File: [local] / www / errata.html (download) (as text)
Revision 1.72, Thu Feb 19 10:42:30 1998 UTC (26 years, 3 months ago) by deraadt
Branch: MAIN
Changes since 1.71: +75 -34 lines
document all 3 security problems, plus make it really pretty
|
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML Strict//EN">
<html>
<head>
<title>OpenBSD release errata</title>
<link rev=made href=mailto:www@openbsd.org>
<meta name="resource-type" content="document">
<meta name="description" content="the OpenBSD CD errata page">
<meta name="keywords" content="openbsd,cd,errata">
<meta name="distribution" content="global">
<meta name="copyright" content="This document copyright 1997 by OpenBSD.">
</head>
<BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#23238E">
<img alt="[OpenBSD]" SRC="images/smalltitle.gif">
<h2><font color=#0000e0>
This is the OpenBSD 2.2 release errata & patch list:
</font></h2>
<ul>
<a name=all></a>
<li><h3><font color=#e00000>All architectures</font></h3>
<ul>
<a name=sourceroute></a>
<li><strong><font color=#009000>SECURITY FIX</strong></font><br>
If the sysctl variable <strong>net.inet.ip.forwarding</strong> is
enabled (value 1), but the variable <strong>net.inet.ip.sourceroute</strong>
is disabled (value 0), the kernel will still accept source routing packets
itself. Our fix changes the <strong>net.inet.ip.sourceroute</strong>
variable to mean that all block all source routed packets should be
blocked completely.
<a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.2/common/sourceroute.patch>
A kernel patch is provided</a>.
<p>
<a name=ruserok></a>
<li><font color=#009000><strong>SECURITY FIX</strong></font><br>
A combination localhost+remote host security problem exists if a
local user running a setuid binary causes a non-existant root .rhosts
file to be created via a symbolic link with a specific kind of corefile,
and then subsequently uses rsh/rlogin to enter the machine from remote.
A similar exploit might also be possible using sshd which lacks any code
for checking for deviations from the expected format in the .rhosts or
.shosts files, but we have not confirmed this yet. The following two
fixes are recommended:
<p>
<ul>
<li>
<a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.2/common/nosuidcoredump.patch>
(1) A kernel patch which adds a new sysctl option which permits the
administrator to decide whether setuid corefiles should be written or not</a>.
<p>
<li><a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.2/common/rcmd.patch>
(2) Replaces the ruserok() function in libc with a much more paranoid
version which can detect these bogus looking .rhosts files better. If the
previous patch is used to stop setuid coredumps, then this patch is not
as important</a>.
</ul>
<p>
This problem is fixed much better in OpenBSD-current, where the kernel's
symbolic link handling has been improved such that coredumping will not
create a file on the other side of a symbolic link. Such a patch is not
possible for the 4.4lite1 VFS layer in the OpenBSD 2.2 kernel.
<p>
<a name=mmap></a>
<li><strong><font color=#009000>SECURITY FIX</strong></font><br>
If you rely on the system securelevels as described in init(8), you
will want this fix. A bug in the vm system permits a file descriptor
opened read-only on a device, to later on be mmap(2)'d read-write, and
then modified. This does not result in a security hole by itself, but
it does violate the safety semantics which securelevels are supposed to
provide.
<a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.2/common/vm_mmap.patch>
A kernel patch is available which corrects this behaviour</a>.
<p>
<li><font color=#009000><strong>BUILD PROCESS FIX</strong></font><br>
Building an object tree from a read-only source tree (such as off a CDROM)
may fail under certain circumstances (e.g. when creating a symlink on sparc
whose target name is exactly 33 characters). As a workaround you have to
either provide the source tree read/write, or install a newer version of
/usr/bin/readlink.
<a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.2/common/readlink.c>
A replacement source file exists</a>.
