Patch Name: PHNE_8107 Patch Description: s700_800 10.0X rdist(1) cumulative patch Creation Date: 96/07/30 Post Date: 96/07/30 Hardware Platforms - OS Releases: s700: 10.00 10.01 s800: 10.00 10.01 Products: N/A Filesets: InternetSrvcs.INETSVCS-RUN Automatic Reboot?: No Status: General Superseded Critical: No Path Name: /hp-ux_patches/s700_800/10.X/PHNE_8107 Symptoms: PHNE_8107: * A bug was found in RDIST which can allow an unprivileged local user to gain unauthorized access. This patch fixes the bug. * RDIST has been enhanced to handle file sizes greater than 2 Giga bytes. This functionality is available as a patch for 10.20. Existing 10.x RDIST does not check for size overflow. As a result, large file transfers from a large file aware RDIST to a 10.x RDIST will not cause graceful termination. This patch will check for size overflow and cause graceful termination if it is the target of a large file transfer. PHNE_7433: * RDIST does not set the owner and group for symbolic links and directories. PHNE_6962: * RDIST sees only the last two of the specified file entries. Defect Description: PHNE_8107: * RDIST creates an error message based on a user provided string without checking bounds on the buffer used. This buffer is on the stack, and can therefore be used to execute arbitrary instructions. * The size field in the existing RDIST is an integer. The extraction of size from the received buffer does not check for size overflow. As a result, size becomes negative. Patch PHNE_7920, released for 10.20,will support large files ( > 2G). In order for existing RDIST to behave correctly with this new version, some changes have been made. PHNE_7433: * RDIST did not set the owner and group for the copied directories and symbolic links. The change in owner and group was being done only for regular files. PHNE_6962: * RDIST had a bug while getting the list of file names or host names. The start pointer to the list was not saved. Therefore only the last two items in the list are seen by RDIST. SR: 4701329367 5003309831 5003281329 Patch Files: /usr/bin/rdist what(1) Output: /usr/bin/rdist: $Revision: 1.1.112.2 Fri Jul 26 00:42:00 GMT 1996$ cksum(1) Output: 1582953384 65536 /usr/bin/rdist Patch Conflicts: None Patch Dependencies: s700: 10.00 10.01: PHCO_7798 s800: 10.00 10.01: PHCO_7798 Hardware Dependencies: None Other Dependencies: None Supersedes: PHNE_6962 PHNE_7433 Equivalent Patches: None Patch Package Size: 120 Kbytes Installation Instructions: Please review all instructions and the Hewlett-Packard SupportLine User Guide or your Hewlett-Packard support terms and conditions for precautions, scope of license, restrictions, and, limitation of liability and warranties, before installing this patch. ------------------------------------------------------------ 1. Back up your system before installing a patch. 2. Login as root. 3. Copy the patch to the /tmp directory. 4. Move to the /tmp directory and unshar the patch: cd /tmp sh PHNE_8107 5a. For a standalone system, run swinstall to install the patch: swinstall -x autoreboot=true -x match_target=true \ -s /tmp/PHNE_8107.depot 5b. For a homogeneous NFS Diskless cluster run swcluster on the server to install the patch on the server and the clients: swcluster -i -b This will invoke swcluster in the interactive mode and force all clients to be shut down. WARNING: All cluster clients must be shut down prior to the patch installation. Installing the patch while the clients are booted is unsupported and can lead to serious problems. The swcluster command will invoke an swinstall session in which you must specify: alternate root path - default is /export/shared_root/OS_700 source depot path - /tmp/PHNE_8107.depot To complete the installation, select the patch by choosing "Actions -> Match What Target Has" and then "Actions -> Install" from the Menubar. 5c. For a heterogeneous NFS Diskless cluster: - run swinstall on the server as in step 5a to install the patch on the cluster server. - run swcluster on the server as in step 5b to install the patch on the cluster clients. By default swinstall will archive the original software in /var/adm/sw/patch/PHNE_8107. If you do not wish to retain a copy of the original software, you can create an empty file named /var/adm/sw/patch/PATCH_NOSAVE. Warning: If this file exists when a patch is installed, the patch cannot be deinstalled. Please be careful when using this feature. It is recommended that you move the PHNE_8107.text file to /var/adm/sw/patch for future reference. To put this patch on a magnetic tape and install from the tape drive, use the command: dd if=/tmp/PHNE_8107.depot of=/dev/rmt/0m bs=2k Special Installation Instructions: The latest libc patch for 10.0x should be installed before this patch is installed. Please note RDIST uses "SNPRINTF" which is only available from the libc patch. Patch (PHCO_7798) contains this fix. All subsequent libc patches will contain the fix. RDIST will not work without this patch.