Nabble - Security - Sun

Replicating the Gonzalez Cyber Attacks through Penetration Testing

2009-11-20T16:07:11Z

--------------------------------------------------------------------------------
YOU'RE INVITED: IT SECURITY ON DEMAND WEBCAST

"Replicating the Gonzalez Cyber Attacks through Penetration Testing"
Register: http://www.coresecurity.com/Form/generic/campaign/SecurityFocusGonzalez
---------------------------------------------------------------------------------

Recently, we saw the indictment of cybercrime kingpin Albert Gonzalez, one of the accused masterminds behind high-profile data breaches at Heartland Payment Systems, Hannaford Bros. Supermarkets, 7-Eleven, and TJX. Next week, Core Security Technologies will present a hands-on look at the attacks Gonzalez and his co-conspirators are believed to have used in breaching these organizations.

Leveraging the actual indictment document as a guide, Core Security senior product manager Alex Horan will use CORE IMPACT Pro penetration testing software to demonstrate the techniques by which Gonzales allegedly stole millions of credit card numbers* - showing you how to identify IT exposures in your own environment before cybercriminals do.

> Register here: http://www.coresecurity.com/Form/generic/campaign/SecurityFocusGonzalez

During the webcast, you'll see a step-by-step depiction of an attack similar to that described in the Gonzalez indictment, including the following critical stages:

* the initial web application compromise via SQL Injection
* the use of a well-known backend database command to make the attacks even
* more invasive
* the planting of malware on the backend database server
* the collection and transmission of credit card transactions to the
* attackers

Through the demonstration, you'll also learn how commercial-grade penetration testing software enables you to see your IT systems as an attacker would -- not only by determining if the kinds of issues that Gonzalez reportedly leveraged are present in your environment, but also by ...

* assessing how deployed defenses react to specific threats
* revealing what systems and data would be exposed by a breach
* depicting how chains of vulnerabilities open paths to mission-critical
* systems and information
* providing actionable data for immediately mitigating critical exposures
* repeating tests to ensure the effectiveness of remediation efforts

This webcast is ideal for anyone interested in proactively assessing their security posture against real-world cyber threats.

> Register here: http://www.coresecurity.com/Form/generic/campaign/SecurityFocusGonzalez

Re: LDAP in Unix

2007-12-14T00:08:01Z

Hi,
We conduct regular courses on Sun Solaris for system administarators at Dubai and Bangalore,India.If you are interested,please revert back.
Regards,
Sreekumar.

dubaisans dubai wrote:

I have 100 + unix servers primarily Linux and solaris.

I am new to LDAP.

I would like to use Sun ONE Directory server and centralise the user

creation. Once I have LDAP based Directory server is the following true?

1. Whenever a new user has to be created I will create on the SunOne

server and say it is valid only on this host(s).There is no need to
create the user at the host

2. There is no /etc/passwd and /etc/shadow files on the individual hosts

anymore or they are not of any importance. All the passwords are

stored only in the Directory server.

3. As a later stage I would like to give RSA securID authentication to
selected set of high privilege users.

Is LDAP and Sun one the right direction?

Re: Solaris 2.7 Daylight saving time fix.

2007-09-29T22:26:53Z

Do you know AyRecovery?it is a very good software which can fix system files missing, BSOD and so on in seconds.

Remove unwanted software, spyware, ad ware, spam software completely,you can choice the new software AyRecovery. www.ayrecovery.com

Larry Cashdollar wrote:

Hi,
I am working on getting Solaris 2.7 compliant with the new DST changes for March 2007. I downloaded the latest updates from:

wget ftp://elsie.nci.nih.gov/pub/tz*.tar.gz

Ran zic on northamerica
Then tested with a zdump:

zdump -v EST5EDT |grep 2007

which still reported April when the DST would occur. What am I missing? this worked for linux.

Re: SSHD with Secured authentication, using RSA PAM client

2007-09-29T22:25:44Z

AyRecovery provides the protection without the need for backups or carrying duplicate images of hard drives.
AyRecovery allows users to create a “snapshot” of the entire system and data at a specific time.
Technically speaking, a snapshot is a map of the hard disk sectors and the map’s indexing system.
Practically speaking, a snapshot is a “picture” of the system and data at a specific time.
Users can select a specific snapshot to recover files from or restore the entire system to.

