Patch-ID# 116553-04
Download this patch from My Oracle Support
Your use of the firmware, software and any other materials contained
in this update is subject to My Oracle Support Terms of Use, which
may be viewed at My Oracle Support.
|
For further information on patching best practices and resources, please
see the following links:
|
Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
|
Keywords: security su
Synopsis: SunOS 5.9_x86: su Patch
Date: Oct/06/2010
Install Requirements: NA
Solaris Release: 9_x86
SunOS Release: 5.9_x86
Unbundled Product:
Unbundled Release:
Xref: This patch available for SPARC as patch 116552
Topic: SunOS 5.9_x86: su Patch
Relevant Architectures: i386
Bugs fixed with this patch:
Changes incorporated in this version: 6959505
Patches accumulated and obsoleted by this patch:
Patches which conflict with this patch:
Patches required with this patch:
Obsoleted by:
Files included with this patch:
/sbin/su.static
/usr/bin/su
/usr/lib/embedded_su
Problem Description:
6959505 su: problems with return values
(from 116553-03)
6754514 su(1M) uses wrong facility level to record syslog message
(from 116553-02)
6219774 embedded_su: create new variation on su for use by other programs (PSARC 2004/695)
(from 116553-01)
4026556 su command does not pick up locale variables from /etc/TIMEZONE
Patch Installation Instructions:
--------------------------------
Please refer to the man pages for instructions on using 'patchadd'
and 'patchrm' commands provided with Solaris.
The following example installs a patch to a standalone machine:
example# patchadd /var/spool/patch/123456-07
The following example removes a patch from a standalone system:
example# patchrm 123456-07
For additional examples please see the appropriate man pages. Any
other special or non-generic installation instructions should be
described below as special instructions.
Special Install Instructions:
-----------------------------
This patch includes a new command, embedded_su. This command offers
su-like features to programs. It enables graphical user interfaces to
prompt for authentication data and execute operations as another user.
embedded_su uses pam(3PAM) for authentication, account management, and
session management. Like su(1M), the PAM configuration policy can be
used to control embedded_su. The PAM service name used is embedded_su.
embedded_su is almost exactly equivalent to su(1M) for security
purposes. The only exception is that it is slightly easier to use
embedded_su in writing a malicious program that might trick a user into
providing secret data.
README -- Last modified date: Saturday, November 10, 2012