IRIX Base Documentation 2002 November

home *** CD-ROM | disk | FTP | other *** search

/ IRIX Base Documentation 2002 November / SGI IRIX Base Documentation 2002 November.iso / usr / relnotes / trix / ch4.z / ch4

Wrap

Text File | 2002-10-08 | 27.9 KB | 859 lines

- 1 - 4. _B_u_g__F_i_x_e_s This chapter lists the bug fixes in Trusted Irix/CMW since the last release (4D1-6.5). Some descriptions include a SGI bug report number in the form _X_X_X_X or _X_X_X_X_X_X. 4.1 _T_r_u_s_t_e_d__I_R_I_X_/_C_M_W__6_._5_._1_8 +o #640900 messages sent to all terminals on shutdown will be seen on terminals at ALL labels +o Networking fixes +o #859184 Some MAC specific code in Trusted Networking (esp. SAMP) is now more robust, and copes better under system duress. Memory management has also been improved so that MAC label allocation is done in its own heap memory zone to reduce coupling with other kernel subsystems. +o #861790 The new Tigon-3 Gigabit ethernet driver now works under Trusted IRIX. +o Filesystem fixes +o #850355 NFS: Fixed a problem with NFS under TRIX so that files are properly created with MAC labels when the creating users umask restricts access to files. +o #863831 New UDF driver is supported under TRIX. +o #860925 directories are properly removed if insufficient MAC clearance on create. +o #616022 Locally mounted file systems (except efs) will now be mounted at the eag:mac-default label specificed in the mount options. Previously only the default of msenhigh/mintlow was be used. +o #804228 XLV: provided adequate capabilities to xlv_assemble, and some other changes for reviving of data after plexes are attached. +o #820721 fixed minimum acls so that default ACL group permission are not not overriden by mode arg. +o Auditing fixes - 2 - +o #847865 Users viewing the contents of /proc will now only see processes at their label. Aside from being the expected operation of /proc, it also means that far fewer audit records are generated as it traverses the directory tree with 'ls'. +o #816251 satd has been modified to properly abort if sat_reduce is running. +o X desktop fixes +o #771055 Fixed operation of startgfx after stopgfx has been used. +o #753569 "Trusted Path" information on the Trusted Panel is now shown correctly on first logging into an X session. 4.2 _T_r_u_s_t_e_d__I_R_I_X_/_C_M_W__6_._5_._1_7 +o #844033 Startup: more capabilities provided to /etc/init.d/checkdev so that creation of printer devices works properly. +o #844052 /etc/init.d/{sn0start,snstart} have been provided with more capabilities on boot to properly copy prom logs to SYSLOG. +o #844052 /etc/init.d/{sn0start,snstart} have been provided with more capabilities on boot to properly copy prom logs to SYSLOG. +o #844115 /usr/sbin/par is now available to users at labels other than dblow, but only for programs without capabilities. +o #845621 Use of ipcrm's -q switch will now no longer cause kernel panics when supplied with a non-valid id. +o #850587 login now fixed to gracefully exit and send appropriate messages to SYSLOG when a user attempts to login with invalid CAP specification. +o #850790 /usr/sbin/ci and co are now labelled dblow. +o #856343 improved the listing of switches on the sn0log manpage. +o Filesystem fixes - 3 - +o #842463 Startup of autofsd has now been properly Trixified. +o #857210 CXFS: provided additional capabilities to umount and clconfd so that forced umounts can be properly effected. +o #857352 cxfs_shutdown now uses more