Summary: patch 111570-03 for Solaris 8 wont install though uucp is present

From: Gold Sun (goldsun8@yahoo.com.sg)
Date: Tue Sep 13 2005 - 22:44:52 EDT

• Next message: mark_round@ipcmedia.com: "SUMMARY: Tracking down system calls on Solaris 9"
• Previous message: Tony Magtalas: "SUMMARY: Question about Sun patch: How to find out what patches I've just installed"
• In reply to: Gold Sun: "patch 111570-03 for Solaris 8 wont install though uucp is present"
• Next in thread: Mitchell Baker: "Re: UPDATE Solaris 9 ftpd problem"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Many thanks to Casper, Joel, Deluca & Daniel & Lance. I've
decided to post just Casper's reply below as it covers all.
 
uucp is removed as it's part of Solaris hardening required by
our corporate compliance. I'm going to explain to the security
compliant person that either we put back uucp & apply the
patch or we waive the patch. In case he asks for uucp to
be restored, apply the patch, then remove uucp again, do
you think this is a wise thing to do? The ownership of
uucp became root (with sticky bit on) possibly a side-
consequence of the Solaris hardening.
 
 
Thanks
 
------------------------- Casper's reply ---------------------------------
 
>I'm applying the above patch for the fact that uucp is present :
># ls -ld /usr/bin/uucp
>---s--x--x 1 root other 67192 Jul 29 2003 /usr/bin/uucp
>
>However, the patchadd ./111570-03 fails with the following errors:
 
You've changed your system in several unsupported and *dangerous* ways:
 - removed uucp group and user id (thus breaking uucp)
 - chown the files to root (thus making exploits which give *uucp*
   access suddenly exploits giving *root* access.
Either remove the uucp packages or restore them to their factory
settings.
(restore the uucp user and restore file permissions)
 
 
 
================ original question ======================
 
Date:Tue, 13 Sep 2005 17:44:43 +0800 (CST)From:"Gold Sun" <goldsun8@yahoo.com.sg> To:sunmanagers@sunmanagers.orgSubject:patch 111570-03 for Solaris 8 wont install though uucp is present
Hi based on the urlhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-57508-1&searchclause=security I'm applying the above patch for the fact that uucp is present :# ls -ld /usr/bin/uucp---s--x--x 1 root other 67192 Jul 29 2003 /usr/bin/uucpHowever, the patchadd ./111570-03 fails with the following errors: # more /var/tmp/111570* | more::::::::::::::/var/tmp/111570-03.log.21010::::::::::::::This appears to be an attempt to install the same architecture andversion of a package which is already installed. This installationwill attempt to overwrite this package.Dryrun complete.No changes were made to the system.This appears to be an attempt to install the same architecture andversion of a package which is already installed. This installationwill attempt to overwrite this package.pkgadd: ERROR: unable to create package object </usr/lib/uucp>. group name <uucp> not found in group table(s) owner name <uucp> not found in passwd table(s)ERROR: attribute veri
 fication
 of </usr/bin/uucp> failed group name <uucp> not found in group table(s) owner name <uucp> not found in passwd table(s)ERROR: attribute verification of </usr/bin/uuglist> failed--More-- group name <uucp> not found in group table(s) owner name <uucp> not found in passwd table(s)ERROR: attribute verification of </usr/bin/uustat> failed group name <uucp> not found in group table(s) owner name <uucp> not found in passwd table(s)ERROR: attribute verification of </usr/bin/uux> failed group name <uucp> not found in group table(s) owner name <uucp> not found in passwd table(s)ERROR: attribute verification of </usr/lib/uucp> failed group name <uucp> not found in group table(s) owner name <uucp> not found in passwd table(s)ERROR: attribute verification of </usr/lib/uucp/bnuconvert> failed group name <uucp> not found in group table(s) owner name <uucp> not found in passwd table(s)ERROR: attribute verification of </usr/lib/uucp/uucheck> failed group
  name
 <uucp> not found in group table(s) owner name <uucp> not found in passwd table(s)ERROR: attribute verification of </usr/lib/uucp/uucico> failed group name <uucp> not found in group table(s) owner name <uucp> not found in passwd table(s)ERROR: attribute verification of </usr/lib/uucp/uucleanup> failed group name <uucp> not found in group table(s) owner name <uucp> not found in passwd table(s)ERROR: attribute verification of </usr/lib/uucp/uusched> failed group name <uucp> not found in group table(s) owner name <uucp> not found in passwd table(s)ERROR: attribute verification of </usr/lib/uucp/uuxqt> failed group name <uucp> not found in group table(s) owner name <uucp> not found in passwd table(s)Installation of <SUNWbnuu> partially failed. <== When I issue "ls -ld /var/sadm/patch/111570* ",it returns nothing, ie the patch is not installed. Appreciate any inputs, many thanks

Send instant messages to your online friends http://asia.messenger.yahoo.com
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers

• Next message: mark_round@ipcmedia.com: "SUMMARY: Tracking down system calls on Solaris 9"
• Previous message: Tony Magtalas: "SUMMARY: Question about Sun patch: How to find out what patches I've just installed"
• In reply to: Gold Sun: "patch 111570-03 for Solaris 8 wont install though uucp is present"
• Next in thread: Mitchell Baker: "Re: UPDATE Solaris 9 ftpd problem"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:31:38 EDT