Patch Name: PHNE_23003 Patch Description: s700_800 11.00 r-commands cumulative patch Creation Date: 01/11/02 Post Date: 02/01/11 Hardware Platforms - OS Releases: s700: 11.00 s800: 11.00 Products: N/A Filesets: InternetSrvcs.INETSVCS-RUN,fr=B.11.00,fa=HP-UX_B.11.00_32/64,v=HP InternetSrvcs.INET-ENG-A-MAN,fr=B.11.00,fa=HP-UX_B.11.00_32/64,v=HP Automatic Reboot?: No Status: General Release Critical: No Category Tags: defect_repair enhancement general_release Path Name: /hp-ux_patches/s700_800/11.X/PHNE_23003 Symptoms: PHNE_23003: 1. JAGab83643/SR 8606110892: rdist fails to handle the hard links properly. 2. JAGad36477/SR 8606167191: rdist sometimes does not handle source and destination paths properly. 3. JAGad43677 / SR 8606174431: "rdist -M" fails to retain permissions of the symbolically linked files on the destination system. 4. JAGad44648 / SR 8606175407: rlogind exits abnormally when the authentication to a klogin service fails. 5. JAGad67581 / SR 8606198391: remshd does not handle authentication properly. 6. JAGad64467 / SR 8606195262: rwhod fails to start on a system with more than 32 interfaces configured. It exits with an error message, "ioctl (get interface configuration)" in syslog.log file. 7. JAGad84516 / SR 8606215328: remshd fails to handle sub shells in some cases. 8. JAGad64866 / SR 8606195662: swverify logs error messages for few r-commands manpages after installing 11.00 install media. PHNE_21731: 1. JAGad05687 / SR 8606136563: remsh fails for a multi-homed system when address resolution is done via NIS server and if the first entry for the hostname doesn't contain the primary IP address in NIS host database. 2. JAGad15036 / SR 8606145700: With the patch PHNE_17030 installed, remshd/rexecd sometimes fails to display the error message while executing a bad command when the user is in ksh. 3. JAGad15647 / SR 8606146303: remsh was failing if a service request was made for any port other than "shell" or "kshell". 4. JAGad06606 / SR 8606137488: ruptime was showing ??:?? for the number of days when the host was up/down for more than 365 days. 5. JAGad25536 / SR 8606156226: In a trusted system, rexecd sometimes disables the account even if the user gives the correct password. 6. JAGad28199 / SR 8606158870: rlogind is intermittently failing to log syslog messages for passwd entry timeouts and for failure in login attempt. 7. JAGad10918 / SR 8606141555: Third_party transfer documentation is not clear in rcp.1 man page. PHNE_17030: 1. JAGab83067: For NFS mount system, when the server has no permissions for other for the user's home directory, then remshd sets the directory to root. 2. JAGab73645: Both remsh and remshd are hanging when a remote process is started through remsh. 3. JAGab21128: remshd and rexecd are not updating the "/var/adm/wtmp" and "/var/adm/btmp" files. 4. JAGab21143: rexecd and remshd don't use PAM for authentication. 5. JAGab31733: When "-pr" option is set, rcp fails to copy the first file following any directory owned by root in the target system. 6. JAGaa42962: When rcp is invoked with wild card characters in the source path it fails to copy the first sub-directory when the target directory is not existing. 7. JAGaa46005: rlogin fails for a multi-homed system when address resolution is done via NIS server. 8. JAGac56656: Customer would like to have next rlogin patch to have dependency on the transport patch PHNE_20094 or later. PHNE_17028: 1. When the patch PHNE_16091 is installed, remshd/rexecd fails to transmit the error message to the client. When the user gives invalid input to remsh/rexec, then the error message will not be displayed to the user. This happens only when the user is in ksh. 2. In NIS environment, rlogin prompts for the password even if there is an entry in the .rhosts file. Even if the user tries to give the password, it will report as Login incorrect. 3. In NIS environment, remsh prompts for the password even if there is an entry in the .rhosts file. Even if the user tries to give the password, it will report as Login incorrect. PHNE_16091: * Wrong permissions on rlogin in PHNE_13620. PHNE_13620: rlogin * rlogin does not handle LANG enviornment variable properly. rlogind * rlogind does not handle long hostname. remsh * ER - remsh with stderr closed returns "fd = 2". * remsh does not handle LANG enviornment variable properly. remshd * remshd does not update login counters properly. rcp * rcp does not clear old errno value. * SR: RCP may show file as being there even if it ran out of disk space. * rcp does not check for proper parameters. * rcp does not handle LANG environment variable properly. rdist * rdist does not check for temporary files before creating them. * rdist does not set process resources properly. * rdist does not process distfile properly. * rdist fails if subdirectory exists that matches remote hostname. PHNE_13546: 1. rexecd does not update trusted systems DB on good logins 2. Package switchover fails when remsh'ed into package filesystems. Defect Description: PHNE_23003: 1. JAGab83643/SR 8606110892 : When rdist is used to distribute hard-linked files, it fails to create the proper destination path. Resolution: rdist code has been modified to create the hard linked files properly. 