Check Point SmartCenter in Non-Global Zone

2007-08-30T13:16:14Z

I would like to get a Check Point SmartCenter (the management
server, not the firewall itself) software running in a non-
global zone on Solaris 10. You would think this is not too
hard. But it appears the Check Point licensing checks are once
again making the paying customers' lives difficult. The
SmartCenter keeps insisting that there is no valid license.
It thinks the IP address on the zone does not match the IP
address on the license. They do match. I just think the
software cannot find the address in the non-global zone.

I've already gone to some Check Point forums and my VAR, and
I am waiting on Check Point support (through the VAR), but
I have not made progress. I thought I'd ask a Solaris crowd
if they have experience or ideas with this. Is there a way to
help the application figure out the IP address? Is there
a way to get a "real" interface, bge1, in a non-global zone
rather than what looks like a secondary, logical address,
bge1:1? That would probably do it.

Solaris 10 06/06 and Check Point SmartCenter R65.
--
Crist J. Clark | cjclark@...

RE: SSHD with Secured authentication, using RSA PAM client

2007-08-06T11:25:06Z

Christina,

We cannot use OpenSSH because our policies forbid us to use open source
software with no support contract.

Anyway, we got it to work by specifying keyboard interactive in the
/etc/ssh/sshd_config file. Now it works flawlessly. For some reason, RSA is
unaware of this fix.

Thanks to all for their input, especially Reg Quinton and Asif Iqbal! Both
of you pointed us in the right direction.

_______________________________

Edward Reiss <ed.reiss@...>
Cell
631.681.7181
Landline
518.533.9764
Fax
631.881.5545
Quis custodiet ipsos custodes?

_______________________________

-----Original Message-----
From: Christian Lete Viesca [mailto:clete@...]
Sent: Monday, August 06, 2007 12:41 PM
To: Edward Reiss; focus-sun@...
Subject: RE: SSHD with Secured authentication, using RSA PAM client

Hi Edward,

I have deployed Openssh aling with SecurID, Id recommend you to get openssh
from sunfreeware, its very simple and straightforward to do it that way, is
there a particula reason you are sticking to Solaris' ssh?

Cheers,

Christian Lete Viesca

UNIX/Jboss Administrator- IT Convergence Support Services

IT Convergence

Toll-free USA: [1] (800) 675-0032 Ext. 2652

International: [1] (415) 675-7935 Ext. 2652

Argentina: [54 11] 4000-8400 or 0800-122-4821 Ext. 2652

México: 01-800-777-0051 Ext. 2652

Shanghai: [86] (21) 6279-8030 Ext. 2652

Cell Phone: [54 911] 62014732

Email: clete@...

Website: http://www.itconvergence.com

Confidentiality Notice

The information transmitted in this email is intended only for the person or
entity to which it is addressed and may contain confidential and/or
privileged material from IT Convergence. Any review, retransmission,
dissemination or other use of the information contained in this email by
persons or entities other than the intended recipient is prohibited. If you
are not the intended recipient, you are not authorized to forward or
otherwise distribute this e-mail.

-----Original Message-----
From: listbounce@... [mailto:listbounce@...] On
Behalf Of Edward Reiss
Sent: Tuesday, July 31, 2007 7:20 PM
To: focus-sun@...
Subject: SSHD with Secured authentication, using RSA PAM client

Greetings,

Has anyone got ssh to authenticate to SecureID? We have to use the version
of sshd included with Solaris 9, 1.0.1, and we cannot get it to work. It
seems Solaris always tries to authenticate locally even after I configure
pam.conf. RSA has a "work around" but they do not support even the work
around. RSA will support OpenSSH, but not the sshd included with Solaris.

Any help would be appreciated.

_______________________________

Edward Reiss <ed.reiss@...>
Cell
631.681.7181
Landline
518.533.9764
Fax
631.881.5545
Quis custodiet ipsos custodes?

_______________________________

RE: SSHD with Secured authentication, using RSA PAM client

2007-08-06T10:40:46Z

Hi Edward,

I have deployed Openssh aling with SecurID, Id recommend you to get openssh from sunfreeware, its very simple and straightforward to do it that way, is there a particula reason you are sticking to Solaris' ssh?

