Patch-ID# 116552-04
Download this patch from My Oracle Support
Your use of the firmware, software and any other materials contained
in this update is subject to My Oracle Support Terms of Use, which
may be viewed at My Oracle Support.
|
For further information on patching best practices and resources, please
see the following links:
|
Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
|
Keywords: security su
Synopsis: SunOS 5.9: su patch
Date: Oct/06/2010
Install Requirements: NA
Solaris Release: 9
SunOS Release: 5.9
Unbundled Product:
Unbundled Release:
Xref: This patch available for x86 as patch 116553
Topic: SunOS 5.9: su patch
Relevant Architectures: sparc
Bugs fixed with this patch:
Changes incorporated in this version: 6959505
Patches accumulated and obsoleted by this patch:
Patches which conflict with this patch:
Patches required with this patch:
Obsoleted by:
Files included with this patch:
/sbin/su.static
/usr/bin/su
/usr/lib/embedded_su
Problem Description:
6959505 su: problems with return values
(from 116552-03)
6754514 su(1M) uses wrong facility level to record syslog message
(from 116552-02)
6219774 embedded_su: create new variation on su for use by other programs (PSARC 2004/695)
(from 116552-01)
4026556 su command does not pick up locale variables from /etc/TIMEZONE
Patch Installation Instructions:
--------------------------------
Please refer to the man pages for instructions on using 'patchadd'
and 'patchrm' commands provided with Solaris.
The following example installs a patch to a standalone machine:
example# patchadd /var/spool/patch/123456-07
The following example removes a patch from a standalone system:
example# patchrm 123456-07
For additional examples please see the appropriate man pages. Any
other special or non-generic installation instructions should be
described below as special instructions.
Special Install Instructions:
-----------------------------
This patch includes a new command, embedded_su. This command offers
su-like features to programs. It enables graphical user interfaces to
prompt for authentication data and execute operations as another user.
embedded_su uses pam(3PAM) for authentication, account management, and
session management. Like su(1M), the PAM configuration policy can be
used to control embedded_su. The PAM service name used is embedded_su.
embedded_su is almost exactly equivalent to su(1M) for security
purposes. The only exception is that it is slightly easier to use
embedded_su in writing a malicious program that might trick a user into
providing secret data.
README -- Last modified date: Saturday, November 10, 2012