2. JAGad36477/SR 8606167191: rdist sometimes does not handle source and destination path properly. Resolution: rdist code has been modified to handle source and destination path properly. 3. JAGad43677 / SR 8606174431: The permission of a symbolic linked file is based on the system umask value. rdist should set the umask to a value identical to that of the permission of the source file when it is invoked with '-M' option. However, rdist is not setting the umask appropriately. Resolution: The code has been modified to set the umask to a value appropriate to the permission of the symbolic linked source file before creating it at the destination. 4. JAGad44648 / SR 8606175407: The data structures in the authentication modules used by 'klogin' service are not initialised. Un-initialised data structures caused kerberised rlogind daemon to create a core dump if the authentication for a kerberised rlogin client fails. Resolution: The data structures in the authentication modules have been initialised. 5. JAGad67581 / SR 8606198391: remshd does not handle authentication properly. Resolution: The code has been modified to handle authentication properly. 6. JAGad64467 / SR 8606195262: In rwhod, a limited memory is allocated to store the information about interfaces. Hence it can handle only upto 32 interfaces. Resolution: The code has been modified to handle any number of interfaces upto the system limit. 7. JAGad84516 / SR 8606215328: remshd does not wait until all its sub-child processes finish execution. Resolution: remshd now waits for all the sub-child processes to finish execution. 8. JAGad64866 / SR 8606195662: The /sbin/init.d/inetsvcs script combines the kerberos and non-kerberos manpages, eventhough it is already combined. Resolution: The patch scripts have been modified to ensure the /sbin/init.d/inetsvcs script will not combine the kerberos and non-kerberos manpages. PHNE_21731: 1. JAGad05687 / SR 8606136563: In remshd, there is a concept of reverse lookup, i.e. it cross checks the address it gets via gethostbyaddr() through gethostbyname(). In NIS, there is a problem that it cannot handle multi-homed address properly. For gethostbyname() it queries on the hostname. So if in NIS host database the first entry for the hostname doesn't contain the primary IP address, reverse lookup fails. Resolution: Since this problem in NIS is impossible to fix, we added another new option "-s" in remshd. If this is set reverse lookup is disabled. 2. JAGad15036 / SR 8606145700: In remshd/rexecd the child process writes the error message into a pipe and dies. Sometimes the child process dies before the parent process has read that error message. Then the parent receives a SIGCHLD signal and exits without reading the error message from the pipe. Thus the error message is not getting displayed. Resolution: Now, the parent process after receiving the SIGCHLD signal tries to read from the pipe before doing an exit. Also, the SIGCHLD signal is now blocked during the read operation from the pipe. 3. JAGad15647 / SR 8606146303: Previously, remshd was checking whether the service request is for port "shell" or "kshell". Accordingly, it should start the non-Kerberised or the Kerberised version of the remshd. If the service request is for neither "shell" nor "kshell" port, it used to exit immediately. Resolution: Now remshd checks if the service request is for port "kshell". Then it starts the Kerberised remshd. Otherwise, for any other port it starts the non-Kerberised remshd. 4. JAGad06606 / SR 8606137488: ruptime had a check to see if the machine is up/down for more than 365 days. For that it was printing ??:?? . Resolution: Now the check has been removed so that ruptime can always print the number of days the machine is up/down even if it is up/down for more than 365 days. 5. JAGad25536 / SR 8606156226: For trusted systems, there is a login counter called "culogin" which gives the number of unsuccessful logins. This counter should be reset to "-1" after a successful login. rexecd uses PAM modules for authentication. It was not opening the PAM session to update the login counter. Resolution: rexecd code has been modified so that now it opens the session to update the login counter. 