Patch-ID# 116553-04


Download this patch from My Oracle Support

Your use of the firmware, software and any other materials contained in this update is subject to My Oracle Support Terms of Use, which may be viewed at My Oracle Support.
For further information on patching best practices and resources, please see the following links:
Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.

Keywords: security su
Synopsis: SunOS 5.9_x86: su Patch
Date: Oct/06/2010


Install Requirements: NA

Solaris Release: 9_x86

SunOS Release: 5.9_x86

Unbundled Product:

Unbundled Release:

Xref: This patch available for SPARC as patch 116552

Topic: SunOS 5.9_x86: su Patch

Relevant Architectures: i386

Bugs fixed with this patch:

Sun CR # Bug #
402655614930888
621977415245438
675451415512102
695950515648499


Changes incorporated in this version: 6959505

Patches accumulated and obsoleted by this patch:

Patches which conflict with this patch:

Patches required with this patch:

Obsoleted by:

Files included with this patch:

/sbin/su.static
/usr/bin/su
/usr/lib/embedded_su

Problem Description:

6959505 su: problems with return values
 
(from 116553-03)
 
6754514 su(1M) uses wrong facility level to record syslog message
 
(from 116553-02)
 
6219774 embedded_su: create new variation on su for use by other programs (PSARC 2004/695)
 
(from 116553-01)
 
4026556 su command does not pick up locale variables from /etc/TIMEZONE


Patch Installation Instructions:
--------------------------------
 
Please refer to the man pages for instructions on using 'patchadd'
and 'patchrm' commands provided with Solaris.
 
The following example installs a patch to a standalone machine:
 
       example# patchadd /var/spool/patch/123456-07
 
The following example removes a patch from a standalone system:
 
       example# patchrm 123456-07
 
For additional examples please see the appropriate man pages. Any
other special or non-generic installation instructions should be
described below as special instructions.


Special Install Instructions:
-----------------------------
 
This patch includes a new command, embedded_su. This command offers
su-like features to programs. It enables graphical user interfaces to
prompt for authentication data and execute operations as another user.
 
embedded_su uses pam(3PAM) for authentication, account management, and
session management. Like su(1M), the PAM configuration policy can be
used to control embedded_su. The PAM service name used is embedded_su.
 
embedded_su is almost exactly equivalent to su(1M) for security
purposes. The only exception is that it is slightly easier to use
embedded_su in writing a malicious program that might trick a user into
providing secret data.


README -- Last modified date: Saturday, November 10, 2012