I recently posted asking for suggestions on appropriate patches to
install along with SunOS 4.1.2. This is the summary. I have marked
with a star patches that fix known security problems; everyone should
probably run the file-permissions script (it's not specifically
labelled for 4.1.2, but it's basically harmless and just tries to fix a
few bad setuid settings on some files) and install the rdist patch.
People using yppasswdd or pwdauthd should install the C2 jumbo patch.
100075-08 lockd jumbo patch
100103-10 *script to change file permissions to a more secure mode
100188-02 pty can get output from another application
100224-03 program "mail" "rmail" problem in delivering mail
100249-03 automounter JUMBO patch
100303-02 system freezes using loopback interface
100342-02 NIS client needs long recovery time if server reboots
100359-04 streams jumbo patch
100383-04 *rdist security enhancement
100458-01 Setitimer sometimes fails to deliver a SIGALRM.
100469-01 cdrom mount error messages
100474-01 Assertion Failure on 1.3GB Elite Drive
100490-01 patches for libxpg
100505-01 Zero length directories can be left on system
100507-01 tmpfs fix
100539-01 umount of busy hsfs filesystem causes panic data fault
100564-01 *C2 Jumbo patch
100570-01 ie0 ethernet jumbo patch
The following patches may be useful for people with different hardware
or software environments than ours. Note that patches 474, 475, and
544 are not listed in the current set of 4.1.2 patches in the Sun
database, but are labelled specifically for 4.1.2. (Curious!) 425 is
not labelled for 4.1.2, but fixes the old problem of using "sri-nic.arpa"
as the address for the "whois" command; we just fix this with emacs.
10377-02 is a 4.1.1 patch, but is probably still better than the
buggy 4.1.2 version of sendmail...
100274-02 dup biodone related panics
100338-04 system crashes with assertion failed panic
100377-02 Sendmail.mx doesn't recognize wildcard, etc.
100407-03 accounting files are corrupted (and other acct problems)
100425-01 whois gets host unknown when using the hard coded NICHOST
100431-03 Performance improvements for GT
100453-01 GT DVMA window size can be increased
100475-01 mmap system call on galaxy causes BAD TRAP
100484-01 esp0 appears about 20 times a day on console
100494-01 munmap'ing ctl register page clobbers shmem buffer
100495-01 asynch I-O on a sun4m machine causes panics
100496-01 ptrace panic with a memory fault
100511-01 SunDiag cg6test failed on segmentation violation
100516-01 increase HEAPBYTES to prevent system hangs
100521-01 GT crash using screenload if mouse is moving
100527-01 rsh uses old-style selects instead of 4.0 selects
100531-01 libc jumbo patch
100536-01 NFS can cause panic: assertion failed crashes
100537-01 async i-o peaks can hang system
100542-01 MP with cg6 and prestoserve crashes on ipi
100544-01 Mailtool3.0
100547-01 sundiag fputest kvm_open failed
100569-01 xnews and mouse freeze running GT accelerated application
The following patches were also suggested by one or two people, but as
they seem to be, by and large, older patches that aren't listed in the
4.1.2 patch set, we decided not to install them (possibly our mistake!):
100272-04 in.comsat daemon fails with 8-character login names
100296-02 netgroup exports to world via rpc.mountd
100448-01 OpenWindows 3.0: loadmodule is a security hole.
For those people interested in finding patches on the Internet, let me
recommend archie. UUNET does not have particularly current patches,
and some that they do have are at old revision levels. It's also quite
easy to get patches from Sun, either by email or by snail mail.
As a final note, let me repeat Sun's traditional caution about patches:
except for security-related patches, your best bet is to apply a patch
only once you actually have a problem; otherwise you may end up causing
yourself extra problems with patches that don't work well together.
Thanks to Robert Harker <harker@harker.com>, Alain Brossard
<brossard@sasun1.epfl.ch>, Stefan.Turowski@informatik.uni-erlangen.de,
and F. L. Charles Seeger III <seeger@thedon.cis.ufl.edu>.
Chris Metcalf
ps. For those of you who got this far, a question: is the new
/usr/lib/lpd immune to the bug fixed in 100305 (moving /dev/printer to
/dev/lpd/printer, etc.)? lpd seems to be newer, but... ?
-- Chris Metcalf, MIT Laboratory for Computer Science metcalf@lcs.mit.edu // +1 (617) 253-7766
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:06:40 CDT