6. JAGad28199 / SR 8606158870: rlogind was ignoring SIGCLD signal while ending rlogin session . Now if it gets SIGCLD signal it was not calling SIGCLD handler, where it was checking for child status and logging syslog message. Hence it was not logging. Resolution: The code has been modified not to ignore the SIGCLD signal. Now it goes to signal handler and logs the message when it gets SIGCLD signal. 7. JAGad10918 / SR 8606141555: Third_party transfer documentation is not clear in rcp.1 man page. Resolution: Now the "rcp.1" man page has been updated to give a Note on Third_party transfer. PHNE_17030: 1. JAGab83067: In remshd "chdir" was called before setuid(). Since, permissions are denied for 'other', chdir() fails, and it is set to the root directory instead. Resolution: chdir() is called again after calling setgid() and setuid(). 2. JAGab73645: In remshd the SIGCHLD signal is not handled properly. It is currently relying on the EOF from the pipe which is used to send error messages from the child to the parent process in remshd. Because of this remshd is hanging in some cases and as a result remsh is also hanging. Resolution: A new signal handler for SIGCHLD has been added which, for remshd, does a shutdown on the socket. 3. JAGab21128: For each login and logout remshd and rexecd must log the necessary information in "/var/adm/wtmp" and "/var/adm/btmp" files as the case may be. Currently this feature is not there. Resolution: Modified the source code to add a new function. It has a parameter from which it decides to which of the two files it should update. 4. JAGab21143: rexecd and remshd were not using PAM for authenticating users. So, only UNIX users will be able to use these services. Resolution: Added code that will use PAM for authentication. 5. JAGab31733: If the target system has a directory owned by the root, and in the source directory there are also other files with a different owner then, rcp fails to copy the first file following the root owned directory. This is due to an error message sent by the remote m/c when utimes() system call fails for the root owned directory. Resolution: Final response is sent from the server to the client after the utimes() system call. 6. JAGaa42962: When rcp is invoked with more than one files to be copied and "-r" option is used, the target directory is not getting created. Resolution: As soon as the server function receives the first file, it checks whether the target directory is existing or not. If the target directory is not existing, then it creates the target directory. Then it copies the first sub-directory to the target directory. 7. JAGaa46005: In rlogind, there is a concept of reverse lookup, i.e. it cross checks the address it gets via gethostbyaddr() through gethostbyname(). In NIS, there is a problem that it cannot handle multi homed address properly. For gethostbyname() it queries on the hostname. So if in NIS host database the first entry for the hostname doesn't contain the primary IP address, reverse lookup fails. Resolution: Since this problem in NIS is impossible to fix, so in rlogind we added another new option "-s". If this is set reverse lookup is disabled. 8. JAGac56656: rlogind does not work properly in 64 bit 11.00 HP-UX systems because of a transport defect. Resolution: Install the transport patch PHNE_20094 or later in those systems. PHNE_17028: 1. The SO_LINGER option was disabled to increase the performance. The child writes into the socket and dies before the parent reads from the socket. So the error message has not been sent to the client. Resolution: The stdout is kept opened in the parent process instead of closing it. If the select call which will enter into the loop when an event occurs, returns the error with EINTR then it continues to wait in the loop otherwise it breaks the loop. By this,the parent process waits till the error message is received which is generated by the child process and passes the error message to the client. 