Patch Name: PHNE_17029 Patch Description: s700_800 10.20 SIS r-commands patch Creation Date: 99/09/14 Post Date: 99/10/07 Hardware Platforms - OS Releases: s700: 10.20 s800: 10.20 Products: N/A Filesets: InternetSvcSec.INETSVCS-SEC Automatic Reboot?: No Status: General Release Critical: No Path Name: /hp-ux_patches/s700_800/10.X/PHNE_17029 Symptoms: PHNE_17029: rlogin * In rlogin, the LANG environment variable is not handled properly. The rlogin doesn't allow to login. * Certain signals cause rlogin to dump core. * rlogin dies intermittently due to signal "SIGUSR1". * Environment variable TERM overflow in rlogin. rlogind * The rlogind does not handle long hostname and exits from the application. * Change in rlogind logging. Timeout login events no longer logged. * Time stamp of rlogind's log message for login failure is set to EST/EDT. * Connection closes when any child process of rlogind receives a "SIGSTOP" signal. remsh * The remsh gives an error 'fd = 2', when stderr is closed on the command line. * In remsh, the LANG environment variable is not handled properly. The remsh doesn't allow to execute the command. * remsh in 10.X system is not running commands in directories "/usr/local/bin" and "/usr/contrib/bin". remshd * The remshd does not update login counters properly in the case of successful logins. * remshd do not force user to change expired password if it is null. rcp * The rcp does not clear old errno value.It gives an error as size out of bounds. * The rcp shows the file as being there even if it ran out of disk space. It gives an error as "No space left on device". * rcp doesn't test for proper parameters. * In rcp, the LANG environment variable is not handled properly. The remsh doesn't allow to execute the command. * rcp on a NFS system displays the error message rcp : can't truncate....Permission denied with NFS. * rcp cannot transfer files greater than 2 Giga bytes. Defect Description: PHNE_17029: rlogin * In rlogin, if LANG environment is not set properly, rlogin doesn't allow to login. Resolution: The LANG environment variable is checked against the macro NL_LANGMAX defined in "limits.h" header file. * Certain signals are not trapped by rlogin and these cause rlogin to dump core. Now, rlogin exits gracefully on receiving these signals. * rlogin dies intermittently because of signal "SIGUSR1". This occurs because of some timing problems. * Environment variable TERM overflow in rlogin. rlogind * When user gives long hostname to login to the remote system, rlogind exits. Since array size is minimum, when hostname exceeds this array size rlogin does not allow the user to login. Resolution: The memory is allocated dynamically, so that it handles the host name properly. * Change in rlogind logging. Timeout login events are no longer getting logged. * Time stamp of rlogind's log message for login failure is set to EST/EDT. * rlogind terminates when a "SIGSTOP" signal is issued to any of it's child processes. The daemon receives a "SIGCHLD" signal which causes rlogind to terminate. remsh * When stderr is closed on the command line, the error message is being displayed in the stdout instead of stderr. Resolution: If remsh fails to open any of the file descriptors stdin,stdout,stderr the output is moved to the /dev/null, so that the message is not displayed to stdout. * In remsh, if LANG environment is not set properly, remsh does not allow to login. Resolution: The LANG environment variable is checked against the macro NL_LANGMAX defined in "limits.h" header file. * remsh in 10.x system is not running commands in directories "/usr/local/bin" and "/usr/contrib/bin" as default pathname was not set properly. remshd * The remshd does not update login counters properly in the case of successful logins. There's a counter for the number of incorrect logins for a particular user. When the user does successfully login, this counter called "culogin" was being set to "-1" and disabling the account. Resolution: The counter variable is set to zero instead of -1, in case of successful logins. * remshd did not check for aging in the case of null passwords. rcp * rcp gives an error message even when an already existing file is copied. This was happening because the old error number was not cleared. Resolution: The errno is