 |
≫ |
|
|
|
パッチ名: PHCO_36523
パッチ摘要: 11.31 passwd(1)累積パッチ
作成日: 07/06/07
公開日: 07/06/26
ハードウェアプラットフォームおよびOSリリース:
11.31
現象:
PHCO_36523:
(SR:8606480624 CR:JAGag34699)
シャドウモードの場合、passwdコマンドが引き数-x、-nおよび-wの値を"週"の
倍数に丸めます。
問題点の説明:
PHCO_36523:
(SR:8606480624 CR:JAGag34699)
passwdコマンドのオプション-x、-nおよび-wはパスワードエージングの値を定
義します。標準システムでは、エージング情報は"週"単位で/etc/passwdに格
納されるので、これらの値を"週"の倍数に丸める必要があります。ところが、
シャドウパスワードを使用するシステムでも、passwdコマンドは不正に、パス
ワードエージング値を丸めていました。
解決方法:
シャドウパスワードを使用するシステムの場合は、/etc/defaultディレクトリ
内に"DO_NOT_ROUND_PW_AGING"というファイルがあるかどうかチェックし、
このファイルがあれば、引き数-x、-nおよび-wの値を"週"の倍数に丸めないよ
うにpasswdコマンドを修正しました。このファイルがない場合のpasswdコマン
ドの動作は従来どおりです(つまり、エージング値を丸めます)。
/etc/default/DO_NOT_ROUND_PW_AGINGファイルは、手動で作成しなければなり
ません。このファイルを使用するのはこのリリースだけです。今後のリリース
では、シャドウパスワードを使用するシステムの場合、エージング値を丸めな
いようにpasswdコマンドを修正します。
このパッチは、標準システムや高信頼性システムには影響を与えません。
-----------------------------------------------------------------------------
Patch Name: PHCO_36523
Patch Description: 11.31 passwd(1) cumulative patch
Creation Date: 07/06/07
Post Date: 07/06/26
Hardware Platforms - OS Releases:
11.31
Products: N/A
Filesets:
OS-Core.CORE-ENG-A-MAN,fr=B.11.31,fa=HP-UX_B.11.31_IA/PA,v=HP
OS-Core.UX2-CORE,fr=B.11.31,fa=HP-UX_B.11.31_IA,v=HP
OS-Core.UX2-CORE,fr=B.11.31,fa=HP-UX_B.11.31_PA,v=HP
Automatic Reboot?: No
Status: General Release
Critical: No
Category Tags:
defect_repair enhancement general_release
Path Name: /hp-ux_patches/11.X/PHCO_36523
Symptoms:
PHCO_36523:
( SR:8606480624 CR:JAGag34699 )
In shadow mode the passwd command rounds the -x,
-n and -w argument values to a multiple of a week.
PHCO_36481:
( SR:8606447411 CR:JAGag04752 )
This patch is a member of a set needed to enable the
optional HP-UX AccessControl bundle, version B.11.31.04.
Upon installation, the AccessControl bundle will install
the full set of patches (including this one) required to
enable the RBACExt product B.11.31.04 features. If the HP-UX
RBACExt product is not installed, this patch will have no
impact on your system.
Defect Description:
PHCO_36523:
( SR:8606480624 CR:JAGag34699 )
The passwd command -x, -n and -w option arguments define
values for password aging. On a standard system, these
values must be rounded up to a multiple of a week, because
the aging information in /etc/passwd is stored as weeks.
The passwd command also improperly rounds the password
aging values on systems using shadow passwords.
Resolution:
On systems using shadow passwords, the passwd command
checks for the existence of a file in the /etc/default
directory called "DO_NOT_ROUND_PW_AGING"; if this file
exists, then the passwd command does not round the
-x, -n and -w argument values to a multiple of a week;
if this file does not exist, then the behavior of the
passwd command is unchanged (aging values are rounded).
The /etc/default/DO_NOT_ROUND_PW_AGING file must be
created manually. The use of this file is specific
to this release; in a future release the behavior of
the passwd command will be changed to never round aging
values for systems that are using shadow passwords.
Standard systems and trusted systems are not affected
by this patch.
PHCO_36481:
( SR:8606447411 CR:JAGag04752 )
This patch contains enhancements that support the
features included in the HP-UX RBACExt product.
Resolution:
When the HP-UX RBACExt product is installed, this module
implements new security features in the passwd(1) command.
Enhancement:
No (superseded patches contained enhancements)
PHCO_36481:
Support added for the HP-UX Role-Based Access
Control Extensions (RBACExt) product, version
B.11.31.04.
