Patch-ID# 109597-05 Keywords: security ON leak rpc rpcinfo memory nfs corruption aclcall mac policy tcp net_reply_equal bogus SAMP desktop applications delay broken router accreditation checks unlabeled logical interface default template kernel intel Synopsis: Trusted Solaris 7_x86: Kernel fixes for memory leak, memory corruption, tcp and security. Date: May/30/2001 Solaris Release: Trusted_Solaris_7_x86 SunOS Release: Unbundled Product: Unbundled Release: Xref: This patch available for SPARC as patch 109531 Topic: Trusted Solaris 7_x86: Kernel fixes for memory leak, memory corruption, tcp and security. Relevant Architectures: i386 BugId's fixed with this patch: 4281904 4285076 4289836 4311566 4313585 4323057 4330052 4338628 4360421 4451473 4453634 Changes incorporated in this version: 4451473 4453634 Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: Obsoleted by: Files included with this patch: kernel/drv/ip kernel/drv/tcp kernel/fs/nfs kernel/genunix kernel/suser_policy/genunix_policy kernel/tsol_policy/genunix_policy platform/i86pc/kernel/unix Problem Description: (for 109597-05) 4451473 Patch needed for TS equivalent of 4404947 4453634 Solaris/Trusted Solaris Intel can panic from user process (from 109597-04) 4338628 creation of "logical" interfaces for the network fails (from 109597-03) 4285076 Remove delay() of 60 ticks from secpolicy_tcp_write() 4311566 MAC is broken for TCP 4313585 TS7/TS8 sends bogus labeled tcp packets causing bad samp format errors 4323057 aclcall misuses arrays indexed by which 4330052 Can't launch desktop apps 4360421 router accreditation checks not performed for unlabeled packets (from 109597-02) Fixed README (from 109597-01) 4281904 Memory leak causing the system to hang under stress 4289836 Intel only: input method server (or rpcinfo) cannot communicate with RPC server Patch Installation Instructions: -------------------------------- Refer to the Install.info file for instructions on using the generic 'installpatch' and 'backoutpatch' scripts provided with each patch. Any other special or non-generic installation instructions should be described below as special instructions. Special Install Instructions: ----------------------------- Note: The steps below assume the patch tarfile has been placed into the ADMIN_LOW subdirectory of /tmp (/tmp is an MLD), owned by admin and the patch tarfile label is configured to ADMIN_LOW. Keep in mind, after rebooting, contents in /tmp directory are removed; if saving the patch tarfile is desired, select another MLD such as /var/tmp. 1) Login as a user authorized to assume the admin and root roles. Assume the admin role. 2) Create a subdirectory for the patch and move the patch tar file into it. # cd /tmp # mkdir # mv 123456-01.tar.Z ./ # cd is the directory containing the patch itself. 3) Uncompress the patch tarfile by typing: # uncompress 123456-01.tar.Z 4) Extract the patch by typing: # tar xvf 123456-01.tar 5) cd into the patch directory: # cd 123456-01 # pwd /tmp/patch-dir/123456-01 The tar file 123456-01.tar in this directory requires the "T" flag for tar file extraction in order to preserve its file security attributes. Failure to use this option will cause the patch installation to terminate. 6) Extract the patch by typing: # tar xvTf 123456-01.tar 7) Assume the root role, cd into the directory where the patch resides. # cd /tmp//123456-01 8) Install the patch by typing: installpatch where is the directory containing installpatch, and is the directory containing the patch itself. # pwd /tmp//123456-01 # ./installpatch . 9) The system must be rebooted for this patch to take effect. Special Backout Instructions: ---------------------------- 1) Login as a user authorized to assume the root role, assume root role. 2) Change directory to /var/sadm/patch # cd /var/sadm/patch 3) Backout patch by typing: /backoutpatch where is the patch number. # 123456-01/backoutpatch 123456-01 4) The system must be rebooted for this patch to take effect. README -- Last modified date: Wednesday, May 30, 2001