<p>
</ul>
<a name=i386></a>
<li><h3><font color=#e00000>i386</font></h3>
<ul>
<li><font color=#009000><strong>RELIABILITY FIX</strong></font><br>
The Intel P5 F00F bug was discovered after the CDR's had already been
sent to the manufacturer. This problem permits any user who has an account
to lock your machine up using a 4-line program. The problem only affects
Intel P5 processors (the i386, i486, P-Pro, and P-II are not vulnerable,
nor are processors by other manufacturers).
<a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.2/i386/f00f.patch>
A kernel source-code patch is available</a>.
<p>
<li><font color=#009000><strong>FUNCTIONALITY FIX</strong></font><br>
Some Linux binaries will execute in SVR4 emulation mode, which is
definately a problem for people who need Linux emulation to work correctly.
To solve this mis-identification problem,
<a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.2/i386/compat_linux.patch>
a patch file is provided</a>.
<p>
<li><font color=#009000><strong>RELIABILITY FIX</strong></font><br>
APM can crash on machines without it.
<a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.2/i386/apm.patch>
A kernel source-code patch is available</a>.
<p>
<li><font color=#009000><strong>INSTALLATION PROCESS FLAW</strong></font><br>
A few people are running into this problem, particularily if they had some
other *BSD operating system on their machine before trying OpenBSD: if after
installation onto an IDE-based machine, the kernel fails to mount the root
partition because it thinks that it should be opening sd0 (0x400), this means
you have incorrectly setup your disklabel for the IDE drive -- the disklabel
is indicating that the drive is SCSI.
To repair this, use the floppy to run "disklabel -E wd0", then using the
"edit" command ensure the type field is set to "ST506".
<p>
</ul>
<a name=mac68k></a>
<li><h3><font color=#e00000>mac68k</font></h3>
<ul>
<li><font color=#009000><strong>NEW SOFTWARE</strong></font><br>
Unfortunately, X11 binaries for the mac68k did not manage to make it onto the
CDROM. However, X11 for the mac68k is immediately available from
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/2.2/mac68k/X11/X11R6.tar.gz">
ftp://ftp.OpenBSD.org/pub/OpenBSD/2.2/mac68k/X11/X11R6.tar.gz</a>. Please
be sure to read the <a href="ftp://ftp.openbsd.org/pub/OpenBSD/2.2/mac68k/X11/README.X11">README file</a> also in that directory for instructions on installing
and setting up X.
<p>
<li><font color=#009000><strong>INSTALLATION PROCESS FLAW</strong></font><br>
As shipped on the CDROM, both the
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/2.2/mac68k/bsd-generic.tar.gz">
generic kernel</a>
and the
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/2.2/bsd-genericbsc.tar.gz">
genericsbc kernel</a>
extract themselves into the wrong place in the filesystem.
Both <strong>should</strong> extract a kernel named <tt>/bsd</tt>, but they extract
the kernel into <tt>/usr/src/sys/arch/mac68k/compile</tt> instead.
<p>
This has been fixed on the ftp release of <a href=22.html>OpenbSD 2.2</a>, and
fresh kernels are available from <a href="ftp://ftp.openbsd.org/pub/OpenBSD/2.2/mac68k">
ftp://ftp.OpenBSD.ORG/pub/OpenBSD/2.2/mac68k/</a>. If at all possible,
installing these kernels is recommended.
<p>
A number of possible workarounds exist if you don't have easy access to ftp
the updated kernels. The simplest of these is to use a
MacOS program to uncompress and untar the kernel aad use the Installer's
mini-shell to "cpin" the kernel. Alternately, you could install the kernel
with the Installer and use the mini-shell to move the binary from <tt>/usr/src/...</tt> to <tt>/bsd</tt>.
<p>
</ul>
<a name=sparc></a>
<li><h3><font color=#e00000>sparc</font></h3>
<ul>
<li><font color=#009000><strong>RELIABILITY FIX</strong></font><br>
Older 4/xxx systems (particularily the 4/300's) cannot boot
with the 2.2 kernel due to bugs in the scsi device driver.