Cheers,

Christian Lete Viesca

UNIX/Jboss Administrator- IT Convergence Support Services

IT Convergence

Toll-free USA: [1] (800) 675-0032 Ext. 2652

International: [1] (415) 675-7935 Ext. 2652

Argentina: [54 11] 4000-8400 or 0800-122-4821 Ext. 2652

México: 01-800-777-0051 Ext. 2652

Shanghai: [86] (21) 6279-8030 Ext. 2652

Cell Phone: [54 911] 62014732

Email: clete@...

Website: http://www.itconvergence.com

Confidentiality Notice

The information transmitted in this email is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material from IT Convergence. Any review, retransmission, dissemination or other use of the information contained in this email by persons or entities other than the intended recipient is prohibited. If you are not the intended recipient, you are not authorized to forward or otherwise distribute this e-mail.

-----Original Message-----
From: listbounce@... [mailto:listbounce@...] On Behalf Of Edward Reiss
Sent: Tuesday, July 31, 2007 7:20 PM
To: focus-sun@...
Subject: SSHD with Secured authentication, using RSA PAM client

Greetings,

Has anyone got ssh to authenticate to SecureID? We have to use the version of sshd included with Solaris 9, 1.0.1, and we cannot get it to work. It seems Solaris always tries to authenticate locally even after I configure pam.conf. RSA has a "work around" but they do not support even the work around. RSA will support OpenSSH, but not the sshd included with Solaris.

Any help would be appreciated.

_______________________________

Edward Reiss <ed.reiss@...>
Cell
631.681.7181
Landline
518.533.9764
Fax
631.881.5545
Quis custodiet ipsos custodes?

_______________________________

RE: SSHD with Secured authentication, using RSA PAM client

2007-08-06T10:04:11Z

Edward, I don't know if this helps but we've had similar problems with RSA
clients, OpenSSH servers and PAM (at least on earlier versions of OpenSSH).

If you're using the RSA SSH client and you specify "Authentication Method"
as "password" that means traditional /etc/passwd an /etc/shadow file
methods. As I recall to get PAM you need to specify "Keyboad Interactive".
Try that, it might help.

-----Original Message-----
From: listbounce@... [mailto:listbounce@...] On
Behalf Of Edward Reiss
Sent: July 31, 2007 6:20 PM
To: focus-sun@...
Subject: SSHD with Secured authentication, using RSA PAM client

Greetings,

Has anyone got ssh to authenticate to SecureID? We have to use the version
of sshd included with Solaris 9, 1.0.1, and we cannot get it to work. It
seems Solaris always tries to authenticate locally even after I configure
pam.conf. RSA has a "work around" but they do not support even the work
around. RSA will support OpenSSH, but not the sshd included with Solaris.

Any help would be appreciated.

_______________________________

Edward Reiss <ed.reiss@...>
Cell
631.681.7181
Landline
518.533.9764
Fax
631.881.5545
Quis custodiet ipsos custodes?

_______________________________

Re: SSHD with Secured authentication, using RSA PAM client

2007-08-03T22:39:26Z

On 7/31/07, Edward Reiss <ed.reiss@...> wrote:
> Has anyone got ssh to authenticate to SecureID? We have to use the version
> of sshd included with Solaris 9, 1.0.1, and we cannot get it to work. It
> seems Solaris always tries to authenticate locally even after I configure
> pam.conf. RSA has a "work around" but they do not support even the work
> around.

I've set up a number of machines for SecurID authentication with ssh,
but haven't tried it on any recent Solaris version.

> RSA will support OpenSSH, but not the sshd included with Solaris.

I believe you've answered your own question.

Kevin
--
Moderator, unofficial RSA ACE/Server + SecurID users group:
http://tech.groups.yahoo.com/group/securid-users/

Re: SSHD with Secured authentication, using RSA PAM client

2007-08-03T21:01:16Z

On 7/31/07, Edward Reiss <ed.reiss@...> wrote:
> Greetings,
>
> Has anyone got ssh to authenticate to SecureID? We have to use the version
> of sshd included with Solaris 9, 1.0.1, and we cannot get it to work. It

- You have make sure your sshd is pam enabled.
ldd `which sshd` should have libpam in there.

- man sshd_config. Depending on your sshd_config file you need enable
either one of the two `UsePAM' or `PAMAuthenticationViaKBDInt'

We enabled the radius daemon on our SecurID ACE server (RSA) and using
pam_radius (of Freeradius) instead. If you choose that path you need to
pick a radius secret key and need to add that key for your client on
ACE database.

