Patch Name: PHNE_22124 Patch Description: s700_800 10.26 ftpd(1M) and ftp(1) cumulative patch Creation Date: 00/10/24 Post Date: 00/11/14 Hardware Platforms - OS Releases: s700: 10.26 s800: 10.26 Products: N/A Filesets: InternetSrvcs.INETSVCS-RUN InternetSrvcs.INET-ENG-A-MAN Automatic Reboot?: No Status: General Superseded Critical: No Path Name: /hp-ux_patches/s700_800/10.X/PHNE_22124 Symptoms: PHNE_22124: 1. The anonymous FTP does not work correctly. 2. The anonymous FTP runs with root privilegs. 3. The man page does not provide the upto date information on setting up anonymous ftp account. 4. Porting of 10.20 patch PHNE_22057 PHNE_18648: 1. ftp sessions do not appear in utmp failed ftp sessions do not appear in btmp 2. Port of PHNE_13597 PHNE_17367: 1. System allows user to perfom ftp using locked user account. 2. Anonymous ftp user could see complete filesystem. 3. anonymous ftp hangs when ftp account is locked Defect Description: PHNE_22124: 1. The minimal list of commands and devices that should be available in the chroot environment are /usr/bin/ls /sbin/lslevel /sbin/lsilevel /sbin/lspriv /sbin/lsacl /dev/spdcontrol Moreover, these commands should be statically linked and should have the required potential privileges. The absence of this configuration causes various warining messages of failure of execution of commands in a FTP session. 2. The anonymous FTP daemon does not set its attributes to match with the requesting clients. 3. The man page is not upto date. Resolution: 1. The ftpd daemon has been enhanced to test the right permissions of the commands and the devices in the Anonymous FTP account if commands or the device nodes are present. 2. In case the Anonymous FTP account is on a filesystem different from the root, the required potential privileges must be added to the copied commands.The /sbin/ls must be copied to /usr/bin/ls. In case the Anonymous FTP account is on the root fileysystem, one should try to make hard links. The /usr/bin/ls must be linked to /sbin/ls. 3. The anonymous FTP daemon sets its privileges to match with the requesting client. 4. The manpage has been updated. PHNE_18648: 1. No ftpd(1M) has this functionality. 2. Port of PHNE_13597 Resolution: 1. Modify logging routines to support btmp and utmp information. 2. Port PHNE_13597 PHNE_17367: 1. ftpd did not check for locked account. 2. The chroot(2) call was not being performed so the user was never moved into the anonymous ftp directory. 3. ftpd did not reply to client when closing connection Resolution: 1. When a locked account is entered, return an error message and close connection. 2. Removed the TOS specific code so we chdir(2). 3. Send a reply message when closing connection. SR: 0000000000 Patch Files: /usr/lbin/ftpd /usr/bin/ftp /usr/share/man/man1m.Z/ftpd.1m /usr/share/man/man1.Z/ftp.1 what(1) Output: /usr/lbin/ftpd: 2000/10/23 Hewlett-Packard HP-UX 10.26 TOS [ ic5ff - DAV17 ] Copyright (c) 1985, 1988 Regents of the University o f California. 00/10/23 services/INETSVCS/ftpd/ftpd.c, hpux, hpux_1 0.26, ic5ff Revisi on 1.15 PATCH_10.26 (PHNE_22124) ftpd.c based on 5.28 (Berkeley) 4/20/89 Revision 1.7.212.4 Tue Oct 24 04:47:30 GMT 2000 99/05/20 services/INETSVCS/ftpd/ftpcmd.y, hpux, hpux _10.26, ic5ff Revi sion 1.5 PATCH_10.26 (PHNE_18648) ftpcmd.y 5.20 (Berkeley) 2/28/89 glob.c 5.7 (Berkeley) 12/14/88 popen.c 5.7 (Berkeley) 2/14/89 00/10/23 services/INETSVCS/ftpd/ftpd_sec.c, hpux, hp ux_10.26, ic5ff Re vision 1.5 PATCH_10.26 (PHNE_22124) 99/05/21 services/INETSVCS/ftpd/logwtmp.c, hpux, hpu x_10.26, ic5ff Rev ision 1.2 PATCH_10.26 (PHNE_18648) logwtmp.c 5.2 (Berkeley) 9/22/88 /usr/bin/ftp: 2000/10/23 Hewlett-Packard HP-UX 10.26 TOS [ ic5ff - DAV17 ] Copyright (c) 1985, 1989 Regents of the University o f California. 00/10/23 services/INETSVCS/ftp/main.c, hpux, hpux_10 .26, ic5ff Revision 1.5 PATCH_10.26 (PHNE_22124) main.c based on 5.13 (Berkeley) 3/14/89 Revision 1.1.212.3 Tue Oct 24 04:46:45 GMT 2000 00/10/23 services/INETSVCS/ftp/cmds.c, hpux, hpux_10 .26, ic5ff Revision 1.8 PATCH_10.26 (PHNE_22124) cmds.c 5.18 (Berkeley) 4/20/89 cmdtab.c 5.9 (Berkeley) 3/21/89 00/10/23 services/INETSVCS/ftp/cmdtab.c, hpux, hpux_ 10.26, ic5ff Revisi on 1.5 PATCH_10.26 (PHNE_22124) 00/10/23 services/INETSVCS/ftp/ftp.c, hpux, hpux_10. 26, ic5ff Revision 1.12 PATCH_10.26 (PHNE_22124) ftp.c 5.28 (Berkeley) 4/20/89 glob.c 5.7 (Berkeley) 12/14/88 domacro.c 1.6 (Berkeley) 2/28/89 /usr/share/man/man1m.Z/ftpd.1m: None /usr/share/man/man1.Z/ftp.1: None cksum(1) Output: 3319091690 94208 /usr/lbin/ftpd 3798982746 106496 /usr/bin/ftp 1132882663 10444 /usr/share/man/man1m.Z/ftpd.1m 3709946356 13403 /usr/share/man/man1.Z/ftp.1 Patch Conflicts: None Patch Dependencies: None Hardware Dependencies: None Other Dependencies: None Supersedes: PHNE_17367 PHNE_18648 Equivalent Patches: None Patch Package Size: 280 KBytes Installation Instructions: Please review all instructions and the Hewlett-Packard SupportLine User Guide or your Hewlett-Packard support terms and conditions for precautions, scope of license, restrictions, and, limitation of liability and warranties, before installing this patch. ------------------------------------------------------------ 1. Back up your system before installing a patch. 2. Login as root. 3. Copy the patch to the /tmp directory. 4. Move to the /tmp directory and unshar the patch: cd /tmp sh PHNE_22124 5a. For a standalone system, run swinstall to install the patch: swinstall -x autoreboot=true -x match_target=true \ -s /tmp/PHNE_22124.depot By default swinstall will archive the original software in /var/adm/sw/patch/PHNE_22124. If you do not wish to retain a copy of the original software, you can create an empty file named /var/adm/sw/patch/PATCH_NOSAVE. WARNING: If this file exists when a patch is installed, the patch cannot be deinstalled. Please be careful when using this feature. It is recommended that you move the PHNE_22124.text file to /var/adm/sw/patch for future reference. To put this patch on a magnetic tape and install from the tape drive, use the command: dd if=/tmp/PHNE_22124.depot of=/dev/rmt/0m bs=2k Special Installation Instructions: None