Which patch patches which Object ? Which package ? Security and other stuff

Here's some interesting tricks-of-the-trade and security related resources which I saw in a couple of email threads last week, which you may find useful:

What patches patch a specific object ?

We'll soon be enhancing the PatchFinder tool further to enable you to search for patches which patch a specified object.  So, if you're experiencing a problem with an object, you'll be able to see what patches exist for that object and look at the Bug fix synopses to see if any look like the issue you are experiencing.

But what patches on an installed system patch a specific object ?

The question which sparked the thread was: "What's the easiest way to determine what patch a binary (e.g. mpt(7D) driver) is tied to on a system?"

Option 1:  What patches installed on the system patch a specific object (e.g. /kernel/drv/mpt) ?

# cd /var/sadm/patch

# for x in `ls -rt` ; do grep "^/kernel/drv/mpt *$" $x/README.$x > /dev/null && echo $x; done

118855-36

127128-11

137138-09

139556-08

141445-09

Option 2: What patches installed on the system patch a specific object (e.g. /kernel/drv/sparcv9/mpt) ?  (This output is from a different system at a different patch level to the previous example.)

# /usr/ccs/bin/mcs  -p /kernel/drv/sparcv9/mpt
/kernel/drv/sparcv9/mpt:

@(#)SunOS 5.10 Generic 143128-01 Nov 2009

Option 3: What patches installed on the system patch a specific object (e.g. /usr/bin/ls) ?  (See Sun Blueprint on the SunSolve fingerprint DB: http://www.sun.com/blueprints/0306/816-1148.pdf )

# digest -a md5 /usr/bin/ls
6f20408d15ddfce2261436a27e33c0bd
#
and from http://sunsolve.sun.com/fileFingerprints.do
{
Results of Last Search

6f20408d15ddfce2261436a27e33c0bd - - 1 match(es)

        * canonical-path: /usr/bin/ls
        * package: SUNWcsu
        * version: 11.10.0,REV=2005.01.21.15.53
        * architecture: sparc
        * source: Solaris 10/SPARC
        * patch: 138377-01
}

Security Resources

Here are some excellent resources from Sun Distinguished Engineer, Glenn Brunette:

Everything you ever wanted to know about Solaris security...
http://mediacast.sun.com/users/gbrunette/media/s10-security-dive-20091021.pdf/details

The Solaris Package Companion is a small Korn shell script that allows you to ask quite a number of interesting questions about the relationships between Solaris metaclusters, clusters and packages as well as their respective dependencies.  Useful for system hardening, etc.: http://hub.opensolaris.org/bin/view/Project+svr4_packaging/package_companion

A Sun Blueprint on the SunSolve fingerprint DB: http://www.sun.com/blueprints/0306/816-1148.pdf

Enjoy!

Posted on: Nov 16, 2009

Posted by: Gerry Haskins

Category: Sun

Tags:

Permanent link to this entry

Comments:

I normally use something like the following for compiled objects. Some really old code generates lots of extra lines, but normally the patch level is included.

$ /usr/ccs/bin/what /usr/lib/libsldap.so.1
/usr/lib/libsldap.so.1:
SunOS 5.10 Generic 141030-04 Aug 2009

Posted by Mike Gerdts on November 16, 2009 at 11:16 PM GMT #

Post a Comment:
  • HTML Syntax: NOT allowed

This blog copyright 2010 by Gerry Haskins