2. In NIS environment, rlogin prompts for the password even if there is an entry in the .rhosts file. The password will not be accepted by rlogind as NIS uses different mechanism to authenticate the user. Earlier the password file is viewed as root user to authenticate the user. Now, that part of the code has been changed to view the password as local user itself. Resolution: The effective user id is stored in temporary variable. Then read the password file as local user and store it in temporary pointer. Set the real user id from the temporary pointer and then read the password file and store it in another pointer.Then set the effective user id back which is stored in the temporary variable. Note that, the effective user id has been changed only when authentication takes place and reverted back once the authentication is done. 3. In NIS environment,remsh prompts for the password even if there is an entry in the .rhosts file.The password will not be accepted by remshd as NIS uses different mechanism to authenticate the user.Earlier the password file is viewed as root user to authenticate the user. Now,that part of the code has been changed to view the password as local user itself. Resolution: The effective user id is stored in temporary variable. Then read the password file as local user and store it in temporary pointer.Set the real user id from the temporary pointer and then read the password file and store it in another pointer.Then set the effective user id back which is stored in the temporary variable.Note that, the effective user id has been changed only when authentication takes place and reverted back once the authentication is done. PHNE_16091: * With PHNE_13620 installed, rlogin gives the error message "rlogin: This program requires super user privileges". PHNE_13620: rlogin * rlogin does not handle LANG enviornment variable properly. rlogind * rlogind does not handle long hostname. remsh * ER - remsh with stderr closed returns "fd = 2". * remsh does not handle LANG enviornment variable properly. remshd * remshd does not update login counters properly. rcp * rcp does not clear old errno value. * SR: RCP may show file as being there even if it ran out of disk space. * rcp does not check for proper parameters. * rcp does not handle LANG environment variable properly. rdist * rdist does not check for temporary files before creating them. * rdist does not set process resources properly. * rdist does not process distfile properly. * rdist fails if subdirectory exists that matches remote hostname. PHNE_13546: 1. The field "passwd->ufld.fd_nlogins" is not reset to zero following a successful login after a number of permissible unsuccessful logins. Because of this single login failures will accumulate and eventually lock the account. 2. 11.0 now honours the SO_LINGER socket option which was was not the case in 10.X. This caused performance problems. The SO_LINGER socket option had to be disabled. SR: 8606110892 8606167191 8606174431 8606175407 8606198391 8606195262 8606215328 8606195662 8606136563 8606145700 8606146303 8606137488 8606156226 8606158870 8606141555 8606110364 8606105517 5003442921 1653305839 5003467134 1653289165 8606126091 5003444007 8606140969 5003446443 4701381525 1653188235 5003422279 1653257212 5003394536 1653234070 5003392761 5003444067 8606225608 Patch Files: InternetSrvcs.INETSVCS-RUN,fr=B.11.00, fa=HP-UX_B.11.00_32/64,v=HP: /usr/bin/rcp /usr/bin/rdist /usr/bin/remsh /usr/bin/rexec /usr/bin/rlogin /usr/bin/ruptime /usr/lbin/remshd /usr/lbin/rexecd /usr/lbin/rlogind /usr/sbin/rwhod /usr/share/doc/pamized_rcom_readme.txt InternetSrvcs.INET-ENG-A-MAN,fr=B.11.00, fa=HP-UX_B.11.00_32/64,v=HP: /usr/share/man/man1m.Z/rlogind.1m /usr/share/man/man1m.Z/remshd.1m /usr/share/man/man1m.Z/rexecd.1m /usr/share/man/man1.Z/rcp.1 what(1) Output: InternetSrvcs.INETSVCS-RUN,fr=B.11.00, fa=HP-UX_B.11.00_32/64,v=HP: /usr/bin/rcp: Copyright (c) 1983 The Regents of the University of California. rcp.c $Revision: 1.18.214.19 $ $Date: 00/08/03 03:00 :04 $ rcp.c 5.20 (Berkeley) 5/23/89 patch id : PHNE_21731 /usr/bin/rdist: $Revision: 1.1.214.3 Fri Nov 2 10:51:32 GMT 2001$ Patch id: PHNE_23003 /usr/bin/remsh: Copyright (c) 1983 The Regents of the University of California. remsh.c $Revision: 1.30.214.5 $ $Date: 98/05/28 06:0 6:43 $ rsh.c 5.7 (Berkeley) 9/20/88 /usr/bin/rexec: Copyright (c) 1983 The Regents of the University of California. remsh.c $Revision: 1.30.214.5 $ $Date: 98/05/28 06:0 6:43 $ rsh.c 5.7 (Berkeley) 9/20/88 /usr/bin/rlogin: Copyright (c) 1983 The Regents of the University of California. rlogin.c $Revision: 1.37.214.7 $ $Date: 98/05/27 23: 39:11 $ /usr/bin/ruptime: Copyright (c) 1983 The Regents of the University of California. ruptime.c $Revision: 1.3.214.2 $ $Date: 96/10/08 13: 24:00 $ ruptime.c 5.5 (Berkeley) 