Patch Name: PHNE_28312

Patch Description: s700_800 11.00 inetd(1M) cumulative patch

Creation Date: 03/02/24

Post Date: 03/04/30

Hardware Platforms - OS Releases:
	s700: 11.00
	s800: 11.00

Products: N/A

Filesets:
	InternetSrvcs.INETSVCS-INETD,fr=B.11.00,fa=HP-UX_B.11.00_32/64,v=HP
	InternetSrvcs.INET-ENG-A-MAN,fr=B.11.00,fa=HP-UX_B.11.00_32/64,v=HP

Automatic Reboot?: No

Status: General Release

Critical:
	Yes
	PHNE_28312: ABORT

Category Tags:
	defect_repair general_release critical halts_system

Path Name: /hp-ux_patches/s700_800/11.X/PHNE_28312

Symptoms:
	PHNE_28312:
	1. JAGae03841 /SR 8606234646
	   inetd may dump core with signal 11 SIGSEGV, when an xti
	   service of type "wait" or "swait" is enabled in the
	   /etc/inetd.conf file.

	2. JAGad01042 /SR 8606131892
	   Using inetd with "-l" option may cause inbound connection
	   delay.

	3. JAGae53246 /SR 8606289315
	   For UDP services, operations related to hostname do not
	   work in inetd. For example, inetd.sec access restrictions
	   do not work if the hostname is specified for UDP
	   services, and inetd, when run with the -l option for UDP
	   services, does not log hostname to the syslog file.

	PHNE_21835:

	1. JAGad03290 /SR 8606134150:
	   inetd is not working properly.

	2. JAGaa27205 /SR 5003424598:
	   "swait" option was not documented in "inetd.conf.4"
	   manpage.

	3. JAGaa27237 /SR 5003426296:
	   When a user changes the field "wait" to "swait" or
	   vice-versa in the configuration file "/etc/inetd.conf",
	   and runs "inetd -c" to reflect the above change, the
	   same is not getting reflected.

	4. JAGaa27203 /SR 5003426304:
	   inetd was logging incorrect source address for the
	   services in "swait" state.

	5. JAGaa95817 /SR 8606147527:
	   The listen backlog requested by inetd is too small.

	6. JAGac40194 /SR 8606124802:
	   Child inetd process may hang for non-root service on
	   trusted 11.0 system.

	PHNE_17027:

	1. Inetd does not detect that the services' listen
	   socket is invalid.

	2. On systems where auditing is enabled when inetd
	   is started or stopped, user id displayed in the
	   log is ???? instead of root.

	3. Inetd may terminate in circumstances where it should
	   not.

	4. Inetd startup script /sbin/init.d/inetd does
	   not handle exit codes consistently. When inetd
	   is started, if there is any error the exit code
	   is not printed.

Defect Description:
	PHNE_28312:
	1. JAGae03841 /SR 8606234646
	   While handling xti services with the "wait" or "swait"
	   option enabled in the /etc/inetd.conf file, inetd does
	   not reset the data structures after an application,
	   spawned by inetd, completes its execution.

	Resolution:
	   inetd now resets the data structures after an application
	   completes execution.

	2. JAGad01042 /SR 8606131892
	   inetd -l causes inbound connection delay if the hostname
	   lookup required for logging is slow.

	Resolution:
	  A new option "-s" is provided to suppress the hostname in
	  the connection log message.

	3. JAGae53246 /SR 8606289315
	   For UDP  services, inetd performs a hostname look-up to
	   resolve the hostname using  gethostbyaddr(). The hostname
	   look-up fails because the address family argument is not
	   set properly in  gethostbyaddr(). Hence, operations
	   related to hostname do not work in inetd for UDP
	   services.

	Resolution:
	   The address family argument is now set properly in
	   gethostbyaddr() while doing hostname look-up so that the
	   operations related to hostname work properly in inetd.

	PHNE_21835:

	1. JAGad03290 /SR 8606134150:
	   inetd is not working when a service in "swait" state is
	   not working properly and there is only one service
	   spawned by inetd before this service.

	Resolution:
	   inetd code has been modified to make inetd work properly.

	2. JAGaa27205 /SR 5003424598:
	   "swait" option was not documented in "inetd.conf.4"
	   manpage.

	Resolution:
	   "inetd.conf.4" manpage has been updated to contain this
	   information.

	3. JAGaa27237 /SR 5003426296:
	   With the command "inetd -c", inetd was not reconfiguring
	   its database for the field change from "wait" to
	   "swait" and vice versa in the file "/etc/inetd.conf".

	Resolution:
	   During the reconfiguration of the service table for inetd
	   now necessary modification has been done to reflect the
	   change.

	4. JAGaa27203 /SR 5003426304:
	   For the services in "swait" state, inetd logs the source
	   address of the previous service. If this is the first
	   service spawned by inetd, it logs (0.0.0.0) instead.
	   This is because inetd was logging the source address
	   information without accepting the connection.

	Resolution:
	   inetd is now logging a different message for the services
	   in "swait" state.

	5. JAGaa95817 /SR 8606147527:
	   The listen backlog requested by inetd is too small.
	   The value is hardcoded to 128. A busy Internet FTP
	   download server could easily see more than 128
	   simultaneous connection requests come in.