Most of our servers using some flavor of ssh (openssh or sunssh or
ssh) and pam_radius
It basically prompts for Password: (you put your passcode here). We
also have sudo
with pam enabled. So there is no local password needed for users.

These are files I needed to modify
- /etc/raddb/server (only can access raddb dir)
- /etc/pam.conf - just two extra lines; one for sshd and one for sudo
- /etc/ssh/sshd_config OR /usr/local/etc/sshd_config

> seems Solaris always tries to authenticate locally even after I configure

It has nothing to do with Solaris. It is SSHD that you need to configure right.

> pam.conf. RSA has a "work around" but they do not support even the work
> around. RSA will support OpenSSH, but not the sshd included with Solaris.
>

The problem is not ssh difference. It is all handled by pam. Both
SunSSH and OpenSSH
knows how to communicate with PAM if they are compiled with pam library.

> Any help would be appreciated.
>
> _______________________________
>
> Edward Reiss <ed.reiss@...>
> Cell
> 631.681.7181
> Landline
> 518.533.9764
> Fax
> 631.881.5545
> Quis custodiet ipsos custodes?
>
> _______________________________
>
>
>

--
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu

SSHD with Secured authentication, using RSA PAM client

2007-07-31T16:19:44Z

Greetings,

Has anyone got ssh to authenticate to SecureID? We have to use the version
of sshd included with Solaris 9, 1.0.1, and we cannot get it to work. It
seems Solaris always tries to authenticate locally even after I configure
pam.conf. RSA has a "work around" but they do not support even the work
around. RSA will support OpenSSH, but not the sshd included with Solaris.

Any help would be appreciated.

_______________________________

Edward Reiss <ed.reiss@...>
Cell
631.681.7181
Landline
518.533.9764
Fax
631.881.5545
Quis custodiet ipsos custodes?

_______________________________

SSL Cert for patchpro.sun.com Invalid?

2007-06-04T15:46:32Z

In our IDS logs, I saw some of our servers making some outgoing
connections over SSL wrapped HTTP. So, being curious, I decided to see
where they were going. The connections were going to patchpro.sun.com,
but the SSL certificate being used for this site is signed by Sun's
internal certificate authority and the site its self displays the
default Apache page. This happens for both the FQDN and the IP address
URL's:

https://192.18.108.39/
https://patchpro.sun.com/

Without digging to much deeper, my mind has begun wondering. Do systems
with support contracts download patches from this system over SSL
wrapped HTTP without a 3rd party validated certificate? Does the update
client even attempt to validate the certificate that is being presented
to it prior to downloading and installing patches? Perhaps Solaris
already has the Sun Microsystems Inc CA (Class B) certificate authority
public certificate installed and trusted
(https://www.sun.com/pki/ca/smicacert.html). Hmm.... I wonder. Guess I
need to build a box and screw around with it. Anyone else have any in
depth knowledge on this matter? Something seems a little weird here.
Generally you don't see default Apache pages sitting around on major
sites unless some kind of misconfiguration is happening.