8/25/88 patch id : PHNE_21731 /usr/lbin/remshd: Copyright (c) 1983, 1988 The Regents of the Universi ty of California. rshd.c 5.17.1.2 (Berkeley) 2/7/89 remshd.c $Revision: 1.36.214.15 $ patch id : PHNE_23003 /usr/lbin/rexecd: Copyright (c) 1983, 1988 The Regents of the Universi ty of California. rexecd.c 5.7 (Berkeley) 1/4/89 rexecd.c $Revision: 1.36.214.15 $ patch id : PHNE_23003 /usr/lbin/rlogind: Copyright (c) 1983, 1988 The Regents of the Universi ty of California. rlogind.c $Header: rlogind.c,v 1.19.214.16 00/08/03 02:52:16 Exp $ rlogind.c 5.22.1.7 (Berkeley) 2/7/89 patch id : PHNE_23003 /usr/sbin/rwhod: Copyright (c) 1983 The Regents of the University of California. rwhod.c $Revision: 1.9.214.2 $ $Date: 96/10/08 13:24 :16 $ rwhod.c 5.11 (Berkeley) 8/25/88 patch id : PHNE_23003 /usr/share/doc/pamized_rcom_readme.txt: None InternetSrvcs.INET-ENG-A-MAN,fr=B.11.00, fa=HP-UX_B.11.00_32/64,v=HP: /usr/share/man/man1m.Z/rlogind.1m: None /usr/share/man/man1m.Z/remshd.1m: None /usr/share/man/man1m.Z/rexecd.1m: None /usr/share/man/man1.Z/rcp.1: None cksum(1) Output: InternetSrvcs.INETSVCS-RUN,fr=B.11.00, fa=HP-UX_B.11.00_32/64,v=HP: 3247255660 49152 /usr/bin/rcp 1411163620 73728 /usr/bin/rdist 1665431899 32768 /usr/bin/remsh 277923511 24576 /usr/bin/rexec 4056459234 45056 /usr/bin/rlogin 3198139396 20480 /usr/bin/ruptime 4280848648 36864 /usr/lbin/remshd 2100584632 28672 /usr/lbin/rexecd 492498328 40960 /usr/lbin/rlogind 1978190237 24576 /usr/sbin/rwhod 2170423975 4839 /usr/share/doc/pamized_rcom_readme.txt InternetSrvcs.INET-ENG-A-MAN,fr=B.11.00, fa=HP-UX_B.11.00_32/64,v=HP: 4208879052 7875 /usr/share/man/man1m.Z/rlogind.1m 999890078 10660 /usr/share/man/man1m.Z/remshd.1m 2794857819 3400 /usr/share/man/man1m.Z/rexecd.1m 3954721032 9719 /usr/share/man/man1.Z/rcp.1 Patch Conflicts: None Patch Dependencies: None Hardware Dependencies: None Other Dependencies: None Supersedes: PHNE_13546 PHNE_13620 PHNE_16091 PHNE_17028 PHNE_17030 PHNE_21731 Equivalent Patches: None Patch Package Size: 460 KBytes Installation Instructions: Please review all instructions and the Hewlett-Packard SupportLine User Guide or your Hewlett-Packard support terms and conditions for precautions, scope of license, restrictions, and, limitation of liability and warranties, before installing this patch. ------------------------------------------------------------ 1. Back up your system before installing a patch. 2. Login as root. 3. Copy the patch to the /tmp directory. 4. Move to the /tmp directory and unshar the patch: cd /tmp sh PHNE_23003 5. Run swinstall to install the patch: swinstall -x autoreboot=true -x patch_match_target=true \ -s /tmp/PHNE_23003.depot By default swinstall will archive the original software in /var/adm/sw/save/PHNE_23003. If you do not wish to retain a copy of the original software, include the patch_save_files option in the swinstall command above: -x patch_save_files=false WARNING: If patch_save_files is false when a patch is installed, the patch cannot be deinstalled. Please be careful when using this feature. For future reference, the contents of the PHNE_23003.text file is available in the product readme: swlist -l product -a readme -d @ /tmp/PHNE_23003.depot To put this patch on a magnetic tape and install from the tape drive, use the command: dd if=/tmp/PHNE_23003.depot of=/dev/rmt/0m bs=2k Special Installation Instructions: o When a user executes certain remote commands like "nfs.client start", remsh may appear to hang. This hang is seen as remsh waits for the remote command to complete before exiting. If users wish to avoid this behaviour, users must add the "-m" option to the rexecd/remshd entry in the /etc/inetd.conf file. It should be noted that when remshd/rexecd is started with this option the standard output and standard error messages may not appear on the terminal. o After removing this patch, make sure that the "-m" option for the remshd/rexecd entry does not exist in the /etc/inetd.conf file. If it does exist, remshd/rexecd will fail. o 'remshd' and 'rexecd' binaries that are shipped as part of this patch hereafter will be using PAM for authenticating users. For more details regarding the PAMized versions of 'remshd' and 'rexecd' refer the readme in /usr/share/doc/pamized_rcom_readme.txt o For rlogind to work properly in 64-bit machines the transport patch PHNE_20094 should be installed. o After removing this patch, please remove the "-s" option from remshd/rlogind entry in the file "/etc/inetd.conf" if present. remshd/rlogind may fail with "-s" option if this patch is removed.