Patch Name: PHNE_27815 Patch Description: s700_800 10.26 ftpd(1M) and ftp(1) cumulative patch Creation Date: 02/10/01 Post Date: 02/10/10 Hardware Platforms - OS Releases: s700: 10.26 s800: 10.26 Products: N/A Filesets: InternetSrvcs.INETSVCS-RUN InternetSrvcs.INET-ENG-A-MAN Automatic Reboot?: No Status: General Superseded Critical: No Path Name: /hp-ux_patches/s700_800/10.X/PHNE_27815 Symptoms: PHNE_27815: ftpd does not function when Information Labels are enabled. PHNE_25340: porting of 10.20 patch PHNE_23948 (PHNE_23948:) 1. CR JAGad68308/ SR 8606199121. ftpd does not function properly for some commands. 2. CR JAGad68257/ SR 8606199070. ftpd does not behave as expected in trusted systems. 3. CR JAGad24502/ SR 8606155185. ftpd man page does not have information on -S option. PHNE_22124: 1. The anonymous FTP does not work correctly. 2. The anonymous FTP runs with root privilegs. 3. The man page does not provide the upto date information on setting up anonymous ftp account. 4. Porting of 10.20 patch PHNE_22057 PHNE_18648: 1. ftp sessions do not appear in utmp failed ftp sessions do not appear in btmp 2. Port of PHNE_13597 PHNE_17367: 1. System allows user to perfom ftp using locked user account. 2. Anonymous ftp user could see complete filesystem. 3. anonymous ftp hangs when ftp account is locked Defect Description: PHNE_27815: ftpd does not handle privileges properly. Resolution: Code has been modified to raise proper privileges. Man page has been updated to include the change. PHNE_25340: porting of 10.20 patch PHNE_23948 (PHNE_23948:) 1. CR JAGad68308/ SR 8606199121. ftpd does not function properly for some commands. Resolution: * Code changes have been made to fix the problem. 2. CR JAGad68257/ SR 8606199070. ftpd does not behave as expected in trusted systems. Resolution: * Code changes have been made to fix the problem. 3. CR JAGad24502/ SR 8606155185. PHNE_17963, adds a -S option to suppress the hostname and version from the initial banner. However, this option is not documented in the ftpd man page. Resolution: Man page has been updated to include the -S option: -S Suppresses the name and version of the FTP server in the banner output. PHNE_22124: 1. The minimal list of commands and devices that should be available in the chroot environment are /usr/bin/ls /sbin/lslevel /sbin/lsilevel /sbin/lspriv /sbin/lsacl /dev/spdcontrol Moreover, these commands should be statically linked and should have the required potential privileges. The absence of this configuration causes various warining messages of failure of execution of commands in a FTP session. 2. The anonymous FTP daemon does not set its attributes to match with the requesting clients. 3. The man page is not upto date. Resolution: 1. The ftpd daemon has been enhanced to test the right permissions of the commands and the devices in the Anonymous FTP account if commands or the device nodes are present. 2. In case the Anonymous FTP account is on a filesystem different from the root, the required potential privileges must be added to the copied commands.The /sbin/ls must be copied to /usr/bin/ls. In case the Anonymous FTP account is on the root fileysystem, one should try to make hard links. The /usr/bin/ls must be linked to /sbin/ls. 3. The anonymous FTP daemon sets its privileges to match with the requesting client. 4. The manpage has been updated. PHNE_18648: 1. No ftpd(1M) has this functionality. 2. Port of PHNE_13597 Resolution: 1. Modify logging routines to support btmp and utmp information. 2. Port PHNE_13597 PHNE_17367: 1. ftpd did not check for locked account. 2. The chroot(2) call was not being performed so the user was never moved into the anonymous ftp directory. 3. ftpd did not reply to client when closing connection Resolution: 1. When a locked account is entered, return an error message and close connection. 2. Removed the TOS specific code so we chdir(2). 3. Send a reply message when closing connection. SR: 8606199121 8606199070 8606155185 Patch Files: /usr/lbin/ftpd /usr/bin/ftp /usr/share/man/man1m.Z/ftpd.1m /usr/share/man/man1.Z/ftp.1 /etc/auth/system/files.fcdb/15.net/PHNE_25340.fcdb /etc/auth/system/files.fcdb/15.net/PHNE_27815.fcdb what(1) Output: /usr/lbin/ftpd: 2002/09/30 Hewlett-Packard HP-UX 10.26 TOS [ ic5gx - DAV17 ] Copyright (c) 1985, 1988 Regents of the University o f California. 