Here is a copy (Base64 encoded) of the certificate currently being
presented by https://patchpro.sun.com:
-----BEGIN CERTIFICATE-----
MIIEETCCAvmgAwIBAgIEFAAQbTANBgkqhkiG9w0BAQUFADBLMSowKAYDVQQDEyFT
dW4gTWljcm9zeXN0ZW1zIEluYyBDQSAoQ2xhc3MgQikxHTAbBgNVBAoTFFN1biBN
aWNyb3N5c3RlbXMgSW5jMB4XDTAyMDkxOTIyNTgzN1oXDTA3MDkxODIyNTgzN1ow
OjEdMBsGA1UEChMUU3VuIE1pY3Jvc3lzdGVtcyBJbmMxGTAXBgNVBAMTEHBhdGNo
cHJvLnN1bi5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANdGSE7Usa2R
lsHnJoJzY4yQvkp2uWlyAzg6y+Z/Ex8mBH0cjhmIjNCUH1A7072ubA9PzwG/VCE2
EDvO7gOjDKn8UAuvykiQNEirS+OfVgpQpvl8P6AgydQVE8Rbyxx27UwrWuFS6SEZ
KhHtyTYjKx4eEQJZO/GdZg5UvTjndmE3AgMBAAGjggGQMIIBjDAOBgNVHQ8BAf8E
BAMCBaAwHQYDVR0OBBYEFIPdShEhWpzZy4SOp+n+JTWMImdvMEcGA1UdIARAMD4w
PAYLYIZIAYb3AIN9k18wLTArBggrBgEFBQcCARYfaHR0cDovL3d3dy5zdW4uY29t
L3BraS9jcHMuaHRtbDCBhQYDVR0fBH4wfDB6oCegJYYjaHR0cDovL3d3dy5zdW4u
Y29tL3BraS9wa2lzbWljYS5jcmyiT6RNMEsxKjAoBgNVBAMTIVN1biBNaWNyb3N5
c3RlbXMgSW5jIENBIChDbGFzcyBCKTEdMBsGA1UEChMUU3VuIE1pY3Jvc3lzdGVt
cyBJbmMwHwYDVR0jBBgwFoAUT7ZnqR/EEBSgG6h1wdYMI5RiiWswVAYIKwYBBQUH
AQEESDBGMB0GCCsGAQUFBzABhhFodHRwOi8vdmEuc3VuLmNvbTAlBggrBgEFBQcw
AYYZaHR0cDovL3ZhLmNlbnRyYWwuc3VuLmNvbTATBgNVHSUEDDAKBggrBgEFBQcD
ATANBgkqhkiG9w0BAQUFAAOCAQEAo8QI/x1PKIhrw3GtyeZyty8QHzcKQQNXT3fX
CXo9P094mIIwwFqk3cHYA8HWd65ieKihwTRYM9FQo8ZajeANI6Y2m2iJ2smHM5p/
tnSmnkh9DYFbwvE9pm8fLoKD8ZMKgGUeeI74h77Cni6A+1quOCzcL+605aHDmhqg
/R4OXSXMUkXpOOyHczdPgDPAyHeTM9MH8w71zyIjOoNVfiyRAY/2mtvq9kVYvOo1
NYexlU+x7u6dFjScuVf3RiXdAIwSmLlR3OlO7+zDlMRThiclv2ldrfQQbMQS6OhA
+2dN9luEiI93yO7CsPPcFlZR+JkqFAWOndz94XvdzAhB/V1MLA==
-----END CERTIFICATE-----

--Eoin Miller

BSM Audit - system call argument

2007-05-15T10:15:12Z

hello ....

If anybody knows about sun's bsm audit
record format, please help me.

I am not able to understand how an audit
record for system call can have duplicate
token for the same system call argument.
For example -

header,182,2,ioctl(2),,Mon Jun 01 07:56:56 1998, + 788290611 msec
path,/devices/pseudo/cn@0:console
attribute,20620,2122,tty,8388608,11409,0
argument,2,0x7415,cmd
argument,3,0xeffff2b0,arg
argument,2,0x501cd434,strioctl:vnode
subject,2122,root,other,root,other,273,258,0 0 pascal.eyrie.af.mil
return,success,0
trailer,182

Above, token argument 2 is repeated.
I dint find anything in the BSM guide on
sun's site.

I would highly appreciate it if anybody
could throw any light on this.

Regards,

Re: Sun Application Server Drop Privs

2007-04-26T04:54:05Z

On Wed, 25 Apr 2007, haim [howard] roman wrote:
> Regarding (b), even if you run the server as root, you can change the
> owners &/or groups of the files so that non-root users can change them.

It may happen that controlling configuration files is enough to force
the application to do nasty things (e.g., reading /etc/shadow, or even
overwriting it). If an application is run as root, the result can be
that you allow the one who controls the configuration files to do this
nasty things.

If your only problem is the ports, you could run the server on some
other ports (say, 20080 instead of 80) and use ipf to redirect 80 to
20080.

--
Regards,
ASK

Re: Sun Application Server Drop Privs

2007-04-25T06:41:40Z

Regarding (b), even if you run the server as root, you can change the
owners &/or groups of the files so that non-root users can change them.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Haim (Howard) Roman
Computer Center, Jerusalem College of Technology
roman@...
Phone: 052-8-592-599 (6022 from within Machon Lev)

-------- Original Message --------
Subject: Sun Application Server Drop Privs
From: Crist J. Clark <cristclark@...>
To: focus-sun@...
Date: Tue 24 Apr 2007 03:11:02 AM IDT

