Patch Name: PHNE_20748 Patch Description: s700_800 10.20 remote network commands cumulative patch Creation Date: 01/01/23 Post Date: 01/02/12 Hardware Platforms - OS Releases: s700: 10.20 s800: 10.20 Products: N/A Filesets: InternetSrvcs.INETSVCS-RUN Automatic Reboot?: No Status: General Release Critical: No Path Name: /hp-ux_patches/s700_800/10.X/PHNE_20748 Symptoms: PHNE_20748: 1. JAGab73645/SR 8606105517: Both remsh and remshd are hanging when a remote process is started through remsh. 2. JAGab21137/SR 5003458414: ER - remshd and rexecd are not updating the "/var/adm/wtmp" and "/var/adm/btmp" files. 3. JAGab31733/SR 5003467134: When "-pr" option is set, rcp fails to copy some of the files present in the source directory under some conditions. 4. JAGaa42962/SR 8606140969: When rcp is used with wild card characters it fails to create the first subdirectory when it is not existing at the target machine. 5. JAGab83643/SR 8606110892: rdist fails to handle the hard links properly. 6. JAGad15036/SR 8606145700: remshd/rexecd is sometimes failing to display the error message while executing a bad command when the user is in ksh. 7. JAGad06606/SR 8606137488: ruptime was showing ??:?? for the number of days when the host was up or down for more than 365 days. 8. JAGad28199/SR 8606158870: rlogind is intermittently failing to log syslog messages for passwd entry timeouts and for failure in login attempt. 9. JAGad28443/SR 8606159114: rdist is not creating regular files properly. 10.JAGad36477/SR 8606167191: rdist is not always handling source and destination path properly. PHNE_13619: rlogin * rlogin does not handle LANG environment variable properly. rlogind * rlogind does not handle long hostname. remsh * ER - remsh with stderr closed returns "fd = 2". * remsh does not handle LANG environment variable properly. remshd * remshd does not update login counters properly. * PHNE_12161: remshd and rexecd patch does not work with large UID/GIDs. * rexecd does not update trusted systems DB on good logins. rcp * rcp does not clear old errno value. * SR: RCP may show file as being there even if it ran out of disk space. * rcp does not check for proper parameters. * rcp does not handle LANG environment variable properly. rdist * rdist does not check for temporary files before creating them. * rdist does not set process resources properly. * rdist does not process distfile properly. * rdist fails if subdirectory exists that matches remote hostname. PHNE_12161: * The lockout feature of trusted systems does not work with rexec. PHNE_11728: * Certain signals cause rlogin to dump core. * Change in rlogind logging. Timeout login events no longer logged. PHNE_10638: * rlogin dies intermittently due to signal "SIGUSR1". PHNE_9787: * RCP on a NFS system displays the error message rcp : can't truncate....Permission denied with NFS. PHNE_9219: * RDIST allows copy of certain files without the required permission. PHNE_8889: * remsh/rexec do not force user to change expired password if it is null. PHNE_8807: * Environment variable TERM overflow in rlogin. * Time stamp of rlogind's log message for login failure is set to EST/EDT. * Connection closes when any child process of rlogind receives a SIGSTOP. PHNE_7920: * RDIST cannot transfer files greater than 2 Giga bytes. An enhancement request exists for RDIST to be able to handle files greater than 2 Giga bytes in size. * A bug was found in RDIST which can allow an unprivileged local user to gain unauthorized access. This patch fixes the bug. PHNE_7918: * RCP cannot transfer files greater than 2 Giga bytes. An enhancement request exists for RCP to be able to handle files greater than 2 Giga bytes in size. PHNE_6815: * Changed the default pathname to include /usr/local/bin and /usr/contrib/bin as per HP-UX 9.x. Defect Description: PHNE_20748: 1. JAGab73645/SR 8606105517: In remshd, the SIGCHLD signal is not handled properly. It is currently relying on the EOF from the pipe which is used to send error messages from the child to the parent process in remshd. Because of this, remshd is hanging in some cases and as a result remsh is also hanging. Resolution: A new signal handler for SIGCHLD has been added which, for remshd, does a shutdown on the socket. 2. JAGab21137/SR 5003458414: For each login and logout, remshd and rexecd must log the necessary information in "/var/adm/wtmp" and "/var/adm/btmp" files as the case may be. Resolution: Modified the source code to add a new function. It has a parameter from which it decides to which of the two files it should update. 