Patch-ID# 104593-04
Keywords: auditreduce audit option -u -j token window SIGWINCH y2000 pathname
Synopsis: Trusted Solaris 1.2: Auditreduce patch
Date: May/05/99

Solaris Release: Trusted_Solaris_1.2

SunOS Release: 

Unbundled Product:

Unbundled Release:

Relevant Architectures: sparc
    NOTE: sun4 sun4c sun4m

BugId's fixed with this patch: 4024600 4067945 4128648 4153132 4216307

Changes incorporated in this version:  4216307

Patches accumulated and obsoleted by this patch: 104593-03

Patches which conflict with this patch:

Patches required with this patch: 

Obsoleted by: 

Files included with this patch: 

README			 - This file.

install_patch		 - Script to install the appropriate patch
			   components for the machine on which it
			   is run.

nis_master.<arch>.tar.Z  - Patches for NIS master machines for each
			   supported architecture.

nis_client.<arch>.tar.Z  - Patches for NIS client machines for each
			   supported architecture.

diskless.<arch>.tar.Z    - Patches for diskless machines for each
			   supported architecture.

Problem Description: 

THIS PATCH DOES NOT APPLY TO 4.1.1, 4.1.2, 4.1.3, 4.1.3_U1, CMW 1.0, OR
TRUSTED SOLARIS 1.1 SYSTEMS.

This patch contains a fix for the following bug(s):

Note:	In the following lists of files, the export/exec path prefix is
	used to load files into the appropriate places on the machine.
	For example, export/exec/kvm/<arch> is used to refer to
	/usr/kvm on a machine where <arch> is the native architecture.

Bug:	4024600
Desc:	replaced code for command line option "-j" which was removed in 
	version 3.6 of "option.c". Esc. 508177

Bug:	4067945
Desc:	auditreduce catches and terminates on benign signals. Change back 
	default action for SIGWINCH, SIGTTOU, SIGTTIN, rather  than catch 
	them and terminate. Esc. 514017

Bug:	4128648
Desc:	audit reduce "-u" flag matches uid on attribute tokens, in addition
	to matching auid on subject tokens.  Change attribute record code
	to match on "-e" flag (effective instead of "-u" flag (audit uids). 
	Esc. 514299

Bug:	4153132
Desc:	auditreduce does not recognize 2/29/2000

Bug:	4216307
Desc:	auditreduce can SEGV on long pathnames, because buffers are statically
	allocated, and max. length is not checked. Read long pathnames 
	incrementally and/or use dynamic allocation of buffers. Check for
	very long pathnames which result in no string being written to audit
	trail.

Files:	etc/auditreduce
	etc/praudit

Patch Installation Instructions: 

1.	Boot the machine single user, clean the disks, and start a csh(1).

		> b -s
	or
		ok boot -s

		# fsck -f -p
		# exec csh
		<host># source /.cshrc
		<host># source /.login

2.	Load this patch in a location that has disk space.  This
	example assumes that /var is a separate partition and that
	the patch is delivered on tape.

	<host># mount /var
	<host># cd /var
	<host># mkdir -p patches/<PATCH_NUMBER_HERE>
	<host># cd patches/<PATCH_NUMBER_HERE>
	<host># tar xvf /dev/rst0

3.	Install the patch and check the "log" for errors.
	<host># ./install_patch |& tee log
	<host># vi log

4.	Reboot the machine.
	<host># cd /
	<host># umount -at cfs
	<host># sync; sync; sync; reboot
