Patch Name: PHCO_29682

Patch Description: s700_800 11.00 cumulative newgrp(1) patch

Creation Date: 04/01/20

Post Date: 04/02/17

Hardware Platforms - OS Releases:
	s700: 11.00
	s800: 11.00

Products: N/A

Filesets:
	OS-Core.CMDS-AUX,fr=B.11.00,fa=HP-UX_B.11.00_32/64,v=HP
	OS-Core.CAUX-ENG-A-MAN,fr=B.11.00,fa=HP-UX_B.11.00_32/64,v=HP

Automatic Reboot?: No

Status: General Release

Critical:
	Yes
	PHCO_29682: HANG
		On a system where NIS is not configured,
		newgrp(1) hangs when the user is not a
		member of the specified group.
	PHCO_14044: OTHER
		The present /usr/bin/newgrp doesn't identify
		NIS groups.
		This is a critical defect.

Category Tags:
	defect_repair general_release critical halts_system

Path Name: /hp-ux_patches/s700_800/11.X/PHCO_29682

Symptoms:
	PHCO_29682:
	1. In some cases, newgrp(1) does not set the environment
	variables correctly.

	2. On a system where NIS is not configured, newgrp(1) hangs
	when the user is not a member of the specified group.

	PHCO_26235:
	1. newgrp command sets the core limits to 0.

	PHCO_22096:
	1. newgrp is not changing user group properly.

	PHCO_22021:
	1. newgrp command can use the wrong id and
	   password when group password matches with
	   the password of some other group.

	PHCO_14044:
	1. Missing keyword "critical" in the Category Tags field.

	PHCO_13214:
	1. /usr/bin/newgrp doesn't identify NIS groups.
	   If the system is an NIS client and the group
	   argument to newgrp is defined in NIS database
	   only, newgrp exits with "Unknown group" error.

Defect Description:
	PHCO_29682:
	1. In some cases, newgrp(1) does not set the environment
	variables correctly.

	Resolution:
	Now the code has been modified to resolve the above problem.

	2. On a system where NIS is not configured, newgrp(1) hangs
	when the user is not a member of the specified group and the
	specified group does not have any password. The problem can
	be reproduced as follows:
	$cat /etc/group | grep "testgroup"
	testgroup::77:user1
	$id
	uid=202(tmpuser) gid=60(ssgrp) groups=21(tmpuser)
	$/usr/bin/newgrp testgroup

	newgrp(1) hangs. Press Ctrl-C to terminate.

	Under the above scenario, newgrp(1) was not
	checking the EOF condition properly resulting
	in an infinite loop.

	Resolution:
	Now the code has been modified so that it exits
	with an error message "Sorry".
	As part of the fix, the WARNING section of
	man page of newgrp(1) is updated with the behavior
	of newgrp(1) for the specified group having
	inconsistent multiple entries in the group
	database.

	PHCO_26235:
	1. When newgrp(1) command is executed, the core limits
	   [ i.e. maximum size of the core files in bytes ] are
	   set to 0. A limit of 0 will result in a core file of
	   size 0, when a process dumps core .
	   The problem can be reproduced in the following way:

	   On a 11.00 machine,
	   $ulimit -a
	   time(seconds)        unlimited
	   file(blocks)         unlimited
	   data(kbytes)         65536
	   stack(kbytes)        8192
	   memory(kbytes)       unlimited
	   coredump(blocks)     4194303
	   nofiles(descriptors) 60

	   $/usr/bin/newgrp

	   $ulimit -a
	   time(seconds)        unlimited
	   file(blocks)         unlimited
	   data(kbytes)         65536
	   stack(kbytes)        8192
	   memory(kbytes)       unlimited
	   coredump(blocks)     0      <----- This is wrong
	   nofiles(descriptors) 60

	Resolution:
	   Now the code is changed to store the core limits
	   before setting it to 0 and reset the original
	   values before execing new shell.

	PHCO_22096:
	1. newgrp is not changing user group properly.
	   Memory allocation was done for storing NULL
	   passwords also.

