 |
≫ |
|
|
|
パッチ名: PHCO_35858
パッチ摘要: s700_800 11.11 id(1)累積パッチ
作成日: 07/02/08
公開日: 07/02/12
ハードウェアプラットフォームおよびOSリリース:
s700: 11.11
s800: 11.11
現象:
PHCO_35858:
(SR:8606446037 CR:JAGag03436)
起動時に、オプションの引き数"user"なしでid(1)を実行すると、ユーザー
<root>の構成済み補助グループが表示されます。
問題点の説明:
PHCO_35858:
(SR:8606446037 CR:JAGag03436)
起動時に(/etc/inittab内にid(1)のエントリを追加することによって)、オプ
ションの引き数"user"なしでid(1)を実行すると、不正に、ユーザー<root>の
補助グループが一覧表示されていました。/etc/inittabを読み取るinitプロセ
スの所有者はユーザー<root>ではないので、ユーザー<root>のグループ情報が
表示されるのは不適切です。
問題の再現手順:
/etc/inittab内に次のようなid(1)エントリを追加します。
tty1:123456:respawn:/usr/bin/id > /dev/console 2>&1
システムをリブートしてからコンソール出力をチェックします。コンソールに
次のような情報が表示されるはずです。
uid=0(root) gid=0(root) groups=3(sys),1(other),2(bin),
4(adm),5(daemon),6(mail),7(lp),20(users),60(ssgrp)
init()は、<user>が所有するプロセスではなくシステムプロセスです。ところ
が、id(1)はユーザー<root>に関連した全情報を一覧表示しています。したが
って、この出力は不適切です。
解決方法:
起動時にオプションの引き数"user"なしで実行する場合は、実行するプロセス
の補助グループを表示しないようにid(1)を修正しました。
-----------------------------------------------------------------------------
Patch Name: PHCO_35858
Patch Description: s700_800 11.11 id(1) cumulative patch
Creation Date: 07/02/08
Post Date: 07/02/12
Hardware Platforms - OS Releases:
s700: 11.11
s800: 11.11
Products: N/A
Filesets:
OS-Core.CMDS-MIN,fr=B.11.11,fa=HP-UX_B.11.11_32/64,v=HP
OS-Core.CMIN-ENG-A-MAN,fr=B.11.11,fa=HP-UX_B.11.11_32/64,v=HP
Automatic Reboot?: No
Status: General Release
Critical: No
Category Tags:
defect_repair general_release
Path Name: /hp-ux_patches/s700_800/11.X/PHCO_35858
Symptoms:
PHCO_35858:
( SR:8606446037 CR:JAGag03436 )
When id(1) is invoked at startup without the
optional user argument, it reports the
supplementary groups configured for the user
<root>.
Defect Description:
PHCO_35858:
( SR:8606446037 CR:JAGag03436 )
When id(1) is invoked at startup (by adding an
entry for id(1) in /etc/inittab) without the
optional user argument, it wrongly lists the
supplementary groups for the user <root>.
As /etc/inittab is read by init process that
is not owned by the user <root>, id(1) should
not list the group information of the user <root>
Here are the steps to reproduce the problem:
Add the id(1) entry in /etc/inittab as below:
tty1:123456:respawn:/usr/bin/id > /dev/console 2>&1
Reboot the system and check the output at console.
At console, the following got displayed
uid=0(root) gid=0(root) groups=3(sys),1(other),2(bin),
4(adm),5(daemon),6(mail),7(lp),20(users),60(ssgrp)
The above output is incorrect because init() is a
system process and not owned by any <user> but id(1)
lists all the information associated with the user <root>
Resolution:
id(1) is modified to list the supplementary groups
of the invoking process when executed without any
optional user argument at startup.
Enhancement:
No
SR:
8606446037
Patch Files:
OS-Core.CMDS-MIN,fr=B.11.11,fa=HP-UX_B.11.11_32/64,v=HP:
/usr/bin/id
OS-Core.CMIN-ENG-A-MAN,fr=B.11.11,fa=HP-UX_B.11.11_32/64,
v=HP:
/usr/share/man/man1.Z/id.1
what(1) Output:
OS-Core.CMDS-MIN,fr=B.11.11,fa=HP-UX_B.11.11_32/64,v=HP:
/usr/bin/id:
id.c $Date: 2007/01/18 17:24:33 $Revision: r11.11/1
PATCH_11.11 (PHCO_35858)
$Revision: @(#) id R11.11_BL2007_0208_1 PATCH_11.11
PHCO_35858
OS-Core.CMIN-ENG-A-MAN,fr=B.11.11,fa=HP-UX_B.11.11_32/64,
v=HP:
/usr/share/man/man1.Z/id.1:
None
cksum(1) Output:
OS-Core.CMDS-MIN,fr=B.11.11,fa=HP-UX_B.11.11_32/64,v=HP:
658663356 16384 /usr/bin/id
OS-Core.CMIN-ENG-A-MAN,fr=B.11.11,fa=HP-UX_B.11.11_32/64,
v=HP:
1071033957 2063 /usr/share/man/man1.Z/id.1
Patch Conflicts: None
Patch Dependencies: None
Hardware Dependencies: None
Other Dependencies: None
Supersedes: None
Equivalent Patches:
PHCO_35772:
s700: 11.00
s800: 11.00
Patch Package Size: 40 KBytes
Installation Instructions:
Please review all instructions and the Hewlett-Packard
SupportLine User Guide or your Hewlett-Packard support terms
and conditions for precautions, scope of license,
restrictions, and, limitation of liability and warranties,
before installing this patch.
------------------------------------------------------------
1. Back up your system before installing a patch.
2. Login as root.
3. Copy the patch to the /tmp directory.
4. Move to the /tmp directory and unshar the patch:
cd /tmp
sh PHCO_35858
5. Run swinstall to install the patch:
swinstall -x autoreboot=true -x patch_match_target=true \
-s /tmp/PHCO_35858.depot
By default swinstall will archive the original software in
/var/adm/sw/save/PHCO_35858. If you do not wish to retain a
copy of the original software, include the patch_save_files
option in the swinstall command above:
-x patch_save_files=false
WARNING: If patch_save_files is false when a patch is installed,
the patch cannot be deinstalled. Please be careful
when using this feature.
For future reference, the contents of the PHCO_35858.text file is
available in the product readme:
swlist -l product -a readme -d @ /tmp/PHCO_35858.depot
To put this patch on a magnetic tape and install from the
tape drive, use the command:
dd if=/tmp/PHCO_35858.depot of=/dev/rmt/0m bs=2k
Special Installation Instructions: None
|