<a href=ftp://ftp.OpenBSD.org/pub/OpenBSD/patches/2.2/sparc/esp.patch>
A kernel source patch is available</a>.
Replacement kernels are available for:
<a href=ftp://ftp.OpenBSD.org/pub/OpenBSD/patches/2.2/sparc/bsd>bsd</a>,
<a href=ftp://ftp.OpenBSD.org/pub/OpenBSD/patches/2.2/sparc/bsd.scsi3>bsd.scsi3</a>,
and a replacement for bsd.rd is coming soon.
<p>
<a name=sparciommu></a>
<li><font color=#009000><strong>RELIABILITY FIX</strong></font><br>
SPARCstation 4 and 5 (Microsparc 2) users may see kernel panics when
using a custom kernel configured for option sun4m only.
<a href=ftp://ftp.OpenBSD.org/pub/OpenBSD/patches/2.2/sparc/sun4m.patch>
A workaround (kernel source patch) is available</a>. Apply the patch and
then re-build your kernel.
<p>
</ul>
<li><h3><font color=#e00000>amiga</font></h3>
<p>
<ul>
<li><font color=#009000><strong>FUNCTIONALITY FIX</strong></font><br>
Missing Xamiga manual pages. Get
<a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.2/amiga/Xamiga-manual.tgz>
this package</a> and execute, <i>as root</i>:<br>
<pre><b># </b>pkg_add Xamiga-manual.tgz</pre>
The MD5 checksum of this package is:<br>
<b>MD5 (Xamiga-manual.tgz) = 2362a7857264b9d17f65cca258b42031</b><p>
<li><font color=#009000><strong>FUNCTIONALITY FIX</strong></font><br>
The Ariadne ethernet support was broken, there will be both binary and
source level fixes available shortly. If you are in a hurry mail
<a href=mailto:niklas@openbsd.org>Niklas</a> for a test kernel.<p>
</ul>
<a name=pmax></a>
<li><h3><font color=#e00000>pmax</font></h3>
<ul>
<li><font color=#009000><strong>FUNCTIONALITY FIX</strong></font><br>
There is a Year-1998 problem in the time-setting code (which causes the
date and time to be set incorrectly after a reboot in 1998).
<a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.2/pmax/clock.patch>
A source code patch file is available</a> plus replacement installation
kernels for the 2.2 release at
<a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.2/pmax/bsd.NFS>bsd.NFS</a>,
<a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.2/pmax/bsd>bsd</a>,
<a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.2/pmax/bsd.rz0>bsd.rz0</a>.
<p>
<li><font color=#009000><strong>FUNCTIONALITY FIX</strong></font><br>
X11 support for the 3min and 3maxplus machines was broken
due to a kernel bug.
<a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.2/pmax/fb.patch>
A source code patch is available</a>.
<p>
<li><font color=#009000><strong>SECURITY FIX</strong></font><br>
A security problem in the shared library linker <strong>ld.so</strong> requires that
you replace it with a new binary.
<a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.2//pmax/ld.so>
The replacement binary is here</a>.
<p>
</ul>
<a name=arc></a>
<li><h3><font color=#e00000>arc</font></h3>
<ul>
<li><font color=#009000><strong>SECURITY FIX</strong></font><br>
A security problem in the shared library linker <strong>ld.so</strong> requires
that you replace it with a new binary.
<a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.2//pmax/ld.so>
The replacement binary is here</a>.
<p>
</ul>
<li><h3><font color=#e00000>alpha</font></h3>
<p>
<ul>
<li>No problems identified yet.
<p>
</ul>
<li><h3><font color=#e00000>hp300</font></h3>
<p>
<ul>
<li>No problems identified yet.
<p>
</ul>
<li><h3><font color=#e00000>mvme68k</font></h3>
<ul>
<li>No problems identified yet.