	Resolution:
	   Now the listen backlog has been increased from 128 to
	   1024.

	6. JAGac40194 /SR 8606124802:
	   When a request for the non-root service arrives, inetd
	   forks a child which hangs prior to exec'ing the
	   appropriate executable. This is because the libsec
	   functions are not closing all the files they are
	   opening.

	Resolution:
	   Modified the inetd trusted systems code to close all
	   file pointers opened by the libsec functions.

	PHNE_17027:

	1. Inetd does not detect that a services' listen socket
	   is invalid.

	Resolution:

	- Inetd now has additional checks for socket validity.

	2. Convert a system to a trusted system and enable
	   auditing on the system. When the "audit events"
	   log is checked, user id column has an entry
	   "????" instead of root.

	Resolution:

	- Auditing code was not present in inetd. Added
	  code that does proper logging when auditing
	  is enabled.

	3. Inetd may terminate in circumstances where it should
	   not.

	Resolution:

	- Inetd now detects the circumstances and doest not
	  exit.

	4. Inetd startup script prints proper exit code on
	   erroneous shutdown whereas it does not print the
	   exit code on erroneous startup.

	Resolution:

	- Changed the startup script to handle exit code
	  on startup and shutdown consistently.

Enhancement:
	No

SR:
	8606134150 5003424598 5003426296 5003426304 8606147527
	8606124802 5003426312 5003414375 5003353433 1653283622
	8606234646 8606131892 8606289315

Patch Files:
	
	InternetSrvcs.INETSVCS-INETD,fr=B.11.00,
		fa=HP-UX_B.11.00_32/64,v=HP:
	/usr/sbin/inetd
	/sbin/init.d/inetd

	InternetSrvcs.INET-ENG-A-MAN,fr=B.11.00,
		fa=HP-UX_B.11.00_32/64,v=HP:
	/usr/share/man/man4.Z/inetd.conf.4
	/usr/share/man/man1m.Z/inetd.1m

what(1) Output:
	
	InternetSrvcs.INETSVCS-INETD,fr=B.11.00,
		fa=HP-UX_B.11.00_32/64,v=HP:
	/usr/sbin/inetd:
		Copyright (c) 1983 Regents of the University of Cali
			fornia.
		Revision: 1.12.214.4  Mon Feb 24 11:33:02 GMT 2003
		Patch id: PHNE_28312
	/sbin/init.d/inetd:
		inetd $Revision: 1.4.214.2 $ $Date: 96/10/08 13:24:2
			9 $

	InternetSrvcs.INET-ENG-A-MAN,fr=B.11.00,
		fa=HP-UX_B.11.00_32/64,v=HP:
	/usr/share/man/man4.Z/inetd.conf.4:
		None
	/usr/share/man/man1m.Z/inetd.1m:
		None

cksum(1) Output:
	
	InternetSrvcs.INETSVCS-INETD,fr=B.11.00,
		fa=HP-UX_B.11.00_32/64,v=HP:
	1859373327 57344 /usr/sbin/inetd
	2759703002 1406 /sbin/init.d/inetd

	InternetSrvcs.INET-ENG-A-MAN,fr=B.11.00,
		fa=HP-UX_B.11.00_32/64,v=HP:
	831194641 2881 /usr/share/man/man4.Z/inetd.conf.4
	4212764907 6664 /usr/share/man/man1m.Z/inetd.1m

Patch Conflicts: None

Patch Dependencies:
	s700: 11.00: PHNE_26771
	s800: 11.00: PHNE_26771

Hardware Dependencies: None

Other Dependencies: None

Supersedes:
	PHNE_17027 PHNE_21835

Equivalent Patches: None

Patch Package Size: 110 KBytes

Installation Instructions:
	Please review all instructions and the Hewlett-Packard
	SupportLine User Guide or your Hewlett-Packard support terms
	and conditions for precautions, scope of license,
	restrictions, and, limitation of liability and warranties,
	before installing this patch.
	------------------------------------------------------------
	1. Back up your system before installing a patch.

	2. Login as root.

	3. Copy the patch to the /tmp directory.

	4. Move to the /tmp directory and unshar the patch:

		cd /tmp
		sh PHNE_28312

	5. Run swinstall to install the patch:

		swinstall -x autoreboot=true -x patch_match_target=true \
			  -s /tmp/PHNE_28312.depot

	By default swinstall will archive the original software in 
	/var/adm/sw/save/PHNE_28312.  If you do not wish to retain a
	copy of the original software, include the patch_save_files
	option in the swinstall command above:

		-x patch_save_files=false

	WARNING: If patch_save_files is false when a patch is installed,
		 the patch cannot be deinstalled.  Please be careful
		 when using this feature.

	For future reference, the contents of the PHNE_28312.text file is 
	available in the product readme:

		swlist -l product -a readme -d @ /tmp/PHNE_28312.depot

	To put this patch on a magnetic tape and install from the
	tape drive, use the command:

		dd if=/tmp/PHNE_28312.depot of=/dev/rmt/0m bs=2k

Special Installation Instructions: None