 |
≫ |
|
|
|
パッチ名: PHCO_36426
パッチ摘要: s700_800 11.23 passwd(1)累積パッチ
作成日: 07/05/03
公開日: 07/06/19
ハードウェアプラットフォームおよびOSリリース:
s700: 11.23
s800: 11.23
現象:
PHCO_36426:
(SR:8606480624 CR:JAGag34699)
シャドウモードの場合、passwdコマンドが引き数-x、-nおよび-wの値を"週"の
倍数に丸めます。
問題点の説明:
PHCO_36426:
(SR:8606480624 CR:JAGag34699)
passwdコマンドのオプション-x、-nおよび-wはパスワードエージングの値を定
義します。標準システムでは、エージング情報は"週"単位で/etc/passwdに格
納されるので、これらの値を"週"の倍数に丸める必要があります。ところが、
シャドウパスワードを使用するシステムでも、passwdコマンドは不正に、パス
ワードエージング値を丸めていました。
解決方法:
シャドウパスワードを使用するシステムの場合は、/etc/defaultディレクトリ
内に"DO_NOT_ROUND_PW_AGING"というファイルがあるかどうかチェックし、
このファイルがあれば、引き数-x、-nおよび-wの値を"週"の倍数に丸めないよ
うにpasswdコマンドを修正しました。このファイルがない場合のpasswdコマン
ドの動作は従来どおりです(つまり、エージング値を丸めます)。
/etc/default/DO_NOT_ROUND_PW_AGINGファイルは、手動で作成しなければなり
ません。このファイルを使用するのはこのリリースだけです。今後のリリース
では、シャドウパスワードを使用するシステムの場合、エージング値を丸めな
いようにpasswdコマンドを修正します。
このパッチは、標準システムや高信頼性システムには影響を与えません。
-----------------------------------------------------------------------------
Patch Name: PHCO_36426
Patch Description: s700_800 11.23 passwd(1) cumulative patch
Creation Date: 07/05/03
Post Date: 07/06/19
Hardware Platforms - OS Releases:
s700: 11.23
s800: 11.23
Products: N/A
Filesets:
OS-Core.CORE-ENG-A-MAN,fr=B.11.23,fa=HP-UX_B.11.23_IA/PA,v=HP
OS-Core.UX2-CORE,fr=B.11.23,fa=HP-UX_B.11.23_IA,v=HP
OS-Core.UX2-CORE,fr=B.11.23,fa=HP-UX_B.11.23_PA,v=HP
Automatic Reboot?: No
Status: General Release
Critical: No
Category Tags:
defect_repair enhancement general_release
Path Name: /hp-ux_patches/s700_800/11.X/PHCO_36426
Symptoms:
PHCO_36426:
( SR:8606480624 CR:JAGag34699 )
In shadow mode the passwd command rounds the -x,
-n and -w argument values to a multiple of a week.
PHCO_35849:
( SR:8606447411 CR:JAGag04752 )
This patch is a member of a set needed to enable the
optional HP-UX Role-Based Access Control (RBAC)
Infrastructure bundle, version B.11.23.04. Upon
installation, the RBAC Infrastructure bundle will install
the full set of patches (including this one) required to
enable the Role-Based Access Control B.11.23.04 features.
If the HP-UX Role-Based Access Control product version
B.11.23.04 is not installed, this patch will have no impact
on your system.
PHCO_32149:
( SR:8606372386 CR:JAGaf32792 )
This patch is a member of a set needed to enable the
optional HP-UX Standard Mode Security Extensions feature.
Upon installation, the HP-UX Standard Mode Security
Extensions bundle (StdModSecExt) will install the full set
of patches (including this one) required to enable the
Standard Mode Security Extensions feature.
If the Standard Mode Security Extensions feature is not
enabled, this patch will have no impact on your system.
PHCO_31616:
( SR:8606360276 CR:JAGaf20972 )
The password command does not recover gracefully from
some error conditions.
