Patch Name: PHCO_27884 Patch Description: s700_800 11.11 /sbin/initcond cumulative patch Creation Date: 03/03/28 Post Date: 03/07/08 Hardware Platforms - OS Releases: s700: 11.11 s800: 11.11 Products: N/A Filesets: SecurityMon.SECURITY,fr=B.11.11,fa=HP-UX_B.11.11_32/64,v=HP Automatic Reboot?: No Status: General Release Critical: No Category Tags: defect_repair enhancement general_release Path Name: /hp-ux_patches/s700_800/11.X/PHCO_27884 Symptoms: PHCO_27884: ( SR:8606250483 CR:JAGae16858 ) No symptom. This is an enhancement request. This patch is a member of a set of product updates needed to enable the optional HP-UX Boot Authentication feature in non-trusted mode. Upon installation, the HP-UX Boot Authenticator bundle (BOOTAUTH11i) will install the full set of product updates (including this patch) to enable the boot authentication feature in non-trusted mode. If the HP-UX Boot Authenticator product is not installed, this patch will have no impact on your system. ( SR:8606296840 CR:JAGae60392 ) Unauthorized user may get into single user mode under some circumstances. Defect Description: PHCO_27884: ( SR:8606250483 CR:JAGae16858 ) This patch contains minor enhancements required to enable the HP-UX Boot Authenticator product for non-trusted mode. Resolution: Enhancements added to enable Boot Authenticator for non-trusted mode when this product is installed and configured. ( SR:8606296840 CR:JAGae60392 ) Unauthorized user may get into single user mode under some circumstances. Resolution: The boot process now is made more robust to always check users' authorization before starting up a shell if the boot authentication mechanism is turned on. Enhancement: Yes PHCO_27884: A site's security policies may require a user to authenticate before they can boot the system into single-user mode. Previously, this feature was only available on a system that has been converted to trusted mode. This patch is one of the several pre-enablement patches that enable this feature on a system without converting it to trusted mode. SR: 8606250483 8606296840 Patch Files: SecurityMon.SECURITY,fr=B.11.11,fa=HP-UX_B.11.11_32/64,v=HP: /sbin/initcond what(1) Output: SecurityMon.SECURITY,fr=B.11.11,fa=HP-UX_B.11.11_32/64,v=HP: /sbin/initcond: initcond.c $Date: 2003/03/27 14:41:21 $Revision: r11 .11/1 PATCH_11.11 (PHCO_27884) $Revision: @(#) initcond.sbin CUP11.11_BL2003_0328_7 PATCH_11.11 PHCO_27884 Fri Mar 28 15:52:44 PST 2003 $ $ Version_11.11 Mar 11 2003 22:50:06 $ cksum(1) Output: SecurityMon.SECURITY,fr=B.11.11,fa=HP-UX_B.11.11_32/64,v=HP: 2760542334 282624 /sbin/initcond Patch Conflicts: None Patch Dependencies: s700: 11.11: PHCO_28797 PHCO_28845 s800: 11.11: PHCO_28797 PHCO_28845 Hardware Dependencies: None Other Dependencies: None Supersedes: None Equivalent Patches: None Patch Package Size: 300 KBytes Installation Instructions: Please review all instructions and the Hewlett-Packard SupportLine User Guide or your Hewlett-Packard support terms and conditions for precautions, scope of license, restrictions, and, limitation of liability and warranties, before installing this patch. ------------------------------------------------------------ 1. Back up your system before installing a patch. 2. Login as root. 3. Copy the patch to the /tmp directory. 4. Move to the /tmp directory and unshar the patch: cd /tmp sh PHCO_27884 5. Run swinstall to install the patch: swinstall -x autoreboot=true -x patch_match_target=true \ -s /tmp/PHCO_27884.depot By default swinstall will archive the original software in /var/adm/sw/save/PHCO_27884. If you do not wish to retain a copy of the original software, include the patch_save_files option in the swinstall command above: -x patch_save_files=false WARNING: If patch_save_files is false when a patch is installed, the patch cannot be deinstalled. Please be careful when using this feature. For future reference, the contents of the PHCO_27884.text file is available in the product readme: swlist -l product -a readme -d @ /tmp/PHCO_27884.depot To put this patch on a magnetic tape and install from the tape drive, use the command: dd if=/tmp/PHCO_27884.depot of=/dev/rmt/0m bs=2k Special Installation Instructions: None