reset to zero, so that rcp does not return an error. * The rcp shows file as being there even if it ran out of disk space. If the file is not completely copied because of lack of disk space, ftruncate() will append null bytes to the file, giving an impression that the file has been copied completely. Resolution: ftruncate() is called only if the file has been copied without an error.This ensures that, null bytes are not appended to the file. * rcp does not work since it is not checking for proper parameters. Resolution: The code was changed to test proper parameters. * In rcp, if LANG environment is not set properly, rcp does not allow to copy. Resolution: The LANG environment variable is checked against the macro NL_LANGMAX defined in "limits.h" header file. * rcp on a NFS system fails with an error message. This is because a truncate is done before the permissions of the file is changed. * rcp did not support file transfer greater than 2 GB. rcp has been enhanced to provide large file support. SR: 5003371351 4701350389 4701320101 4701381525 1653210096 1653173971 5003036301 1653188235 5003301994 5003422279 5003314096 1653257212 5003394536 5003352864 Patch Files: /usr/bin/krlogin /usr/bin/kremsh /usr/bin/krcp /usr/lbin/krlogind /usr/lbin/kremshd what(1) Output: /usr/bin/krlogin: Copyright (c) 1983 The Regents of the University of California. rlogin.c Secure Internet Svcs - $Revision: 1.35.212. 10 $ $Date: 98/07/15 23:33:25 $ /usr/bin/kremsh: Copyright (c) 1983 The Regents of the University of California. remsh.c Secure Internet Svcs - $Revision: 1.28.212.1 0 $ $Date: 98/07/15 22:31:58 $ rsh.c 5.7 (Berkeley) 9/20/88 /usr/bin/krcp: Copyright (c) 1983 The Regents of the University of California. rcp.c Secure Internet Svcs - $Revision: 1.16.212.22 $ $Date: 98/07/15 03:47:47 $ rcp.c 5.20 (Berkeley) 5/23/89 /usr/lbin/krlogind: Copyright (c) 1983, 1988 The Regents of the Universi ty of California. rlogind.c Secure Internet Svcs - $Header: rlogind.c, v 1.17.212.24 98/07/15 23:47:14 hnt Exp $ rlogind.c 5.22.1.6 (Berkeley) 2/7/89 /usr/lbin/kremshd: Copyright (c) 1983, 1988 The Regents of the Universi ty of California. rshd.c 5.17.1.2 (Berkeley) 2/7/89 remshd.c Secure Internet Svcs - $Revision: 1.34.212. 11 $ cksum(1) Output: 2218925918 385024 /usr/bin/krlogin 3090621849 380928 /usr/bin/kremsh 3398084389 393216 /usr/bin/krcp 3128594670 425984 /usr/lbin/krlogind 1844281762 421888 /usr/lbin/kremshd Patch Conflicts: None Patch Dependencies: None Hardware Dependencies: None Other Dependencies: None Supersedes: None Equivalent Patches: None Patch Package Size: 2020 KBytes Installation Instructions: Please review all instructions and the Hewlett-Packard SupportLine User Guide or your Hewlett-Packard support terms and conditions for precautions, scope of license, restrictions, and, limitation of liability and warranties, before installing this patch. ------------------------------------------------------------ 1. Back up your system before installing a patch. 2. Login as root. 3. Copy the patch to the /tmp directory. 4. Move to the /tmp directory and unshar the patch: cd /tmp sh PHNE_17029 5a. For a standalone system, run swinstall to install the patch: swinstall -x autoreboot=true -x match_target=true \ -s /tmp/PHNE_17029.depot By default swinstall will archive the original software in /var/adm/sw/patch/PHNE_17029. If you do not wish to retain a copy of the original software, you can create an empty file named /var/adm/sw/patch/PATCH_NOSAVE. WARNING: If this file exists when a patch is installed, the patch cannot be deinstalled. Please be careful when using this feature. It is recommended that you move the PHNE_17029.text file to /var/adm/sw/patch for future reference. To put this patch on a magnetic tape and install from the tape drive, use the command: dd if=/tmp/PHNE_17029.depot of=/dev/rmt/0m bs=2k Special Installation Instructions: Note the following: * The SIS product, if enabled has to be disabled before the installation and removal of this patch. * If SIS is enabled during patch installation or removal, the installation/removal will fail with an error. To disable SIS use the following command: '/usr/sbin/inetsvcs_sec disable' After installation or removal use the following command to enable SIS. '/usr/sbin/inetsvcs_sec enable'