SR:
8606480624 8606447411
Patch Files:
OS-Core.CORE-ENG-A-MAN,fr=B.11.31,fa=HP-UX_B.11.31_IA/PA,
v=HP:
/usr/share/man/man1.Z/passwd.1
OS-Core.UX2-CORE,fr=B.11.31,fa=HP-UX_B.11.31_IA,v=HP:
/usr/bin/passwd
/usr/bin/chfn
/usr/bin/chsh
/usr/bin/yppasswd
OS-Core.UX2-CORE,fr=B.11.31,fa=HP-UX_B.11.31_PA,v=HP:
/usr/bin/passwd
/usr/bin/chfn
/usr/bin/chsh
/usr/bin/yppasswd
what(1) Output:
OS-Core.CORE-ENG-A-MAN,fr=B.11.31,fa=HP-UX_B.11.31_IA/PA,
v=HP:
/usr/share/man/man1.Z/passwd.1:
None
OS-Core.UX2-CORE,fr=B.11.31,fa=HP-UX_B.11.31_IA,v=HP:
/usr/bin/passwd:
$Revision: @(#) passwd R11.31_BL2007_0607_3 PATCH_11
.31 PHCO_36523
/usr/bin/chfn:
$Revision: @(#) passwd R11.31_BL2007_0607_3 PATCH_11
.31 PHCO_36523
/usr/bin/chsh:
$Revision: @(#) passwd R11.31_BL2007_0607_3 PATCH_11
.31 PHCO_36523
/usr/bin/yppasswd:
$Revision: @(#) passwd R11.31_BL2007_0607_3 PATCH_11
.31 PHCO_36523
OS-Core.UX2-CORE,fr=B.11.31,fa=HP-UX_B.11.31_PA,v=HP:
/usr/bin/passwd:
$Revision: 92453-07 linker linker crt0.o B.11.16.01
030415 $
$Revision: @(#) passwd R11.31_BL2007_0607_3 PATCH_11
.31 PHCO_36523
/usr/bin/chfn:
$Revision: 92453-07 linker linker crt0.o B.11.16.01
030415 $
$Revision: @(#) passwd R11.31_BL2007_0607_3 PATCH_11
.31 PHCO_36523
/usr/bin/chsh:
$Revision: 92453-07 linker linker crt0.o B.11.16.01
030415 $
$Revision: @(#) passwd R11.31_BL2007_0607_3 PATCH_11
.31 PHCO_36523
/usr/bin/yppasswd:
$Revision: 92453-07 linker linker crt0.o B.11.16.01
030415 $
$Revision: @(#) passwd R11.31_BL2007_0607_3 PATCH_11
.31 PHCO_36523
cksum(1) Output:
OS-Core.CORE-ENG-A-MAN,fr=B.11.31,fa=HP-UX_B.11.31_IA/PA,
v=HP:
4118931422 8977 /usr/share/man/man1.Z/passwd.1
OS-Core.UX2-CORE,fr=B.11.31,fa=HP-UX_B.11.31_IA,v=HP:
4132636574 151196 /usr/bin/passwd
4132636574 151196 /usr/bin/chfn
4132636574 151196 /usr/bin/chsh
4132636574 151196 /usr/bin/yppasswd
OS-Core.UX2-CORE,fr=B.11.31,fa=HP-UX_B.11.31_PA,v=HP:
104254015 57344 /usr/bin/passwd
104254015 57344 /usr/bin/chfn
104254015 57344 /usr/bin/chsh
104254015 57344 /usr/bin/yppasswd
Patch Conflicts: None
Patch Dependencies: None
Hardware Dependencies: None
Other Dependencies: None
Supersedes:
PHCO_36481
Equivalent Patches:
PHCO_36465:
s700: 11.11
s800: 11.11
PHCO_36426:
s700: 11.23
s800: 11.23
Patch Package Size: 110 KBytes
Installation Instructions:
Please review all instructions and the Hewlett-Packard
SupportLine User Guide or your Hewlett-Packard support terms
and conditions for precautions, scope of license,
restrictions, and, limitation of liability and warranties,
before installing this patch.
------------------------------------------------------------
1. Back up your system before installing a patch.
2. Login as root.
3. Copy the patch to the /tmp directory.
4. Move to the /tmp directory and unshar the patch:
cd /tmp
sh PHCO_36523
5. Run swinstall to install the patch:
swinstall -x autoreboot=true -x patch_match_target=true \
-s /tmp/PHCO_36523.depot
By default swinstall will archive the original software in
/var/adm/sw/save/PHCO_36523. If you do not wish to retain a
copy of the original software, include the patch_save_files
option in the swinstall command above:
-x patch_save_files=false
WARNING: If patch_save_files is false when a patch is installed,
the patch cannot be deinstalled. Please be careful
when using this feature.
For future reference, the contents of the PHCO_36523.text file is
available in the product readme:
swlist -l product -a readme -d @ /tmp/PHCO_36523.depot
To put this patch on a magnetic tape and install from the
tape drive, use the command:
dd if=/tmp/PHCO_36523.depot of=/dev/rmt/0m bs=2k
Special Installation Instructions: None
|
