Summary: patch 111570-03 for Solaris 8 wont install though uucp is present

From: Gold Sun <goldsun8_at_yahoo.com.sg>
Date: Tue Sep 13 2005 - 22:44:52 EDT
Many thanks to Casper, Joel, Deluca & Daniel & Lance.  I've
decided to post just Casper's reply below as it covers all.
 
uucp is removed as it's part of Solaris hardening required by
our corporate compliance.  I'm going to explain to the security
compliant person that either we put back uucp & apply the
patch or we waive the patch.  In case he asks for uucp to
be restored, apply the patch, then remove uucp again, do
you think this is a wise thing to do?  The ownership of
uucp became root (with sticky bit on) possibly a side-
consequence of the Solaris hardening.
 
 
Thanks
 
-------------------------  Casper's reply ---------------------------------
 
>I'm applying the above patch for the fact that uucp is present :
># ls -ld /usr/bin/uucp
>---s--x--x   1 root     other      67192 Jul 29  2003 /usr/bin/uucp
>
>However, the patchadd ./111570-03 fails with the following errors:
 
You've changed your system in several unsupported and *dangerous* ways:
 - removed uucp group and user id (thus breaking uucp)
 - chown the files to root (thus making exploits which give *uucp*
   access suddenly exploits giving *root* access.
Either remove the uucp packages or restore them to their factory 
settings.
(restore the uucp user and restore file permissions)
 
 
 
================ original question ======================
 
Date:Tue, 13 Sep 2005 17:44:43 +0800 (CST)From:"Gold Sun" <goldsun8@yahoo.com.sg> To:sunmanagers@sunmanagers.orgSubject:patch 111570-03 for Solaris 8 wont install though uucp is present
Hi based on the urlhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-57508-1&searchclause=security I'm applying the above patch for the fact that uucp is present :# ls -ld /usr/bin/uucp---s--x--x   1 root     other      67192 Jul 29  2003 /usr/bin/uucpHowever, the patchadd ./111570-03 fails with the following errors: # more /var/tmp/111570* | more::::::::::::::/var/tmp/111570-03.log.21010::::::::::::::This appears to be an attempt to install the same architecture andversion of a package which is already installed.  This installationwill attempt to overwrite this package.Dryrun complete.No changes were made to the system.This appears to be an attempt to install the same architecture andversion of a package which is already installed.  This installationwill attempt to overwrite this package.pkgadd: ERROR: unable to create package object </usr/lib/uucp>.    group name <uucp> not found in group table(s)    owner name <uucp> not found in passwd table(s)ERROR: attribute verification
 of </usr/bin/uucp> failed    group name <uucp> not found in group table(s)    owner name <uucp> not found in passwd table(s)ERROR: attribute verification of </usr/bin/uuglist> failed--More--    group name <uucp> not found in group table(s)    owner name <uucp> not found in passwd table(s)ERROR: attribute verification of </usr/bin/uustat> failed    group name <uucp> not found in group table(s)    owner name <uucp> not found in passwd table(s)ERROR: attribute verification of </usr/bin/uux> failed    group name <uucp> not found in group table(s)    owner name <uucp> not found in passwd table(s)ERROR: attribute verification of </usr/lib/uucp> failed    group name <uucp> not found in group table(s)    owner name <uucp> not found in passwd table(s)ERROR: attribute verification of </usr/lib/uucp/bnuconvert> failed    group name <uucp> not found in group table(s)    owner name <uucp> not found in passwd table(s)ERROR: attribute verification of </usr/lib/uucp/uucheck> failed    group name
 <uucp> not found in group table(s)    owner name <uucp> not found in passwd table(s)ERROR: attribute verification of </usr/lib/uucp/uucico> failed    group name <uucp> not found in group table(s)    owner name <uucp> not found in passwd table(s)ERROR: attribute verification of </usr/lib/uucp/uucleanup> failed    group name <uucp> not found in group table(s)    owner name <uucp> not found in passwd table(s)ERROR: attribute verification of </usr/lib/uucp/uusched> failed    group name <uucp> not found in group table(s)    owner name <uucp> not found in passwd table(s)ERROR: attribute verification of </usr/lib/uucp/uuxqt> failed    group name <uucp> not found in group table(s)    owner name <uucp> not found in passwd table(s)Installation of <SUNWbnuu> partially failed.  <== When I issue "ls -ld /var/sadm/patch/111570* ",it returns nothing, ie the patch is not installed. Appreciate any inputs, many thanks



 
 

Send instant messages to your online friends http://asia.messenger.yahoo.com 
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
Received on Tue Sep 13 22:45:29 2005

This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:43:51 EST