capabilities when doing forced umounts. +o #858269 CXFS: Improved creation of symlinks on CXFS volumes. +o #823296 Now properly handles /tmp as a symbolic link on startup. +o #842569 autofs must now be started by dblow user. +o #824850 Action of creating files and applying MAC labels is now an atomic operation. This is required for distributed filesystems such as CXFS, in which the time difference between the two operations is signficant. +o Audit fixes +o #836349 updated the satd manpage to properly refer to the satd.options file. +o #852980 sat_reduce manpage has been updated to better document that sat_reduce31 is no longer supported for anything but reading old logfiles. +o #847219 Audit: satd's -s switch now works properly under TRIX. +o Network fixes +o #839079 the egconfig command is now properly Trixified. +o #854275 rhost now properly copies def_gids information into the kernel database. 4.3 _T_r_u_s_t_e_d__I_R_I_X_/_C_M_W__6_._5_._1_6 +o #835791 suattr is no longer dependent on nsd in determining if running as root - 4 - +o #843770 Eliminated kernel panic when using msgctl system call. +o #843894 lpstat's -c switch now works for users other than administrators under TRIX. +o #846984 lp user is now able to run /usr/lib/lpsched. +o #848456 Setcap programs and cap_recalc +o #835701 ps now displays information for processes that users do not have read permission too. +o Network fixes +o #842062 ifconfig can now set ip aliases when supplied with adequate capabilities. +o #827420,838127 Fix a problem with CIPSO networking in which sending of packets wouldn't work on first powering up the system unless packets had first been received. +o Common Criteria Evaluation work +o Various modifications required for Common Criteria Evaluation purposes. This includes additional audit record generation, and added DAC/MAC/CAP checks to some system calls. 4.4 _T_r_u_s_t_e_d__I_R_I_X_/_C_M_W__6_._5_._1_5 +o #837494 - SAMP headers are left on UDP loopback packets The Trusted networking session manager has been fixed to properly handle samp data on udp packets. +o Various modifications required for Common Criteria Evaluation purposes. This includes additional audit record generation, and added DAC/MAC/CAP checks to some system calls. +o Common Criteria Evaluation work +o Various modifications required for Common Criteria Evaluation purposes. This includes additional audit record generation, and added DAC/MAC/CAP checks to some system calls. - 5 - 4.5 _T_r_u_s_t_e_d__I_R_I_X_/_C_M_W__6_._5_._1_4 +o #821789 _a_t_t_r_i_n_i_t(1M) now creates the minimum sized file attribute required for the file's MAC label rather than the maximum sized attribute regardless of what was actually required. This will improve the performance of CXFS filesystems under TRIX. +o #827051 Fixed regression in 6.5.12 which caused incorrect audit records to be generated. Now sat_fd_read and sat_fd_write audit records are generated everytime the system does a successful read or write respectively. +o #829333 /usr/lib/reject is now correctly set to type file in /etc/mac and is now labeled dblow. +o #833595 Line printer utilities now generate audit records for appropriate authentification failures. +o Common Criteria Evaluation work +o Various modifications required for Common Criteria Evaluation purposes. This includes additional audit record generation, and added DAC/MAC/CAP checks to some system calls. 