After posting my 1st summary, I received many replies for vulnerability of vold.
Some of them pointed me to CERT and AUSCERT. I had already been there but they
didn't have any patch info about it. Finally, Casper (casper@holland.sun.com)
sent me the details of patches which I got from sunsolve1.sun.com and installed
on my machine.
His reply :
the vulnerability should have been fixed with Sun patches.
It's bug #1261308, fixed in
2.4/SPARC 101907-14 (this fixed in -13, -14 has new security fix)
2.4/x86 101908-14 (same here)
2.5/SPARC 104015-01
2.5/x86 104016-01
2.5.1/SPARC 104010-01
2.5.1/x86 104011-01
2.5.1/PPC 104012-01
Casper
----- Begin 1st Summary -----
The first reply was bull's eye ! I had to check and uncomment few lines in
/etc/rmmount.conf, and restart vold. Floppy window is being popped now !
Thanks to Michael Sullivan(mike@trdlnk.com) (and others whose reply are on my
way).
However, I found following comment in this file :
# Following line commented out to remove vold vulnerability
# action floppy action_filemgr.so
Now I have to figure out the vulnerability part !
....manjeet
------------------- Original Question Follows ----------------------------
Hello Managers,
I have an ages old question with a slight twist (yes, I have gone thru' FAQ
and Sunmanagers summaries :) ) :
The system in question is Sparc 5 running Solaris 2.5.1. Whenever a DOS floppy
is put in and "Check for floppy" button is pressed, system checks and does
nothing, i.e. it doesn't open another window showing floppy contents. However,
if I type in "/floppy" in "Go To" field, it happily finds the floppy and its
contents. My users keep calling for this problem thinking the drive is bad.
To make the matters worse, one the systems does pop up another window when
floppy is inserted (Sparc LX running Solaris 2.5.1) ; vold is running in
both machines and /etc/vold.conf is same for both machines.
I checked pkginfo on both machines and found they both have following
installed :
SUNWvolg, SUNWvolr, and SUNWvolu
I am running out of ideas. Any hints ?
Summary will follow.
Thanks
....manjeet
(manjeet@eng.es.xerox.com)
----- End Original Question -----
----- End 1st Summary -----
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:11:51 CDT