Many thanks to Casper, Joel, Deluca & Daniel & Lance. I've decided to post just Casper's reply below as it covers all. uucp is removed as it's part of Solaris hardening required by our corporate compliance. I'm going to explain to the security compliant person that either we put back uucp & apply the patch or we waive the patch. In case he asks for uucp to be restored, apply the patch, then remove uucp again, do you think this is a wise thing to do? The ownership of uucp became root (with sticky bit on) possibly a side- consequence of the Solaris hardening. Thanks ------------------------- Casper's reply --------------------------------- >I'm applying the above patch for the fact that uucp is present : ># ls -ld /usr/bin/uucp >---s--x--x 1 root other 67192 Jul 29 2003 /usr/bin/uucp > >However, the patchadd ./111570-03 fails with the following errors: You've changed your system in several unsupported and *dangerous* ways: - removed uucp group and user id (thus breaking uucp) - chown the files to root (thus making exploits which give *uucp* access suddenly exploits giving *root* access. Either remove the uucp packages or restore them to their factory settings. (restore the uucp user and restore file permissions) ================ original question ====================== Date:Tue, 13 Sep 2005 17:44:43 +0800 (CST)From:"Gold Sun" <goldsun8@yahoo.com.sg> To:sunmanagers@sunmanagers.orgSubject:patch 111570-03 for Solaris 8 wont install though uucp is present Hi based on the urlhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-57508-1&searchclause=security I'm applying the above patch for the fact that uucp is present :# ls -ld /usr/bin/uucp---s--x--x 1 root other 67192 Jul 29 2003 /usr/bin/uucpHowever, the patchadd ./111570-03 fails with the following errors: # more /var/tmp/111570* | more::::::::::::::/var/tmp/111570-03.log.21010::::::::::::::This appears to be an attempt to install the same architecture andversion of a package which is already installed. This installationwill attempt to overwrite this package.Dryrun complete.No changes were made to the system.This appears to be an attempt to install the same architecture andversion of a package which is already installed. This installationwill attempt to overwrite this package.pkgadd: ERROR: unable to create package object </usr/lib/uucp>. group name <uucp> not found in group table(s) owner name <uucp> not found in passwd table(s)ERROR: attribute verification of </usr/bin/uucp> failed group name <uucp> not found in group table(s) owner name <uucp> not found in passwd table(s)ERROR: attribute verification of </usr/bin/uuglist> failed--More-- group name <uucp> not found in group table(s) owner name <uucp> not found in passwd table(s)ERROR: attribute verification of </usr/bin/uustat> failed group name <uucp> not found in group table(s) owner name <uucp> not found in passwd table(s)ERROR: attribute verification of </usr/bin/uux> failed group name <uucp> not found in group table(s) owner name <uucp> not found in passwd table(s)ERROR: attribute verification of </usr/lib/uucp> failed group name <uucp> not found in group table(s) owner name <uucp> not found in passwd table(s)ERROR: attribute verification of </usr/lib/uucp/bnuconvert> failed group name <uucp> not found in group table(s) owner name <uucp> not found in passwd table(s)ERROR: attribute verification of </usr/lib/uucp/uucheck> failed group name <uucp> not found in group table(s) owner name <uucp> not found in passwd table(s)ERROR: attribute verification of </usr/lib/uucp/uucico> failed group name <uucp> not found in group table(s) owner name <uucp> not found in passwd table(s)ERROR: attribute verification of </usr/lib/uucp/uucleanup> failed group name <uucp> not found in group table(s) owner name <uucp> not found in passwd table(s)ERROR: attribute verification of </usr/lib/uucp/uusched> failed group name <uucp> not found in group table(s) owner name <uucp> not found in passwd table(s)ERROR: attribute verification of </usr/lib/uucp/uuxqt> failed group name <uucp> not found in group table(s) owner name <uucp> not found in passwd table(s)Installation of <SUNWbnuu> partially failed. <== When I issue "ls -ld /var/sadm/patch/111570* ",it returns nothing, ie the patch is not installed. Appreciate any inputs, many thanks Send instant messages to your online friends http://asia.messenger.yahoo.com _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagersReceived on Tue Sep 13 22:45:29 2005
This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:43:51 EST