	Resolution:
	   Now the code is changed so that
	   no memory will be allocated for NULL
	   passwords.

	PHCO_22021:
	1. newgrp command can use the wrong id and
	   password when group passwords are wrong.
	   If group name and password don't match but
	   password matches to the password of any
	   other group, user's group changes to the
	   group with which password is matching.
	Resolution:
	   Made necessary code changes for
	   checking that password and group id is the
	   same for the group user has asked to change.

	PHCO_14044:
	1. Missing keyword "critical" in the Category Tags
	   field in the previous patch PHCO_13214.

	PHCO_13214:
	1. /usr/bin/newgrp doesn't identify NIS groups.
	   If the system is an NIS client and the group
	   argument to newgrp is defined in NIS database
	   only, newgrp exits with "Unknown group" error.

Enhancement:
	No

SR:
	8606346900 8606312755 8606197273 8606152299 8606145514
	4701374876 4701374900

Patch Files:
	
	OS-Core.CMDS-AUX,fr=B.11.00,fa=HP-UX_B.11.00_32/64,v=HP:
	/usr/bin/newgrp

	OS-Core.CAUX-ENG-A-MAN,fr=B.11.00,fa=HP-UX_B.11.00_32/64,
		v=HP:
	/usr/share/man/man1.Z/newgrp.1

what(1) Output:
	
	OS-Core.CMDS-AUX,fr=B.11.00,fa=HP-UX_B.11.00_32/64,v=HP:
	/usr/bin/newgrp:
		$Revision: 82.2.1.9 $
		PATCH_11_00: newgrp.o 04/01/20

	OS-Core.CAUX-ENG-A-MAN,fr=B.11.00,fa=HP-UX_B.11.00_32/64,
		v=HP:
	/usr/share/man/man1.Z/newgrp.1:
		None

cksum(1) Output:
	
	OS-Core.CMDS-AUX,fr=B.11.00,fa=HP-UX_B.11.00_32/64,v=HP:
	3920632976 20480 /usr/bin/newgrp

	OS-Core.CAUX-ENG-A-MAN,fr=B.11.00,fa=HP-UX_B.11.00_32/64,
		v=HP:
	3050120767 2192 /usr/share/man/man1.Z/newgrp.1

Patch Conflicts: None

Patch Dependencies: None

Hardware Dependencies: None

Other Dependencies: None

Supersedes:
	PHCO_13214 PHCO_14044 PHCO_22021 PHCO_22096 PHCO_26235

Equivalent Patches:
	PHCO_26385:
	s700: 11.11
	s800: 11.11

Patch Package Size: 40 KBytes

Installation Instructions:
	Please review all instructions and the Hewlett-Packard
	SupportLine User Guide or your Hewlett-Packard support terms
	and conditions for precautions, scope of license,
	restrictions, and, limitation of liability and warranties,
	before installing this patch.
	------------------------------------------------------------
	1. Back up your system before installing a patch.

	2. Login as root.

	3. Copy the patch to the /tmp directory.

	4. Move to the /tmp directory and unshar the patch:

		cd /tmp
		sh PHCO_29682

	5. Run swinstall to install the patch:

		swinstall -x autoreboot=true -x patch_match_target=true \
			  -s /tmp/PHCO_29682.depot

	By default swinstall will archive the original software in 
	/var/adm/sw/save/PHCO_29682.  If you do not wish to retain a
	copy of the original software, include the patch_save_files
	option in the swinstall command above:

		-x patch_save_files=false

	WARNING: If patch_save_files is false when a patch is installed,
		 the patch cannot be deinstalled.  Please be careful
		 when using this feature.

	For future reference, the contents of the PHCO_29682.text file is 
	available in the product readme:

		swlist -l product -a readme -d @ /tmp/PHCO_29682.depot

	To put this patch on a magnetic tape and install from the
	tape drive, use the command:

		dd if=/tmp/PHCO_29682.depot of=/dev/rmt/0m bs=2k

Special Installation Instructions: None