Patch-ID# 101592-09 Keywords: security ufs mapsearch corruption frag unlink quota limits Synopsis: SunOS 4.1.3_U1: UFS File System Patch Date: Dec/03/97 Solaris Release: 1.1.1A SunOS Release: 4.1.3_U1A Unbundled Product: Unbundled Release: BugId's fixed with this patch: 1243416 1122110 1198894 1146022 1118195 1121151 1118195 1141100 1104800 1086371 1078771 1115083 1113852 1161351 1178842 1172008 1170918 1183488 1142151 1182440 4034187 Changes incorporated in this version: 4034187 Relevant Architecture: sparc NOTE: sun4 sun4c sun4m Patches which may conflict with this patch: Other patches this accumulates and obsoletes: 101793-01 101445-01 101784-04 Obsoleted by: Files included with this patch: README sun4/rpc.lockd sun4/rpc.statd sun4/ufs_lockf.o sun4/ufs_vnodeops.o sun4/ufs_dir.o sun4/quota_ufs.o sun4c/rpc.lockd sun4c/rpc.statd sun4c/ufs_lockf.o sun4c/ufs_vnodeops.o sun4c/ufs_dir.o sun4c/quota_ufs.o sun4m/rpc.lockd sun4m/rpc.statd sun4m/ufs_lockf.o sun4m/ufs_vnodeops.o sun4m/ufs_dir.o sun4m/quota_ufs.o ufs/lockf.h Problem Description: -09 Rev: 4034187 buffer overflow in statd allows root attack -08 Rev: 1142151 rpc.lockd may core dump after going through reclaim 1182440 clients dump core and lockd server hangs -07 Rev: 1243416 statd security problem -06 Rev: Source for sun4 architecture recompiled due to errors with 101592-04 and -05. -05 Rev: 1104800: When a user's process has no controlling terminal and is the cause for the user exceeding his disk quotas, error messages are sent to the console. The messages now display the uid of the user and pid of offending process. 1183488: The system panics when the application which uses Informix version 5 is running. 1086371: rpc.lockd does not respond correctly to lock requests from machines in other DNS 1078771: nfs locking can't crash recover across domains 1115083: PC client locks not freed on client reboot 1113852: rpc.lockd dumps core in routine proc_priv_crash() 1161351: Under a reasonable load the lock daemon deadlocks. 1178842: Patch 101784-02 causes Assertion failed panic under 4.1.3_U1 1172008: 4.1.3_U1 fcntl behaves differently between local and NFS locking 1170918: file locking on remotely mounted r/o cdrom fails -04 Rev: 1141100: Machine panics with irele when doing a unlink -03, -02 & -01 Rev: 1198894: System panics (mapsearch freeing free frag) when users hit quota limits on 4.x. 1146022: Mandatory locking gets set when it shouldn't. 1118195: Panic: ifree: freeing free inode. 1121151: Panic: alloccgblk: can't find blk in cyl. 1126760: Write() requests which fail due to ENOSPC will still set the file size. 1122110: Fsck fails to fix a corrupted directory after a ufs panic. Patch Installation Instructions: AS ROOT: 1. FOR BOTH NON-DBE AND DBE INSTALLATIONS: Save FCS version of the file: mv /sys/`arch -k`/OBJ/ufs_vnodeops.o /sys/`arch -k`/OBJ/ufs_vnodeops.o.FCS mv /sys/`arch -k`/OBJ/ufs_dir.o /sys/`arch -k`/OBJ/ufs_dir.o.FCS mv /sys/`arch -k`/OBJ/ufs_lockf.o /sys/`arch -k`/OBJ/ufs_lockf.o.FCS mv /sys/`arch -k`/OBJ/quota_ufs.o /sys/`arch -k`/OBJ/quota_ufs.o.FCS mv /usr/etc/rpc.lockd /usr/etc/rpc.lockd.FCS mv /usr/etc/rpc.statd /usr/etc/rpc.statd.FCS mv /sys/ufs/lockf.h /sys/ufs/lockf.h.FCS mv /usr/include/ufs/lockf.h /usr/include/ufs/lockf.h.FCS 2. Copy the patched file: cp ufs/lockf.h /sys/ufs cp ufs/lockf.h /usr/include/ufs cp `arch -k`/rpc.lockd /usr/etc/rpc.lockd cp `arch -k`/rpc.statd /usr/etc/rpc.statd cp `arch -k`/ufs_lockf.o /sys/`arch -k`/OBJ cp `arch -k`/ufs_dir.o /sys/`arch -k`/OBJ cp `arch -k`/ufs_vnodeops.o /sys/`arch -k`/OBJ cp `arch -k`/quota_ufs.o /sys/`arch -k`/OBJ 3. Set proper permissions and ownership: chmod 755 /usr/etc/rpc.lockd /usr/etc/rpc.statd chown root.staff /usr/etc/rpc.lockd /usr/etc/rpc.statd chmod 444 /usr/include/ufs/lockf.h chown root.staff /usr/include/ufs/lockf.h chmod 444 /sys/ufs/lockf.h chown root.staff /sys/ufs/lockf.h chmod 444 /sys/`arch -k`/OBJ/ufs_*.o chown root.staff /sys/`arch -k`/OBJ/ufs_*.o chmod 444 /sys/`arch -k`/OBJ/quota_ufs.o chown root.staff /sys/`arch -k`/OBJ/quota_ufs.o 3. Rebuild the kernel and reboot the system with the new kernel. Please refer to the System and Networking Administration Manual for details on building and installing a custom kernel.