<p>
</ul>
</ul>
<br>
<hr>
<h2><font color=#0000e0>
This is the OpenBSD 2.1 release errata & patch list:
</font></h3></h2>
<br>
<ul>
<li><h3><font color=#e00000>All architectures</font></h3>
<ul>
<li>One of the install scripts has a flaw that makes the CD-ROM mount fail
when using the CD-ROM as the install source media.
To workaround this use the following sequence of commands before
starting the install script. This must be done each time the install
kernel is booted if the install script is to be run and the CD-ROM
is the media to install from. Do the following at the shell prompt:
<pre><b>#</b> ed install.sub
/{_filesystem/s//{_fstype/
wq
<b>#</b>
</pre>
For architectures where the install scripts start automatically
(like amiga), you need to abort it at the (I)nstall or (U)pdate
prompt by pressing Ctrl-C before doing the above command. After
that you can restart the install by:
<pre><b>#</b> install
</pre>
</ul>
<br>
<li><h3><font color=#e00000>Alpha</font></h3>
<ul>
<li>CD2 does not boot on the alpha, as had been planned. Instead, you
must use the floppy install method. This is not significantly
harder..
</ul>
<br>
<li><h3><font color=#e00000>i386</font></h3>
<ul>
<li>Some rarer PC BIOS's do not like the hardrive bootblocks when used
as a MBR. The symptom is that the BIOS says "READ ERROR" when booting,
but everything suggests it should work fine. In those cases, it is
sufficient to install OS-BS or some other primary bootloader as the main
MBR, then install OpenBSD in a partition all by itself starting at a
non-zero offset. For instance, start OpenBSD at next track boundary or so.
<li>The i386/X11/SUMS.md5 file contains 4 incorrect MD5 checksums.
These have been corrected on the ftp mirrors. The correct lines are:<br>
MD5 (X33doc.tgz) = 6aa0be7987f9a3cf32a63b5ea9a83b39<br>
MD5 (X33html.tgz) = 6ba39d41aef7c75c35a0533275c6f8c0<br>
MD5 (X33ps.tgz) = ea49fc1b12c17fc16ece7d0e4ad4ee06<br>
MD5 (RELNOTES) = 689fda20596a4eb82f86ded51efb01f4<br>
<li>A lot of people with IDE disk drives fail to read the
INSTALL.i386 document, and hence end up with geometry translation
problems. Read the document, please.
</ul>
<br>
<li><h3><font color=#e00000>Amiga</font></h3>
<ul>
<li>The amiga install has a flaw wrt Tseng based graphic cards: when entering
multiuser mode the console won't get a login prompt. This is due to
a problem in the shipped /dev/MAKEDEV script. To fix, enter single
user mode and do:
<pre><b>#</b> cd /dev
<b>#</b> sh MAKEDEV ttye6
</pre>
</ul>
<li><h3><font color=#e00000>Sparc</font></h3>
<ul>
<li>The sparc X11R6.3 xdm-config files reference /usr/X11R6.3/... This is
due to X11R6.3's default config file contents. To fix, su and
type:
<pre><b>#</b> cd /usr
<b>#</b> ln -s X11R6 X11R6.3
</pre>
<li>The sparc "single floppy install disk" has a problem when you specify
"dumb" in response to the terminal type query. As a work-around
first specify an invalid terminal such as "bogus" and when prompted
again for a terminal type, enter "dumb" and it will work correctly.