Defect Description:
PHCO_36426:
( SR:8606480624 CR:JAGag34699 )
The passwd command -x, -n and -w option arguments define
values for password aging. On a standard system, these
values must be rounded up to a multiple of a week, because
the aging information in /etc/passwd is stored as weeks.
The passwd command also improperly rounds the password
aging values on systems using shadow passwords.
Resolution:
On systems using shadow passwords, the passwd command
checks for the existence of a file in the /etc/default
directory called "DO_NOT_ROUND_PW_AGING"; if this file
exists, then the passwd command does not round the
-x, -n and -w argument values to a multiple of a week;
if this file does not exist, then the behavior of the
passwd command is unchanged (aging values are rounded).
The /etc/default/DO_NOT_ROUND_PW_AGING file must be
created manually. The use of this file is specific
to this release; in a future release the behavior of
the passwd command will be changed to never round aging
values for systems that are using shadow passwords.
Standard systems and trusted systems are not affected
by this patch.
PHCO_35849:
( SR:8606447411 CR:JAGag04752 )
This patch contains enhancements that support the
features included in the HP-UX Role-Based Access Control
product, version B.11.23.04.
Resolution:
When the HP-UX Role-Based Access Control B.11.23.04 product
is installed, this module implements new security features
in the passwd(1) command.
PHCO_32149:
( SR:8606372386 CR:JAGaf32792 )
This patch contains enhancements that support the Standard
Mode Security Extensions feature.
Resolution:
When the Standard Mode Security Extensions feature is
installed, this module supports the passwd -x option in
standard mode.
PHCO_31616:
( SR:8606360276 CR:JAGaf20972 )
Changing a password does not work as expected under some
conditions
Resolution:
The password command now works as expected.
Enhancement:
No (superseded patches contained enhancements)
PHCO_35849:
Support added for the HP-UX Role-Based Access
Control (RBAC) product, version B.11.23.04.
PHCO_32149:
Pre-enablement for the Standard Mode Security
Extensions feature.
SR:
8606480624 8606447411 8606360276 8606372386
Patch Files:
OS-Core.CORE-ENG-A-MAN,fr=B.11.23,fa=HP-UX_B.11.23_IA/PA,
v=HP:
/usr/share/man/man1.Z/passwd.1
OS-Core.UX2-CORE,fr=B.11.23,fa=HP-UX_B.11.23_IA,v=HP:
/usr/bin/passwd
/usr/bin/chfn
/usr/bin/chsh
/usr/bin/nispasswd
/usr/bin/yppasswd
OS-Core.UX2-CORE,fr=B.11.23,fa=HP-UX_B.11.23_PA,v=HP:
/usr/bin/passwd
/usr/bin/chfn
/usr/bin/chsh
/usr/bin/nispasswd
/usr/bin/yppasswd
what(1) Output:
OS-Core.CORE-ENG-A-MAN,fr=B.11.23,fa=HP-UX_B.11.23_IA/PA,
v=HP:
/usr/share/man/man1.Z/passwd.1:
None
OS-Core.UX2-CORE,fr=B.11.23,fa=HP-UX_B.11.23_IA,v=HP:
/usr/bin/passwd:
$Revision: @(#) passwd R11.23_BL2007_0503_4 PATCH_11
.23 PHCO_36426
/usr/bin/chfn:
$Revision: @(#) passwd R11.23_BL2007_0503_4 PATCH_11
.23 PHCO_36426
/usr/bin/chsh:
$Revision: @(#) passwd R11.23_BL2007_0503_4 PATCH_11
.23 PHCO_36426
/usr/bin/nispasswd:
$Revision: @(#) passwd R11.23_BL2007_0503_4 PATCH_11
.23 PHCO_36426
/usr/bin/yppasswd:
