From: Christopher L. Barnard (cbar44@tsg.cbot.com)
Date: Thu Feb 01 2007 - 10:53:47 EST
There is a security problem with the /usr/bin/tip binary that is resolved
with the application of patch 123368-01 (solaris 9). We routinely chmod
the binary to 0400 and chown it to root, and remove the user uucp from the
passwd file. However, we do on occasion enable the binary and use it, so
I want to patch it. 123368-01 fails, however:
ERROR: attribute verification of </usr/bin/tip> failed
owner name <uucp> not found in passwd table(s)
If I try to patch it with the -u flag to patchadd, I still get the same
error and showrev -p does not list it as being applied. However the file
does appear to be updated, albeit with the owner totally screwed up:
(before patching)
-r-------- 1 root bin 54740 Apr 6 2002 /usr/bin/tip
(after patching)
-r-s--x--x 1 1503132 bin 54892 Jan 30 09:52 /usr/bin/tip*
# cd /var/tmp/patches/123368-01/SUNWcsu/reloc/usr/bin
# ls -lFa
total 112
drwxr-xr-x 2 cbar44 sysadmin 512 Jan 30 09:52 ./
drwxr-xr-x 3 cbar44 sysadmin 512 Jan 30 09:52 ../
-rwxr-xr-x 1 cbar44 sysadmin 54892 Jan 30 09:52 tip*
# diff tip /usr/bin/tip
#
So is there a way to apply this patch and (1) have showrev acknowledge that
it is there, and (2) not tell me that it wasn't installed when it in fact
was?
+-----------------------------------------------------------------------+
| Christopher L. Barnard O When I was a boy I was told that |
| cbarnard@tsg.cbot.com / \ anybody could become president. |
| (312) 347-4901 O---O Now I'm beginning to believe it. |
| http://www.cs.uchicago.edu/~cbarnard --Clarence Darrow |
+----------PGP public key available via finger or PGP keyserver---------+
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:41:34 EDT