> We're using Sun Java System Application Server 8.1. I know
> the software is designed so it can be run as a non-root user,
> but right now, we have to run it as root since it binds to ports
> 80/tcp and 443/tcp.
>
> I've hit SunSolve, docs.sun.com, and Google, but can't seem to
> find out how to get it to drop privs to a non-root user after
> grabbing the low-numbered ports. Anyone know how to do this?
> I'd rather (a) not have this monster run as root if it doesn't
> have to and (b) not have the web app developers have to get a
> sys admin to make changes as root for them whenever they want
> to tweak some file.
>

RE: Sun Application Server Drop Privs

2007-04-24T09:41:11Z

Have you tried creating a properties file or editing the existing properties
file that contains the environment variables associated with launching the
app server? I know for the Sun Proxy server you can create a properties
page that contains the user that will run the service as well as the ports
to which it will bind to. The properties file may be accessed by root, but
privs will be dropped to the user defined within the config file.

Tony UcedaVélez, CISM, CISA, GIAC
Managing Partner
VerSprite, LLC
(office) 678.938.3434
(email) tonyuv@...
(web) www.versprite.com

-----Original Message-----
From: listbounce@... [mailto:listbounce@...] On
Behalf Of Crist J. Clark
Sent: Monday, April 23, 2007 8:11 PM
To: focus-sun@...
Subject: Sun Application Server Drop Privs

We're using Sun Java System Application Server 8.1. I know
the software is designed so it can be run as a non-root user,
but right now, we have to run it as root since it binds to ports
80/tcp and 443/tcp.

I've hit SunSolve, docs.sun.com, and Google, but can't seem to
find out how to get it to drop privs to a non-root user after
grabbing the low-numbered ports. Anyone know how to do this?
I'd rather (a) not have this monster run as root if it doesn't
have to and (b) not have the web app developers have to get a
sys admin to make changes as root for them whenever they want
to tweak some file.
--
Crist J. Clark | cjclark@...

Re: Sun Application Server Drop Privs

2007-04-24T09:36:45Z

If the main issue is your webservers then what should happen
is that the initial run as root should get reassigned to
the webserver owner, i.e. nobody, web, etc.

Stephen Hauskins
Divisional Liaison
Academic Computing Group
Division of Physical and Biological Sciences

We can't solve problems by using the same kind of thinking we used
when we created them. Albert Einstein

On Mon, 23 Apr 2007, Crist J. Clark wrote:

Sun Application Server Drop Privs

2007-04-23T18:11:02Z

We're using Sun Java System Application Server 8.1. I know
the software is designed so it can be run as a non-root user,
but right now, we have to run it as root since it binds to ports
80/tcp and 443/tcp.

I've hit SunSolve, docs.sun.com, and Google, but can't seem to
find out how to get it to drop privs to a non-root user after
grabbing the low-numbered ports. Anyone know how to do this?
I'd rather (a) not have this monster run as root if it doesn't
have to and (b) not have the web app developers have to get a
sys admin to make changes as root for them whenever they want
to tweak some file.
--
Crist J. Clark | cjclark@...

Re: Sun Studio 11: C++ 5.8 Compiler

2007-04-17T00:53:42Z

focus-sun Digest 16 Apr 2007 17:18:39 -0000 Issue 372

Sun Studio 11: C++ 5.8 Compiler
1456 by: neelabhsharma1.gmail.com

[...]

As per the specifications the compiler should be based on C99. But i think
it still does not handle the function call strtoll(). This issue did not
arise with RHL 9.0

If it did the handling properly then the result of the program should not
be 0.

/*Snippet of the Code */
#include<stdio.h>
#include<stdlib.h>

int main()
{
char *a = "89abcdef";
long long int c;
a[8] = '\0';
c = strtoll(a, NULL, 16);
printf("the num is %8x", c);
return 0;
}

My understanding of the OS, Platform (SPARC), ofcourse C is just of a
beginner and am eager to learn, please provide supporting comments..

[JL:
Did you say C or C++? C++ is still based on the 1998 C++ standard, which
in turn is based on C90 and not on C99. Hence things like long long are
(most likely) not part of the base C++ configuration - it is likely that
you would have to enable such extensions in C++ by special options. {That
was a guess - investigation shows it is a wrong guess...read on.}

Which bits of the manual did you read?

Tested on Solaris 10 with
Black JL: cc -V
cc: Sun C 5.8 2005/10/13
usage: cc [ options] files. Use 'cc -flags' for details
Black JL: CC -V
CC: Sun C++ 5.8 2005/10/13

Also, the code must be fixed - %8x prints an integer, not a long long int,
so the format string needs to end "%8llx\n".