4.6 _T_r_u_s_t_e_d__I_R_I_X_/_C_M_W__6_._5_._1_3 +o #638505 _u_s_r/_s_b_i_n/_s_n_0_l_o_g is now labeled dblow. +o #772060 _c_h_a_c_l(1) man page updated to document current limitations with ACLs over NFS. +o #791022 Fixed problem which caused NFS not to cache the extended attributes on some files. +o #796613 NLBS 2.0 files are now correctly labeled and given appropriate capabilities but a specific change to NLBS is still required for this to work correctly under Trusted IRIX. +o #804746 _i_o_c_t_l(_I__R_E_C_V_F_D) as described in _s_t_r_e_a_m_i_o(7) now correctly enforces MAC on the received file descriptor before granting access to the receiving process. +o #810049 Instructions on using _x_f_s_d_u_m_p(1M) and _x_f_s_r_e_s_t_o_r_e(1M) have been updated in the _T_r_u_s_t_e_d _I_R_I_X/_C_M_W _S_e_c_u_r_i_t_y _A_d_m_i_n_i_s_t_r_a_t_o_r'_s _G_u_i_d_e. - 6 - +o #812859 Ensure _m_a_c__f_r_o_m__t_e_x_t(3c) sets errno correctly in all error conditions. +o #814729 Increase capabilities required by _s_a_t_d(1) to ensure that the system is shutdown if there is no disk space for audit logs. +o #815303 _s_a_t__r_e_d_u_c_e(1M) and _s_a_t__i_n_t_e_r_p_r_e_t(1M) now correctly handle multiple input files. Note that these tools process input files in a single pass so the end time of the audit logs is unknown in the generated header. +o #816058 Various cluster daemons for CXFS are now correctly labeled and given appropriate capabilities. +o #818079 Prevent TRIX hosts from adding SAMP to broadcast packets since the receiving hosts may not be TRIX hosts. +o #819097 The /_e_t_c/_c_a_p_a_b_i_l_i_t_i_e_s entry for adm is now correct. +o #819501 Fix file discretionary access checks so that capabilities are only required for the relevant mode bits. Previously both CAP_DAC_WRITE and CAP_DAC_EXECUTE were required if the user did not have write or execute permissions on the file in some circumstances. +o #819774 Fixed bug in _r_m_d_i_r(2) which failed to release the lock on the parent directory if the MAC check failed. +o #820727 An empty but commented /_e_t_c/_i_o_s_e_c_u_r_i_t_y file is now installed by default. +o #820728,822282 Fixed instructions in the _T_r_u_s_t_e_d _I_R_I_X/_C_M_W _S_e_c_u_r_i_t_y _A_d_m_i_n_i_s_t_r_a_t_o_r'_s _G_u_i_d_e for creating a printer. +o #821425 _c_a_n_c_e_l(1) now applies MAC checks in all usage scenarios. +o #821552 Fixed parsing bug in _s_a_t__s_e_l_e_c_t(1) when reading event selections from files with the -_F option. +o #822428 Changed _s_a_t_m_p_d(1) to use _s_p_r_o_c_s_p(2) instead of _s_p_r_o_c(2) to avoid hangs when the default stack size is large. - 7 - +o #823295 _m_a_c_t_e_s_t(1) is now linked statically so that it runs correctly if /_u_s_r has not been mounted. +o The _T_r_u_s_t_e_d _I_R_I_X/_C_M_W _S_e_c_u_r_i_t_y _A_d_m_i_n_i_s_t_r_a_t_o_r'_s _G_u_i_d_e has been updated. The new version number is 007-3299-005. 4.7 _T_r_u_s_t_e_d__I_R_I_X_/_C_M_W__6_._5_._1_2 +o A series of improvements have been made to NFS under Trusted IRIX making it possible to mount local and remote IRIX and Trusted IRIX filesystems. These improvements included: +o #642730 ISO9660 CDs may now be mounted but there is a known problem which restricts the label to msenhigh/mintlow. +o #782776,799601 Added support for mounting /ns for _n_s_d(1M). +o #767350 Added support for _a_u_t_o_m_o_u_n_t(1M). +o #805247 Fixed regression in NFSv3 which caused setgid mode bits to be dropped. +o #807564 Fixed problem in TCP/IP stack which would cause _p_o_r_t_m_a_p(1M) to hang if packets were not labeled correctly. +o