$Revision: @(#) passwd R11.23_BL2007_0503_4 PATCH_11
.23 PHCO_36426
OS-Core.UX2-CORE,fr=B.11.23,fa=HP-UX_B.11.23_PA,v=HP:
/usr/bin/passwd:
$Revision: 92453-07 linker linker crt0.o B.11.16.01
030415 $
$Revision: @(#) passwd R11.23_BL2007_0503_4 PATCH_11
.23 PHCO_36426
/usr/bin/chfn:
$Revision: 92453-07 linker linker crt0.o B.11.16.01
030415 $
$Revision: @(#) passwd R11.23_BL2007_0503_4 PATCH_11
.23 PHCO_36426
/usr/bin/chsh:
$Revision: 92453-07 linker linker crt0.o B.11.16.01
030415 $
$Revision: @(#) passwd R11.23_BL2007_0503_4 PATCH_11
.23 PHCO_36426
/usr/bin/nispasswd:
$Revision: 92453-07 linker linker crt0.o B.11.16.01
030415 $
$Revision: @(#) passwd R11.23_BL2007_0503_4 PATCH_11
.23 PHCO_36426
/usr/bin/yppasswd:
$Revision: 92453-07 linker linker crt0.o B.11.16.01
030415 $
$Revision: @(#) passwd R11.23_BL2007_0503_4 PATCH_11
.23 PHCO_36426
cksum(1) Output:
OS-Core.CORE-ENG-A-MAN,fr=B.11.23,fa=HP-UX_B.11.23_IA/PA,
v=HP:
2864845141 9294 /usr/share/man/man1.Z/passwd.1
OS-Core.UX2-CORE,fr=B.11.23,fa=HP-UX_B.11.23_IA,v=HP:
4132171777 107992 /usr/bin/passwd
4132171777 107992 /usr/bin/chfn
4132171777 107992 /usr/bin/chsh
4132171777 107992 /usr/bin/nispasswd
4132171777 107992 /usr/bin/yppasswd
OS-Core.UX2-CORE,fr=B.11.23,fa=HP-UX_B.11.23_PA,v=HP:
4287597195 65536 /usr/bin/passwd
4287597195 65536 /usr/bin/chfn
4287597195 65536 /usr/bin/chsh
4287597195 65536 /usr/bin/nispasswd
4287597195 65536 /usr/bin/yppasswd
Patch Conflicts: None
Patch Dependencies:
s700: 11.23: PHCO_31570
s800: 11.23: PHCO_31570
Hardware Dependencies: None
Other Dependencies: None
Supersedes:
PHCO_31616 PHCO_35849 PHCO_32149
Equivalent Patches:
PHCO_36465:
s700: 11.11
s800: 11.11
PHCO_36523:
11.31
Patch Package Size: 120 KBytes
Installation Instructions:
Please review all instructions and the Hewlett-Packard
SupportLine User Guide or your Hewlett-Packard support terms
and conditions for precautions, scope of license,
restrictions, and, limitation of liability and warranties,
before installing this patch.
------------------------------------------------------------
1. Back up your system before installing a patch.
2. Login as root.
3. Copy the patch to the /tmp directory.
4. Move to the /tmp directory and unshar the patch:
cd /tmp
sh PHCO_36426
5. Run swinstall to install the patch:
swinstall -x autoreboot=true -x patch_match_target=true \
-s /tmp/PHCO_36426.depot
By default swinstall will archive the original software in
/var/adm/sw/save/PHCO_36426. If you do not wish to retain a
copy of the original software, include the patch_save_files
option in the swinstall command above:
-x patch_save_files=false
WARNING: If patch_save_files is false when a patch is installed,
the patch cannot be deinstalled. Please be careful
when using this feature.
For future reference, the contents of the PHCO_36426.text file is
available in the product readme:
swlist -l product -a readme -d @ /tmp/PHCO_36426.depot
To put this patch on a magnetic tape and install from the
tape drive, use the command:
dd if=/tmp/PHCO_36426.depot of=/dev/rmt/0m bs=2k
Special Installation Instructions: None
|
