Patch Name: PHCO_28830 Patch Description: s700_800 11.11 security(4) man page cumulative patch Creation Date: 03/03/28 Post Date: 03/07/08 Hardware Platforms - OS Releases: s700: 11.11 s800: 11.11 Products: N/A Filesets: OS-Core.ADMN-ENG-A-MAN,fr=B.11.11,fa=HP-UX_B.11.11_32/64,v=HP OS-Core.CORE-ENG-A-MAN,fr=B.11.11,fa=HP-UX_B.11.11_32/64,v=HP ProgSupport.PAUX-ENG-A-MAN,fr=B.11.11,fa=HP-UX_B.11.11_32/64,v=HP SecurityMon.SEC-ENG-A-MAN,fr=B.11.11,fa=HP-UX_B.11.11_32/64,v=HP Automatic Reboot?: No Status: General Release Critical: No Category Tags: defect_repair enhancement general_release Path Name: /hp-ux_patches/s700_800/11.X/PHCO_28830 Symptoms: PHCO_28830: ( SR:8606250483 CR:JAGae16858 ) No symptom. This is an enhancement request. This patch is a member of a set of product updates needed to enable the optional HP-UX Boot Authentication feature in non-trusted mode. Upon installation, the HP-UX Boot Authenticator bundle (BOOTAUTH11i) will install the full set of product updates (including this patch) to enable the boot authentication feature in non-trusted mode. If the HP-UX Boot Authenticator product is not installed, this patch will have no impact on your system. PHCO_27909: ( SR:8606221280 CR:JAGad90414 ) This patch is a member of a set of product updates needed to enable the optional HP-UX shadow password feature. Upon installation, the HP-UX shadow password bundle (ShadowPassword) will install the full set of products (including this patch) to enable the shadow password feature. If the HP-UX shadow password product is not installed, this patch will have no impact on your system. PHCO_27797: ( SR:8606269172 CR:JAGae33407 ) Applications that rely upon the ability to su to another user and pass along certain environment variables, including but not limited to SHLIB_PATH, do not work. Defect Description: PHCO_28830: ( SR:8606250483 CR:JAGae16858 ) This patch contains minor enhancements required to enable the HP-UX Boot Authenticator for non-trusted mode. Resolution: Enhancements added to enable Boot Authenticator for non-trusted mode when this product is configured. PHCO_27909: ( SR:8606221280 CR:JAGad90414 ) Enhancement request: HP-UX 11.11 does not support shadow passwords. Resolution: This module has been made aware of shadow passwords and will take the appropriate actions when the HP-UX shadow password bundle is installed. PHCO_27797: ( SR:8606269172 CR:JAGae33407 ) By default, the su command does not export the environment variables LD_LIBRARY_PATH, SHLIB_PATH or LD_PRELOAD to its children. Resolution: security(4) man page has been updated to include a description for the new optional parameter SU_KEEP_ENV_VARS which can be used to override the default behavior. Enhancement: Yes PHCO_28830: A site's security policies may require a user to authenticate before they can boot the system into single-user mode. Previously, this feature was only available on a system that has been converted to trusted mode. This patch is one of the several pre-enablement patches that enable this feature on a system without converting it to trusted mode. PHCO_27909: This patch is one of many pre-enablement patches for the shadow password feature. SR: 8606221280 8606250483 8606269172 Patch Files: OS-Core.ADMN-ENG-A-MAN,fr=B.11.11,fa=HP-UX_B.11.11_32/64, v=HP: /usr/share/man/man1m.Z/pwck.1m /usr/share/man/man4.Z/passwd.4 OS-Core.CORE-ENG-A-MAN,fr=B.11.11,fa=HP-UX_B.11.11_32/64, v=HP: /usr/share/man/man1.Z/passwd.1 /usr/share/man/man4.Z/security.4 ProgSupport.PAUX-ENG-A-MAN,fr=B.11.11, fa=HP-UX_B.11.11_32/64,v=HP: /usr/share/man/man3.Z/getspent.3c SecurityMon.SEC-ENG-A-MAN,fr=B.11.11,fa=HP-UX_B.11.11_32/64, v=HP: /usr/share/man/man1m.Z/pwconv.1m what(1) Output: OS-Core.ADMN-ENG-A-MAN,fr=B.11.11,fa=HP-UX_B.11.11_32/64, v=HP: /usr/share/man/man1m.Z/pwck.1m: None /usr/share/man/man4.Z/passwd.4: None OS-Core.CORE-ENG-A-MAN,fr=B.11.11,fa=HP-UX_B.11.11_32/64, v=HP: /usr/share/man/man1.Z/passwd.1: None /usr/share/man/man4.Z/security.4: None ProgSupport.PAUX-ENG-A-MAN,fr=B.11.11, fa=HP-UX_B.11.11_32/64,v=HP: /usr/share/man/man3.Z/getspent.3c: None SecurityMon.SEC-ENG-A-MAN,fr=B.11.11,fa=HP-UX_B.11.11_32/64, v=HP: /usr/share/man/man1m.Z/pwconv.1m: None cksum(1) Output: OS-Core.ADMN-ENG-A-MAN,fr=B.11.11,fa=HP-UX_B.11.11_32/64, v=HP: 4057849793 2022 /usr/share/man/man1m.Z/pwck.1m 3545144520 6422 /usr/share/man/man4.Z/passwd.4 OS-Core.CORE-ENG-A-MAN,fr=B.11.11,fa=HP-UX_B.11.11_32/64, v=HP: 3402234985 8307 /usr/share/man/man1.Z/passwd.1 4276792087 5297 /usr/share/man/man4.Z/security.4 ProgSupport.PAUX-ENG-A-MAN,fr=B.11.11, fa=HP-UX_B.11.11_32/64,v=HP: 2624740820 3397 /usr/share/man/man3.Z/getspent.3c SecurityMon.SEC-ENG-A-MAN,fr=B.11.11,fa=HP-UX_B.11.11_32/64, v=HP: 2826893491 1979 /usr/share/man/man1m.Z/pwconv.1m Patch Conflicts: None Patch Dependencies: None Hardware Dependencies: None Other Dependencies: None Supersedes: PHCO_27909 PHCO_27797 Equivalent Patches: None Patch Package Size: 70 KBytes Installation Instructions: Please review all instructions and the Hewlett-Packard SupportLine User Guide or your Hewlett-Packard support terms and conditions for precautions, scope of license, restrictions, and, limitation of liability and warranties, before installing this patch. ------------------------------------------------------------ 1. Back up your system before installing a patch. 2. Login as root. 3. Copy the patch to the /tmp directory. 4. Move to the /tmp directory and unshar the patch: cd /tmp sh PHCO_28830 5. Run swinstall to install the patch: swinstall -x autoreboot=true -x patch_match_target=true \ -s /tmp/PHCO_28830.depot By default swinstall will archive the original software in /var/adm/sw/save/PHCO_28830. If you do not wish to retain a copy of the original software, include the patch_save_files option in the swinstall command above: -x patch_save_files=false WARNING: If patch_save_files is false when a patch is installed, the patch cannot be deinstalled. Please be careful when using this feature. For future reference, the contents of the PHCO_28830.text file is available in the product readme: swlist -l product -a readme -d @ /tmp/PHCO_28830.depot To put this patch on a magnetic tape and install from the tape drive, use the command: dd if=/tmp/PHCO_28830.depot of=/dev/rmt/0m bs=2k Special Installation Instructions: None