01/11/27 services/INETSVCS/ftpd/ftpd.c, hpux, hpux_1 0.26, ic5gx Revision 1.17 PATCH_10.26 (PHNE_ 25340) ftpd.c based on 5.28 (Berkeley) 4/20/89 Revision 1.7.212.4 Mon Sep 30 20:08:54 GMT 2002 01/10/17 services/INETSVCS/ftpd/ftpcmd.y, hpux, hpux _10.26, ic5gx Revision 1.6 PATCH_10.26 (PHNE _25340) ftpcmd.y 5.20 (Berkeley) 2/28/89 01/10/17 services/INETSVCS/ftpd/glob.c, hpux, hpux_1 0.26, ic5gx Revision 1.4 PATCH_10.26 (PHNE_2 5340) glob.c 5.7 (Berkeley) 12/14/88 popen.c 5.7 (Berkeley) 2/14/89 02/09/02 services/INETSVCS/ftpd/ftpd_sec.c, hpux, hp ux_10.26, ic5gx Revision 1.8 PATCH_10.26 (PH NE_27815) 99/05/21 services/INETSVCS/ftpd/logwtmp.c, hpux, hpu x_10.26, ic5gx Revision 1.2 PATCH_10.26 (PHN E_18648) logwtmp.c 5.2 (Berkeley) 9/22/88 /usr/bin/ftp: 2000/10/23 Hewlett-Packard HP-UX 10.26 TOS [ ic5ff - DAV17 ] Copyright (c) 1985, 1989 Regents of the University o f California. 00/10/23 services/INETSVCS/ftp/main.c, hpux, hpux_10 .26, ic5ff Revision 1.5 PATCH_10.26 (PHNE_22 124) main.c based on 5.13 (Berkeley) 3/14/89 Revision 1.1.212.3 Tue Oct 24 04:46:45 GMT 2000 00/10/23 services/INETSVCS/ftp/cmds.c, hpux, hpux_10 .26, ic5ff Revision 1.8 PATCH_10.26 (PHNE_22 124) cmds.c 5.18 (Berkeley) 4/20/89 cmdtab.c 5.9 (Berkeley) 3/21/89 00/10/23 services/INETSVCS/ftp/cmdtab.c, hpux, hpux_ 10.26, ic5ff Revision 1.5 PATCH_10.26 (PHNE_ 22124) 00/10/23 services/INETSVCS/ftp/ftp.c, hpux, hpux_10. 26, ic5ff Revision 1.12 PATCH_10.26 (PHNE_22 124) ftp.c 5.28 (Berkeley) 4/20/89 glob.c 5.7 (Berkeley) 12/14/88 domacro.c 1.6 (Berkeley) 2/28/89 /usr/share/man/man1m.Z/ftpd.1m: None /usr/share/man/man1.Z/ftp.1: None /etc/auth/system/files.fcdb/15.net/PHNE_25340.fcdb: $Revision 1.1 etc/auth/system/files.fcdb/15.net/PHNE _25340.fcdb, hpux, hpux_10.26, ic5gf $ $Date : 01/09/26 10:08:31 $ Hewlett-Packard Co. 01/09/26 etc/auth/system/files.fcdb/15.net/PHNE_2534 0.fcdb, hpux, hpux_10.26, ic5gf Revision 1.1 PATCH_10.26 (PHNE_25340) /etc/auth/system/files.fcdb/15.net/PHNE_27815.fcdb: $Revision 1.1 etc/auth/system/files.fcdb/15.net/PHNE _27815.fcdb, hpux, hpux_10.26, ic5gx $ $Date : 02/09/02 16:17:58 $ Hewlett-Packard Co. 02/09/02 etc/auth/system/files.fcdb/15.net/PHNE_2781 5.fcdb, hpux, hpux_10.26, ic5gx Revision 1.1 PATCH_10.26 (PHNE_27815) cksum(1) Output: 3627355817 94208 /usr/lbin/ftpd 3798982746 106496 /usr/bin/ftp 3862649240 10533 /usr/share/man/man1m.Z/ftpd.1m 3709946356 13403 /usr/share/man/man1.Z/ftp.1 3363175346 642 /etc/auth/system/files.fcdb/15.net/ PHNE_25340.fcdb 119979461 712 /etc/auth/system/files.fcdb/15.net/ PHNE_27815.fcdb Patch Conflicts: None Patch Dependencies: None Hardware Dependencies: None Other Dependencies: None Supersedes: PHNE_17367 PHNE_18648 PHNE_22124 PHNE_25340 Equivalent Patches: None Patch Package Size: 280 KBytes Installation Instructions: Please review all instructions and the Hewlett-Packard SupportLine User Guide or your Hewlett-Packard support terms and conditions for precautions, scope of license, restrictions, and, limitation of liability and warranties, before installing this patch. ------------------------------------------------------------ 1. Back up your system before installing a patch. 2. Login as root. 3. Copy the patch to the /tmp directory. 4. Move to the /tmp directory and unshar the patch: cd /tmp sh PHNE_27815 5a. For a standalone system, run swinstall to install the patch: swinstall -x autoreboot=true -x match_target=true \ -s /tmp/PHNE_27815.depot By default swinstall will archive the original software in /var/adm/sw/patch/PHNE_27815. If you do not wish to retain a copy of the original software, you can create an empty file named /var/adm/sw/patch/PATCH_NOSAVE. WARNING: If this file exists when a patch is installed, the patch cannot be deinstalled. Please be careful when using this feature. It is recommended that you move the PHNE_27815.text file to /var/adm/sw/patch for future reference. To put this patch on a magnetic tape and install from the tape drive, use the command: dd if=/tmp/PHNE_27815.depot of=/dev/rmt/0m bs=2k Special Installation Instructions: None