
			Patches for Digital UNIX V4.0B

================================================================================

Files:

/usr/ccs/lib/libsecurity.a	RCS: subsystems.c Revision: 4.2.38.2
CHECKSUM: 00433    398
/usr/shlib/libsecurity.so	RCS: subsystems.c Revision: 4.2.38.2
CHECKSUM: 29220    360
--------------------------

Problem:  (SSRT0588U)

A potential security vulnerability has been discovered, where under
certain circumstances, system integrity may be compromised. This may
be in the form of improper file or privilege management. Compaq has
corrected this potential vulnerability.

Installation Instructions:

This patch must be installed on Digital UNIX V4.0B Patch Kit 8 (BL10)
or Patch Kit 9 (BL11) or a later patch kit:

    For Patch Kit 8 (BL10) 07-Aug-1998 (DUV40BAS00008-19980807), the
    following patch must be installed:

	New PatchID: 672.00 (PATCH ID: OSF410-156C)

    For Patch Kit 9 (BL11) 05-Feb-1999 (DUV40BAS00009-19990205), the
    following patch must be installed:

	New PatchID: 923.00 (PATCH ID: OSF410-405520)

    For later patch kits, the above patch (New PatchID: 923.00) or
    whatever patch supercedes it must be installed.

The following instructions assume the patched files are in directory
/patches.

Become superuser and enter the following commands:

# cd /usr/ccs/lib
# cp /patches/libsecurity.a libsecurity.a.new
# chown bin:bin libsecurity.a.new
# chmod 644 libsecurity.a.new
# ln libsecurity.a libsecurity.a.orig
# mv libsecurity.a.new libsecurity.a
# chmod 400 libsecurity.a.orig

# cd /usr/shlib
# cp /patches/libsecurity.so libsecurity.so.new
# chown bin:bin libsecurity.so.new
# chmod 644 libsecurity.so.new
# ln libsecurity.so libsecurity.so.orig
# mv libsecurity.so.new libsecurity.so
# chmod 400 libsecurity.so.orig

Any applications that are linked against the original version of the
static library (libsecurity.a) and that use any of the routines listed
below will need to be relinked against the new version of the library
in order to incorporate this patch.

Affected routines:

    authorized_user()
    sia_chg_finger()
    sia_chg_password()
    sia_chg_shell()

================================================================================
