Patch-ID# 104429-01
Keywords: NFS CMW ACLs access 506005
Synopsis: Trusted Solaris 1.2: CMW ACLs improperly restricts NFS mounted files.
Date: Dec/18/96

Solaris Release: Trusted_Solaris_1.2

SunOS Release:

Unbundled Product:

Unbundled Release:

Relevant Architectures: sparc
    NOTE: sun4 sun4c sun4m

BugId's fixed with this patch: 1256505

Changes incorporated in this version: 

Patches accumulated and obsoleted by this patch: 

Patches which conflict with this patch: 

Patches required with this patch: 

Obsoleted by: 

Files included with this patch: 

README			 - This file.

install_patch		 - Script to install the appropriate patch
			   components for the machine on which it
			   is run.

nis_master.<arch>.tar.Z  - Patches for NIS master machines for each
			   supported architecture.

nis_client.<arch>.tar.Z  - Patches for NIS client machines for each
			   supported architecture.

diskless.<arch>.tar.Z    - Patches for diskless machines for each
			   supported architecture.

Problem Description: 

THIS PATCH DOES NOT APPLY TO 4.1.1, 4.1.2, 4.1.3, 4.1.3_U1, CMW 1.0, OR
TRUSTED SOLARIS 1.1 SYSTEMS.

This patch contains a fix for the following bug(s):

Note:	In the following lists of files, the export/exec path prefix is
	used to load files into the appropriate places on the machine.
	For example, export/exec/kvm/<arch> is used to refer to
	/usr/kvm on a machine where <arch> is the native architecture.

Bug:	1256505
Desc:	CMW ACLs do not properly restrict access over NFS. Esc: 506005
Files:	export/exec/kvm/sun4/sys/sun4/OBJ/nfs_vnodeops.o
	export/exec/kvm/sun4c/sys/sun4c/OBJ/nfs_vnodeops.o
	export/exec/kvm/sun4m/sys/sun4m/OBJ/nfs_vnodeops.o

Patch Installation Instructions: 

1.	Boot the machine single user, clean the disks, and start a csh(1).

		> b -s
	or
		ok boot -s

		# fsck -f -p
		# exec csh
		<host># source /.cshrc
		<host># source /.login

2.	Load this patch in a location that has disk space.  This
	example assumes that /var is a separate partition and that
	the patch is delivered on tape.

	<host># mount /var
	<host># cd /var
	<host># mkdir -p patches/<PATCH_NUMBER_HERE>
	<host># cd patches/<PATCH_NUMBER_HERE>
	<host># tar xvf /dev/rst0

3.	Install the patch and check the "log" for errors.
	<host># ./install_patch |& tee log
	<host># vi log

3a.	This patch contains changes to the machine's kernel. In order
	for the changes to take effect, the kernel must be reconfigured.

	To reconfigure the kernel, follow the procedure in the README
	file, located in the /export/exec/kvm/<arch>/sys/<arch>/conf 
	directory for each architecture.

4.	Reboot the machine.
	<host># cd /
	<host># umount -at cfs
	<host># sync; sync; sync; reboot