3. JAGab31733/SR 5003467134: If the target system has a directory owned by a user other the one who is owning the source directory, rcp fails to copy the files following the directory present in the target machine. This is due to an error message sent by the remote machine when utimes() system call fails for that target directory, which makes the client to exit without copying the rest of the files. Resolution: The server code has been modified to send the final response to the client after the utimes() system call so that the client will continue the process till it copies all the files. 4. JAGaa42962/SR 8606140969: When rcp is invoked with "-r" option to copy more than one files the target directory is not getting created. Resolution: As soon as the server function receives the first file, it checks whether the target directory is existing or not. If the target directory is not existing, then it creates the target directory. Then it copies the first sub-directory to the target directory. 5. JAGab83643/SR 8606110892 : When rdist is used to distribute files, and two of the distributed files are hardlinked, rdist is failing to create the proper path in some cases. Resolution: rdist code has been modified to creat the hard linked files properly. 6. JAGad15036/SR 8606145700: In remshd the child process writes the error message into a pipe and dies. Sometimes the child process dies before the parent process has read that error message. Then the parent receives a SIGCHLD signal and exits without reading the error message. Thus the error message is not getting displayed. Resolution: The parent process after receiving the SIGCHLD signal tries to read from the pipe before doing an exit. Also, the SIGCHLD signal is now blocked during the read operation from the pipe. 7. JAGad06606/SR 8606137488: ruptime checks to see if the machine is up or down for more than 365 days. If it is more than 365 days it will print ??:??. Resolution: The check has been removed so that ruptime can always print the number of days even it is more than 365 days. 8. JAGad28199/SR 8606158870: rlogind was ignoring SIGCLD signal while ending rlogin session. If it gets SIGCLD signal before exiting it was not calling SIGCLD handler, where it was checking for child status and logging syslog message. Resolution: The code has been modified not to ignore the SIGCLD signal and to log the proper message. 9. JAGad28443/SR 8606159114: When 'install' in the 'distfile' is used without '-w' option, rdist is not creating the regular files properly. Resolution: rdist code has been modified to create the regular files properly. 10.JAGad36477/SR 8606167191: rdist is not always handling source and destination path properly. Resolution: Now rdist code has been modified to handle source and destination path properly. PHNE_13619: rlogin * rlogin does not handle LANG environment variable properly. rlogind * rlogind does not handle long hostname. remsh * ER - remsh with stderr closed returns "fd = 2". * remsh does not handle LANG environment variable properly. remshd * remshd does not update login counters properly. * With PHNE_12161 installed, remsh displays the error message "invalid id". * rexecd does not update trusted systems DB on good logins. rcp * rcp does not clear old errno value. * SR: RCP may show file as being there even if it ran out of disk space. * rcp does not check for proper parameters. * rcp does not handle LANG environment variable properly. rdist * rdist does not check for temporary files before creating them. * rdist does not set process resources properly. * rdist does not process distfile properly. * rdist fails if subdirectory exists that matches remote hostname. PHNE_12161: * On trusted systems, the bad login counter is not updated by rexecd on a login failure. As a result, the lockout feature of trusted systems does not work with rexec. PHNE_11728: * Certain signals are not trapped by rlogin and these cause rlogin to dump core. Now, rlogin exits gracefully on receiving these signals. * Change in rlogind logging. Timeout login events no longer logged. PHNE_10638: * rlogin dies intermittently because of SIGUSR1. This occurs because of some timing problems. PHNE_9787: * RCP on a NFS system fails with an error message. This is because a truncate is done before the permissions of the file is changed. PHNE_9219: * RDIST does not set the userid before certain file operations. PHNE_8889: * remshd/rexecd did not check for aging in the case of null passwords. PHNE_8807: * Environment variable TERM overflow in rlogin. * Time stamp of rlogind's log message for login failure is set to EST/EDT. * rlogind terminates when a SIGSTOP is issued to any of it's child processes. The daemon receives a SIGCHLD which causes rlogind to terminate. PHNE_7920: * The operating system did not