OBSOLETE Patch-ID# 108875-13


Download this patch from My Oracle Support

Your use of the firmware, software and any other materials contained in this update is subject to My Oracle Support Terms of Use, which may be viewed at My Oracle Support.
For further information on patching best practices and resources, please see the following links:
Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.

Keywords: security umount2 audit c2audit audit_event tpi m_proto t_discon_ind
Synopsis: Obsoleted by: 109007-11 SunOS 5.8: c2audit patch
Date: Jan/02/2003


Install Requirements: Reboot after installing this patch to activate the changes delivered. An alternative may be specified in the Special Install Instructions.

Solaris Release: 8

SunOS Release: 5.8

Unbundled Product:

Unbundled Release:

Xref: This patch available for x86 as patch 108876

Topic: SunOS 5.8: c2audit patch
	***********************************************************
	NOTE: This patch may contain one or more OEM-specific platform ports.
	      See the appropriate OEM_NOTES file within the patch for
	      information specific to these platforms.
	      DO NOT INSTALL this patch on an OEM system if a corresponding
	      OEM_NOTES file is not present (or is present, but instructs not
	      to install the patch), unless the OEM vendor directs otherwise.
	***********************************************************
	NOTE:  Refer to Special Install Instructions section for
               IMPORTANT specific information on this patch.

Relevant Architectures: sparc

Bugs fixed with this patch:

Sun CR # Bug #
125397314917110
413295014960923
422416614984418
429057515006288
430730615012830
430852515013279
431162615014695
432274115019078
432599715020423
433140115022721
433668915025020
433695915025132
433961115026283
434427515028271
434918015030261
435396515032124
445702815063985
449986415078186
452525015086683
471295815114462
476140115127915


Changes incorporated in this version: 4457028 4499864 4712958 4761401

Patches accumulated and obsoleted by this patch:

Patches which conflict with this patch:

Patches required with this patch: 109007-08 (or greater)

Obsoleted by: 109007-11

Files included with this patch:

/etc/security/audit_event
/etc/security/bsmconv
/kernel/sys/c2audit
/kernel/sys/sparcv9/c2audit
/usr/include/bsm/audit_kevents.h
/usr/lib/abi/abi_libbsm.so.1
/usr/lib/abi/sparcv9/abi_libbsm.so.1
/usr/lib/libbsm.a
/usr/lib/libbsm.so
/usr/lib/libbsm.so.1
/usr/lib/llib-lbsm
/usr/lib/llib-lbsm.ln
/usr/lib/sparcv9/libbsm.so
/usr/lib/sparcv9/libbsm.so.1
/usr/lib/sparcv9/llib-lbsm.ln
/usr/sbin/auditconfig
/usr/sbin/auditd

Problem Description:

4457028 c2_bsm and cron are not working together
4712958 c2_bsm should handle at-jobs spawned by unaudited user
4499864 aug_save_tid_ex does not check for a type IP address type
4761401 auditconfig -setaudit doesn't work on Solaris 8
 
(from 108875-12)
 
4132950 no AUE_inetd_connect records recorded.
4311626 na masks in audit_control are not set at system boot
 
(from 108875-11)
 
4525250 Certain security relevant system calls are not auditable.
 
(from 108875-10)
 
4331401 segmentation violation in au_user_mask()
 
(from 108875-09)
 
4349180 praudit on Solaris 8 cannot print audit log files produced by auditd on Solaris8
1253973 bsm does not audit write or writev system calls
 
(from 108875-08)
 
4353965 CDE logout / exit fails with Tooltalk message
 
(from 108875-07)
 
4339611 BSM does not work with some of the option.
4344275 64 bit problem with libbsm audit_class.c
 
(from 108875-06)
 
4336689 typo's in /etc/security/audit_event
4336959 audit record ID's incorrect for xmknod, xstat, lxstat
 
(from 108875-05)
 
4325997 BSM lacks hooks to support administrator authentication
 
(from 108875-04)
 
4307306 stopping c2 auditing does not always stop auditing in the kernel
 
(from 108875-03)
 
4322741 Recent change to sonode structure needlessly breaks lsof
 
(from 108875-02)
 
4224166 TPI messages get flushed if 3rd party module processes M_PROTO in service procedure
4290575 2nd connect() to determine status of non-blocking connect sends extra Syn
 
(from 108875-01)
 
4308525 The umount2 system call is not audited


Patch Installation Instructions:
--------------------------------
 
For Solaris 2.0-2.6 releases, refer to the Install.info file and/or
the README within the patch for instructions on using the generic
'installpatch' and 'backoutpatch' scripts provided with each patch.
 
For Solaris 7-9 releases, refer to the man pages for instructions
on using 'patchadd' and 'patchrm' scripts provided with Solaris.
Any other special or non-generic installation instructions should be
described below as special instructions.  The following example
installs a patch to a standalone machine:
 
       example# patchadd /var/spool/patch/104945-02
 
The following example removes a patch from a standalone system:
 
       example# patchrm 104945-02
 
For additional examples please see the appropriate man pages.


Special Install Instructions:
-----------------------------
 
	NOTE 1: To get the complete fix for 4224166 (TPI messages get
		flushed if 3rd party module processes), one needs to
		install the following patches:
 
		109043-01 (or newer)	sonode adb macro patch
		109041-01 (or newer)	sockfs patch
		109045-01 (or newer)	/usr/sbin/sparcv7/crash and
					/usr/sbin/sparcv9/crash patch
 
	NOTE 2: To get the complete fix for bug 4132950 (no AUE_inetd_connect
                records recorded.) please install the following patch:
 
                111624-03 (or newer)    inetd patch


README -- Last modified date: Friday, November 9, 2012