A series of improvements have been made to the system audit trail under IRIX and Trusted IRIX, including: +o #796464 Add and improve audit records for errors associated with _c_h_d_i_r(2) and _c_h_r_o_o_t(2) system calls. +o #803241 Improve audit records for _s_y_s_m_p(2) calls. +o #804046 Fixed buffer overflow in _s_a_t_v_w_r_i_t_e(2). +o #804681 Added support for pre-selection of audit events based on the subject's or object's uid, gid or MAC label. See _s_a_t__s_e_l_e_c_t(1) for more information. +o #806211 _m_a_c__s_e_t(2) now writes an audit record on failure. +o #685767 _s_c_h_e_d__r_r__g_e_t__i_n_t_e_r_v_a_l(2) may only access processes that are owned by the same user, or the user has CAP_SCHED_MGT. - 8 - +o #768567 _d_r_v__p_r_i_v(D3) now checks for CAP_DEVICE_MGT. +o #809646 Fixed the application of an ACL mask when a specific user is listed in the ACL. +o #809785 Fixed problem with unsorted ACLs when resolving permissions for the file owner. +o #809827 Improve support for failover under Trusted IRIX. +o #806643,810476,810993,812706 Fixed minor problems in _a_t_t_r(1), _a_c_l__g_e_t__f_i_l_e(3C), _a_c_l__f_r_o_m__t_e_x_t(3C), _d_o_m_i_n_a_n_c_e(5) man pages. +o #812532 Fixed _B_S_D_s_e_t_p_g_r_p(2) so that the process lock is removed in all error conditions. +o #815940 Fixed regression in _s_e_t_p_g_i_d(2) so that it correctly checks the session id. 4.8 _T_r_u_s_t_e_d__I_R_I_X_/_C_M_W__6_._5_._1_1 +o #785137 mac is now inforced in _p_s(1m) and other tools when accessing process information through /proc/pinfo. +o #434751, 577965 Fix MAC checking in _g_e_t_s_i_d(2), _g_e_t_p_g_i_d(2), _s_e_t_p_g_i_d(2) and _B_S_D_s_e_t_p_g_r_p(2) system calls. +o #585778 Added -s/-S options to _s_a_t__r_e_d_u_c_e(1M) to include/exclude a particular system call. +o #757523 Option added to satd to produce 4-digit years in the audit log file name. +o #757823 _s_a_t__r_e_d_u_c_e(1M) and _s_a_t__s_u_m_m_a_r_i_z_e(1M) now return consistent statistics for the number of audit records for a particular user. +o #762564 Label /tmp moldy immediately at startup on a Trusted IRIX/CMW system. +o #782679 _f_a_m(1M) now works in a Trusted IRIX/CMW environment. Other desktop applications, including the file browser, desktop icons etc. will also work on a Trusted IRIX/CMW workstation, however the desktop is still _c_h_k_c_o_n_f_i_g(1M) off by default under Trusted IRIX/CMW. See the release notes for more information. +o #784874 XFS now correctly handles files that are missing MAC labels. - 9 - +o #784989 _c_o_v_i_c_i(1M) command added to eoe.sw.rcs subsystem to support _c_o(1M), _v_i(1M) and _c_i(1M) in one operation for system database files. The _e_o_e._s_w._r_c_s subsystem should now be installed with Trusted IRIX/CMW. +o #785137 Permit current process to access own process image even if process has capabilities. +o #796340 Update _x_f_s_d_u_m_p(1M) and _x_f_s_r_e_s_t_o_r_e(1M) man pages on how to correctly backup and restore Trusted IRIX/CMW filesystems. +o #796465 Audit record for _c_h_d_i_r(2) to illegal directory now contains current working directory. +o #769620 Minor corrections to the _t_s_i_x(7), _s_a_m_p(7) and _s_a_t_m_p(7) man pages. +o #798638 _p_s(1) is no longer able to display information about processes at MAC labels beyond the user's clearance. +o #802398 _c_h_c_a_p(1) with the "-r" option will no longer cause a kernel panic. +o #802598 _n_e_w_g_r_p(1) now requires CAP_SETGID. +o #804542, 808478 Correct exit codes documented in man pages for _g_e_t_s_i_d(2), _g_e_t_p_g_i_d(2) and _s_y_s_g_e_t(2). +o #805587 Fixed IP labeling so that the correct rather than the last received label is applied to all outgoing packages. +o #806315 Fixed NFS to use correct IPSEC labels on incomming requests. +o #807889 Trusted IRIX/CMW print subsystem merged into the IRIX print subsystem. +o #808487 Trusted IRIX/CMW 4Dwm and desktop subsystems merged into the IRIX 4dwm and desktop subsystems. 