support files greater than 2 Giga bytes. The 10.20 release has large file support built in. RDIST has been enhanced to provide large file support. In order for RDIST to interoperate correctly with existing versions of RDIST, patches will be released for 10.X to handle some interoperability issues. * RDIST creates an error message based on a user provided string without checking bounds on the buffer used. This buffer is on the stack, and can therefore be used to execute arbitrary instructions. PHNE_7918: * The operating system did not support files greater than 2 Giga bytes. The 10.20 release has large file support built in. RCP has been enhanced to provide large file support. In order for RCP to interoperate correctly with existing versions of RCP, patches will be released for 9.X and 10.X to handle some interoperability issues. PHNE_6815: * Pathname accidentally got changed. SR: 8606105517 5003458414 5003467134 8606140969 8606110892 8606145700 8606137488 8606158870 8606159114 8606167191 4701381525 1653188235 5003422279 5003403527 5003392761 1653257212 5003394536 1653234070 5003360909 5003314096 5003301994 5003371351 1653210096 1653206573 4701350389 4701320101 1653173971 5003352864 4701329367 4701340471 Patch Files: /usr/lbin/remshd /usr/lbin/rexecd /usr/lbin/rlogind /usr/bin/rlogin /usr/bin/remsh /usr/bin/rcp /usr/bin/rexec /usr/bin/rdist /usr/bin/ruptime what(1) Output: /usr/lbin/remshd: Copyright (c) 1983, 1988 The Regents of the Universi ty of California. rshd.c 5.17.1.2 (Berkeley) 2/7/89 remshd.c $Revision: 1.34.212.15 $ /usr/lbin/rexecd: Copyright (c) 1983, 1988 The Regents of the Universi ty of California. rexecd.c 5.7 (Berkeley) 1/4/89 rexecd.c $Revision: 1.34.212.15 $ /usr/lbin/rlogind: Copyright (c) 1983, 1988 The Regents of the Universi ty of California. rlogind.c $Header: rlogind.c,v 1.17.212.25 2000/09/0 7 06:33:29 gpatgar Exp $ rlogind.c 5.22.1.6 (Berkeley) 2/7/89 /usr/bin/rlogin: Copyright (c) 1983 The Regents of the University of California. rlogin.c $Revision: 1.35.212.10 $ $Date: 98/07/15 23 :33:25 $ /usr/bin/remsh: Copyright (c) 1983 The Regents of the University of California. remsh.c $Revision: 1.28.212.10 $ $Date: 98/07/15 22: 31:58 $ rsh.c 5.7 (Berkeley) 9/20/88 /usr/bin/rcp: Copyright (c) 1983 The Regents of the University of California. rcp.c $Revision: 1.16.212.25 $ $Date: 2000/05/02 03: 03:07 $ rcp.c 5.20 (Berkeley) 5/23/89 /usr/bin/rexec: Copyright (c) 1983 The Regents of the University of California. remsh.c $Revision: 1.28.212.10 $ $Date: 98/07/15 22: 31:58 $ rsh.c 5.7 (Berkeley) 9/20/88 /usr/bin/rdist: $Revision: 1.1.212.4 Sat Jan 27 10:22:18 GMT 2001$ /usr/bin/ruptime: Copyright (c) 1983 The Regents of the University of California. ruptime.c $Revision: 1.3.212.4 $ $Date: 2000/07/11 0 2:00:51 $ ruptime.c 5.5 (Berkeley) 8/25/88 cksum(1) Output: 2385750223 24576 /usr/lbin/remshd 3928880565 24576 /usr/lbin/rexecd 1023136489 28672 /usr/lbin/rlogind 1909433317 24576 /usr/bin/rlogin 1712561782 16384 /usr/bin/remsh 3219178008 32768 /usr/bin/rcp 1712561782 16384 /usr/bin/rexec 3899010559 73728 /usr/bin/rdist 669273757 20480 /usr/bin/ruptime Patch Conflicts: None Patch Dependencies: None Hardware Dependencies: None Other Dependencies: None Supersedes: PHNE_6815 PHNE_7918 PHNE_7920 PHNE_8807 PHNE_8889 PHNE_9219 PHNE_9787 PHNE_10638 PHNE_11728 PHNE_12161 PHNE_13619 Equivalent Patches: None Patch Package Size: 320 KBytes Installation Instructions: Please review all instructions and the Hewlett-Packard SupportLine User Guide or your Hewlett-Packard support terms and conditions for precautions, scope of license, restrictions, and, limitation of liability and warranties, before installing this patch. ------------------------------------------------------------ 1. Back up your system before installing a patch. 2. Login as root. 3. Copy the patch to the /tmp directory. 4. Move to the /tmp directory and unshar the patch: cd /tmp sh PHNE_20748 5a. For a standalone system, run swinstall to install the patch: swinstall -x autoreboot=true -x match_target=true \ -s /tmp/PHNE_20748.depot By default swinstall will archive the original software in /var/adm/sw/patch/PHNE_20748. If you do not wish to retain a copy of the original software, you can create an empty file named /var/adm/sw/patch/PATCH_NOSAVE. WARNING: If this file exists when a patch is installed, the patch cannot be deinstalled. Please be careful when using this feature. It is recommended that you move the PHNE_20748.text file to /var/adm/sw/patch for future reference. To put this patch on a magnetic tape and install from the tape drive, use the command: dd if=/tmp/PHNE_20748.depot of=/dev/rmt/0m bs=2k Special Installation Instructions: None