<li>When netbooting an older sparc system such as a Sun4 or Sun4c, the boot
may hang up at the end of the tftp transfer of the bootstrap due
to the tftp transfer working in 512-byte blocks. If this occurs
create a "padded" version of the bootstrap (boot or zboot) as follows:
<pre><b>#</b> cd /tftpboot
<b>#</b> dd if=boot of=newboot obs=512 conv=osync
<b>#</b> mv newboot boot
</pre>
<li>The sparc install script has two flaws that make the kernel copy
and the bootblock install fail. The kernel copy only fails
then installing from CD-ROM. To workaround this use the
following sequence of commands before starting the install
script. This must be done each time the install kernel is
booted if the install script is to be run and the CD-ROM is
the media to install from. Do the following at the shell
prompt:
if you install from CD-ROM do the following:
<pre><b>#</b> ed install.md
/\/bsd/s//\/mnt2\/2.1\/sparc\/bsd/
wq
<b>#</b>
</pre>
... or if you plan to use the bsd.scsi3 kernel you should use instead:
<pre><b>#</b> ed install.md
/\/bsd/s//\/mnt2\/2.1\/sparc\/bsd.scsi3/
wq
<b>#</b>
</pre>
The following one you'll have to do always (not only then
installing from from CD-ROM)
<pre><b>#</b> ed /usr/mdec/binstall
/getopt/,/getopt/+4d
wq
<b>#</b>
</pre>
</ul>
<li><h3><font color=#e00000>Pmax</font></h3>
<ul>
<li> When using the X11R6 binaries from the 2.1 release you will get
errors like:
<pre><b>#</b> mkfontdir
mkfontdir: undefined symbol: 'astpending' 12
Segmentation fault (core dumped)
</pre>
this is due to a little problem affecting the compatibility between
the OpenBSD/arc port (on which the X11R6 clients were build) and
OpenBSD/pmax. You can work around this problem by using the arc
version of the shared libc instead of the pmax one. You may get a copy
of the OpenBSD/arc 2.1 libc.so.16.1 from <a
href=ftp://miranda.rz-berlin.mpg.de/pub/OpenBSD/pmax/fixes/libc.so.16.1>
here </a>. Simply download it and do the following:
<pre><b>#</b> cd /usr/lib
<b>#</b> mv libc.so.16.1 original_libc.so.16.1
<b>#</b> cp /where_you_have_downloaded_it_to/libc.so.16.1 .
<b>#</b> chown root.bin libc.so.16.1
<b>#</b> chmod 444 libc.so.16.1
</pre>
Please be careful while doing this - because the libc is a very
sensitive part of the system. You can remove the original_libc.so.16.1
after the next reboot if everything is working fine.
</ul>
<p>
<li><h3><font color=#e00000>Mac68k</font></h3>
<ul>
<li>The installer generates incorrect /etc/fstab files causing messages such as "file system read-only" on bootup.
To correct, boot to single-user mode (by clicking that checkbox in the Booter's Booting:Options dialog) and do the following:
<pre>
<b>#</b> mount /dev/sd0a /
<b>#</b> ed /etc/fstab
1,$s/ ufs / ffs /
1,$s/ ro / rw /
w
q
</pre>
Alternately, simply invoke vi or another editor and change the root filesystem
to be of type ffs rather than ufs and be rw (read-write) rather than ro
(read-only). In either case, you'll need to reboot the system afterwards.
Make this correction as soon as possible after installing the system.
The installer should not have specified the filesystem as the old
"ufs" type; the "ffs" type is more correct.
<li>The installer forgets to install the kernel onto the filesystem.
This is because the installer expects all packages including the kernel to
be tar'ed and gzip'ed. The kernel was not shipped that way. Therefore, you
must make this correction <em>before attempting to boot the system</em>.
To correct, use the Installer mini-shell and do the following:
<pre>
> cpin :[internal-macos-path]:bsd-generic bsd
</pre>
This should place the kernel as /bsd on the filesystem. You should
replace the above string with the colon-delimited path from your desktop to
wherever you have placed the kernel. If possible, it is easiest to drag the
kernel into the same folder as the Installer, so you can simply issue a
command without leading colon(s) like:
<pre>
> cpin bsd-generic bsd
</pre>
Good luck.
</ul>
</ul>
<hr>
<a href=orders.html><img src=back.gif border=0 alt=OpenBSD></a>
<a href=mailto:www@openbsd.org>www@openbsd.org</a>
<br><small>$OpenBSD: errata.html,v 1.72 1998/02/19 10:42:30 deraadt Exp $</small>
</body>
</html>
![[BACK]](/icons/back.gif){kind=icon}
Return to errata.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www