4.9 _T_r_u_s_t_e_d__I_R_I_X_/_C_M_W__6_._5_._1_0 +o #686526,784800,789070,795261,797050,797051,798752,799366,801380 Significant fixes and improvements to RIPSO, CIPSO, SGIPSO and SAMP IP labeling to ensure that: - 10 - +o the correct IP headers are attached to outgoing packets +o incoming IP packet headers are correctly interpreted +o host and packet label caches are correctly maintained +o security policies regarding different labels are correctly enforced These changes permit CIPSO communication between TRIX and UNICOS/MLS hosts. Existing installations should review their _r_h_o_s_t(1m) configurations to ensure that the correct labels are used, especially the minimum and maximum label ranges which are now properly enforced. See _t_r_u_s_t_e_d__n_e_t_w_o_r_k_i_n_g(7m) and _r_h_o_s_t(1m) for more information. +o #402768 _e_n_a_b_l_e(1) documentation updated to reflect MAC restrictions under TRIX. +o #433074 _x_l_o_c_k(1) no longer attempts to move on top of the Trusted Path Window, permitting a password to be entered. +o #566995,786969 _a_t_t_r_i_n_i_t(1m) generates more intuitive messages in "verify" mode if a file has different settings to the tree and improved parsing of command line arguments. +o #624011,676330,679762,795656,781743,784098 Minor man page fixes and improvements to _c_h_a_c_l(1), _s_u(1), _s_a_t_d(1m), _s_a_t_m_p_d(1m), _m_a_c__c_l_e_a_r_e_d(3c), _c_a_p__f_r_o_m__t_e_x_t(3c) and _c_l_e_a_r_a_n_c_e(4). +o #637828 _X_S_e_t_W_i_n_d_o_w_B_a_c_k_g_r_o_u_n_d_P_i_x_m_a_p(3X11) no longer fails when the background pixmap set to "None". +o #672066 Option '-P' added to _p_s(1) to list process capability sets. +o #678018 Overwriting a file with capabilities will remove those capabilities, in the same way as setuid/setgid mode bits are removed from a file. - 11 - +o #680441 _r_t_m_o_n_d(1) is now installed dblow to permit _r_t_m_o_n_d(1) clients like _p_a_r(1) to run at dblow. +o #686622 "-R" and "-D" options added to _c_h_a_c_l(1) to remove ACLs and default ACLs from files and directories. +o #761496 _c_h_l_a_b_e_l(1) will now permit a file's MAC label to be changed in a moldy directory. +o #762564 /tmp is now created moldy before any other services are started. +o #763033 ACL masks are now correctly applied when creating directories. +o #772056,787308 Documentation on using NFS under TRIX improved in _f_s_t_a_b(4) and _m_o_u_n_t(1m) man pages. +o #782661 Improved configuration of some _i_n_e_t_d(1m) based services, including support for _f_i_n_g_e_r_d(1m), _t_f_t_p_d(1m) and _v_i_d_e_o_d(1m) and the disabling of _d_h_c_p__b_o_o_t_p(1m), _c_v_p_c_s_d(1m) and _e_s_p(1) which are not supported under TRIX. +o #788211 _t_a_r(1) now correctly archives and restores MAC labels, ACLs and file capabilities when used with the "-M" option. Associated man pages now correctly document backup tools that operate in a TRIX environment. +o #784598 _m_e_d_i_a_d(1m) is now started with enough privileges to mount CD-ROMs. +o #786266,786972 Improved _r_s_h_d(1m) behavior and documentation under TRIX when logging in at a different label to the users' default label. +o #796238 CAP_FLAG_PURE_RECALC is now correctly inherited by child processes. +o #797404 Improved _f_t_p_d(1m) handling of MAC labels. +o #799008 _m_a_c_t_e_s_t(1m) is now installed dblow. 