation. Installing the patch while the clients are booted is unsupported and can lead to serious problems. The swcluster command will invoke an swinstall session in which you must specify: alternate root path - default is /export/shared_root/OS_700 source depot path - /tmp/PHNE_13618.depot To complete the installation, select the patch by choosing "Actions -> Match What Target Has" and then "Actions -> Install" from the Menubar. 5c. For a heterogeneous NFS Diskless cluster: - run swinstall on the server as in step 5a to install the patch on the cluster server. - run swcluster on the server as in step 5b to install the patch on the cluster clients. By default swinstall will archive the original software in /var/adm/sw/patch/PHNE_13618. If you do not wish to retain a copy of the original software, you can create an empty file named /var/adm/sw/patch/PATCH_NOSAVE. Warning: If this file exists when a patch is installed, the patch cannot be deinstalled. Please be careful when using this feature. It is recommended that you move the PHNE_13618.text file to /var/adm/sw/patch for future reference. To put this patch on a magnetic tape and install from the tape drive, use the command: dd if=/tmp/PHNE_13618.depot of=/dev/rmt/0m bs=2k Special Installation Instructions: None