Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!utgpu!water!watmath!clyde!cbosgd!ucbvax!CS.UTAH.EDU!cetron%ced From: cetron%ced@CS.UTAH.EDU.UUCP Newsgroups: comp.os.vms Subject: Re: security patch Message-ID: <8706080522.AA04115@utah-ced.ARPA> Date: Mon, 8-Jun-87 01:22:00 EDT Article-I.D.: utah-ced.8706080522.AA04115 Posted: Mon Jun 8 01:22:00 1987 Date-Received: Tue, 9-Jun-87 04:45:52 EDT Sender: daemon@ucbvax.BERKELEY.EDU Distribution: world Organization: The ARPA Internet Lines: 158 Digital TSC has indicated that the security patch should be disseminated as widely as possible so here it is. As usual, neither I nor the CED nor the Univ of Utah take any responsibility for the patch after the network mail systems do their damndest.... as well as all the rest of the standard disclaimers... this patch was correct, and worked, and passed the checksum before i mailed it. -ed The command file below is the patch for the security problem discussed at DECUS. You must be running VMS V4.5. Instructions for applying it are: 1) Place in file SYS$COMMON:[SYSUPD]SECURESHR.PAT as is. If you edit it, it will not pass checksum checks. 2) Execute @SYS$COMMON:[SYSUPD]SECURESHR.PAT. 3) Either re-boot OR as I did, run SYS$SYSTEM:INSTALL and REPLACE SYS$SHARE:SECURESHR.EXE. This is the image that is patched. $ CHECKSUM SECURESHR.PAT $ X='CHECKSUM$CHECKSUM' $ IF X.NE.%X652628B1 THEN GOTO IC ! 652628B1 $ ON WARNING THEN EXIT $ SET DEFAULT SYS$COMMON:[SYSUPD] $ COPY SYS$COMMON:[SYSLIB]SECURESHR.EXE SECURESHR.EXE $ PATCH/JOURNAL=SECURESHR/OUTPUT=SECURESHR SECURESHR ! ECO05 LMPxxxx 23-Jan-1987 ! MODULE: SYSUAISRV ! Additional tweaks to ECO04. ! ! ECO04 LMP0429 14-Jan-1987 ! MODULE: SYSUAISRV ! Minor tweaks to ECO03. Also, tweaks to GRPPRV handling. ! ! ECO03 LMP0424 16-Dec-1986 ! MODULE: SYSUAISRV ! Properly handle the context field. DEFINE GETUAI=7C40 DEFINE SETUAI=7C40+37C SET ECO 03 REP/INS GETUAI+1B3 ' BLSSU GETUAI+212' EXIT ' BRB GETUAI+212' EXIT REP/INS SETUAI+1BD ' BLSSU SETUAI+21D' EXIT ' BRB SETUAI+21D' EXIT UPDATE SET ECO 04 REP/INS GETUAI+86 ' BLSSU GETUAI+99' EXIT ' BRB GETUAI+99' EXIT REP/INS SETUAI+81 ' BLSSU SETUAI+96' EXIT ' BRB SETUAI+96' EXIT REP/INS GETUAI+295 ' BBS #2,B^0D4(FP),GETUAI+2C2' EXIT ' BBC #2,B^0D4(FP),GETUAI+2A5' EXIT REP/INS SETUAI+2DC ' BBS #2,B^0D4(FP),SETUAI+303' EXIT ' BBC #2,B^0D4(FP),SETUAI+2ED' EXIT UPDATE SET ECO 05 REP/INS SETUAI+314 ' MOVL #24,R0' ' RET' EXIT ' MOVL #24,(SP)' ' BRW SETUAI+50B' EXIT REP/INS SETUAI+329 ' MOVZWL #291C,R0' ' RET' EXIT ' MOVZWL #291C,(SP)' ' BRW SETUAI+50B' EXIT REP/INS SETUAI+386 ' MOVL #14,R0' ' RET' EXIT ' MOVL #14,(SP)' ' BRW SETUAI+50B' EXIT REP/INS SETUAI+3A0 ' MOVZWL #290C,R0' ' RET' EXIT ' MOVZWL #290C,(SP)' ' BRW SETUAI+50B' EXIT REP/INS SETUAI+3AA ' MOVZWL #2914,R0' ' RET' EXIT ' MOVZWL #2914,(SP)' ' BRW SETUAI+50B' EXIT REP/INS SETUAI+471 ' MOVZWL #28E4,R0' ' RET' EXIT ' MOVZWL #28E4,(SP)' ' BRW SETUAI+50B' EXIT REP/INS SETUAI+4D3 ' MOVL #0C,R0' ' RET' EXIT ' MOVL #0C,(SP)' ' BRW SETUAI+50B' EXIT UPDATE EXIT $ COPY SECURESHR.EXE SYS$COMMON:[SYSLIB]SECURESHR.EXE $ DELETE SECURESHR.EXE.* $ EXIT $ IC:WRITE SYS$OUTPUT "INCORRECT CHECKSUM; VERIFY CONTENTS OF FILE" $ EXIT good luck, -ed