4.10 _T_r_u_s_t_e_d__I_R_I_X_/_C_M_W__6_._5_._9 +o #283130 The audit file structure is now defined in _s_a_t_d(4). - 12 - +o #586140 _s_a_t_d(1) can now be configured to write logs larger than 4MBs. +o #635043 _v_i(1) and _e_x(1) have been added to the Trusted Computing Base and labeled dblow. +o #647108 _g_s_c_a_n(1) acts as if _SCNOSENDFD variable is set when running under TRIX. +o #683130 System V Accounting (see _a_c_c_t(1)) has been modified so that it now works in a TRIX environment. +o #787054 TRIX X11 server merged with IRIX X11 server so that separate TRIX _x__e_o_e images are no longer required. +o #751475 4Dwm has been fixed to prevent the Trusted Path window from being hidden (moved off the screen) when using overview (see _o_v(1)). +o #769840 _a_u_d_i_o_p_a_n_e_l(1) now works under TRIX when logging in at a label other than dblow. +o #775904 Fixed problem in rhost(1) which would cause it to seg fault if a comment in the configuration file was preceeded by whitespace. +o #781243,793710 _l_o_g_i_n(1) will no longer permit users to change label on a psuedo-terminal (ie from a shell). Users may still login at any label in their clearance from a serial console. +o #784644 Fixed problem in _i_n_e_t_d(1) which caused inetd to reject all future telnet connections after a telnet connection failed. +o #785831,790377 Fixed problem with generating CIPSO Type 1 Tags which would cause some network connections to fail. +o #786052,768053,786168,786170 Minor fixes to the _T_r_u_s_t_e_d _I_R_I_X/_C_M_W _S_e_c_u_r_i_t_y _A_d_m_i_n_i_s_t_r_a_t_o_r'_s _G_u_i_d_e and _T_r_u_s_t_e_d _I_R_I_X/_C_M_W _S_e_c_u_r_i_t_y _F_e_a_t_u_r_e_s _U_s_e_r'_s _G_u_i_d_e which have been included in versions 007-3299-004 and 007-3300-003 respectively. +o #790239 Several TRIX configurations files are now installed as suggestions for users to integrate by hand. Previously they would not be installed if they had been customized. These files include: /etc/irix.mac, /etc/irix.cap, /etc/trix.config and /etc/CMWdevice.conf. - 13 - 4.11 _T_r_u_s_t_e_d__I_R_I_X_/_C_M_W__6_._5_._8 +o #409069 _r_f_i_n_d_d(1M) is now unconfigured on Trix. +o #433485 Man page for nfs_getfh. +o #436025 Man page for sigreturn. +o #486243 _m_a_c_t_e_s_t(1) command has been added which supports Mandatory Access Control label comparisons between files and the running process, much like the _t_e_s_t(1) command. +o #558339 /etc/init.d/chkdev now uses attrinit to label devices. +o #581407 _s_h_u_t_d_o_w_n(1M) man pages updated regarding capability requirements. +o #676170 Cron files are correctly installed into a multi-level directory. +o #695736 Significant update to man pages for t6 procedural interface. +o #775751 tsix man pages updated in regards to freeing the mac_t structure. +o #775903 rhost man page is now installed. +o #781244 Killing 4Dwm window manager will cause the user to be logged out, ensuring the security of the window environment. +o The _T_r_u_s_t_e_d _I_R_I_X/_C_M_W _S_e_c_u_r_i_t_y _A_d_m_i_n_i_s_t_r_a_t_o_r'_s _G_u_i_d_e and _T_r_u_s_t_e_d _I_R_I_X/_C_M_W _S_e_c_u_r_i_t_y _F_e_a_t_u_r_e_s _U_s_e_r'_s _G_u_i_d_e have been updated. The new version numbers are 007-3299-004 and 007-3300-003 respectively.