The C compiler is fine with the fixed code. The C++ compiler says:

CC -O x.c -o x && ./x
"x.c", line 6: Warning: String literal converted to char* in
initialization.
1 Warning(s) detected.
Segmentation Fault(coredump)

Hmmm...that's because you try to modify the string literal at x[8] = '\0'
- which is a pointless exercise (the value is already '\0'). The warning
is because it should be a const char * you assign to. With that fixed,
even CC compiles it and runs it OK.

So, you don't even have to enable long long in CC - it just works with
correct code.
]

--
Jonathan Leffler (jleffler@...)
STSM, Informix Database Engineering, IBM Information Management Division
4100 Bohannon Drive, Menlo Park, CA 94025-1013
Tel: +1 650-926-6921 Tie-Line: 630-6921
"I don't suffer from insanity; I enjoy every minute of it!"

Re: Sun Studio 11: C++ 5.8 Compiler

2007-04-16T12:05:47Z

On Mon, Apr 16, 2007 at 01:22:07AM -0000, neelabhsharma1@... wrote:

> As per the specifications the compiler should be based on C99. But i think it still does not handle the function call strtoll(). This issue did not arise with RHL 9.0
>
> If it did the handling properly then the result of the program should not be 0.
>
>
> /*Snippet of the Code */
> #include<stdio.h>
> #include<stdlib.h>
>
> int main()
> {
> char *a = "89abcdef";
> long long int c;
> a[8] = '\0';
> c = strtoll(a, NULL, 16);
> printf("the num is %8x", c);
> return 0;
> }
>
>
> My understanding of the OS, Platform (SPARC), ofcourse C is just of a beginner and am eager to learn, please provide supporting comments..
>

This is consistent with Sun WorkShop 6 and gcc 3.4.2 (Both on Solaris/Sparc).
Gcc 3.4.5 on Linux (Intel) appears to do what you were expecting, but actually
does not. If you change the "char a..." definition to a hex value longer than
8 characters you will not see the last 8 characters on Sparc. On Intel you will
only see the last 8 characters. This is due to differences in byte ordering on
these processors.

The problem is in your printf format. %8x expects to print something of type
"int". Most current compilers specify type "int" to be the same as "long int"
which is 32 bits. "long long int" is 64 bits. What is happening here is you
are printing the first 32 bits of the argument. If you use the correctly
typed format string "%8llx", you should see the correct value printed in all
cases.

I hope this helps your understanding of what has happened here.

Steven Leikeim

--

Steven Leikeim, GSEC-Gold | We, the willing
Department of Electrical and Computer | led by the unknowing
Engineering | are doing the impossible
Schulich School of Engineering | for the ungrateful.
University of Calgary | We have done so much
Calgary, Alberta | for so long with so little
| we are now qualified
Phone: (403) 220-5373 Fax: (403) 282-6855 | to do anything with nothing.

Re: Sun Studio 11: C++ 5.8 Compiler

2007-04-16T11:22:38Z

neelabhsharma1@... writes:

>As per the specifications the compiler should be based on C99. But i think it still does not handle the function call strtoll(). This issue did not arise with RHL 9.0

>If it did the handling properly then the result of the program should not be 0.

By "result of the program" I assume you mean the output of the printf
command. As your code is broken (and lint will show you where), the output
is undefined. Fix your code and the output becomes what you expect.

>/*Snippet of the Code */
>#include<stdio.h>
>#include<stdlib.h>

>int main()
>{
>char *a = "89abcdef";
>long long int c;
>a[8] = '\0';
>c = strtoll(a, NULL, 16);
>printf("the num is %8x", c);
>return 0;
>}

--
Michael T Pins | "A year from now I'd be surprised if
mtpins@... | there's not some grand square in Baghdad
keeper of the nn sources | that is named after President Bush."
ftp://ftp.nndev.org/pub | -Richard Perle, 9/22/03

Sun Studio 11: C++ 5.8 Compiler

2007-04-15T19:22:07Z

As per the specifications the compiler should be based on C99. But i think it still does not handle the function call strtoll(). This issue did not arise with RHL 9.0

If it did the handling properly then the result of the program should not be 0.

/*Snippet of the Code */
#include<stdio.h>
#include<stdlib.h>

int main()
{
char *a = "89abcdef";
long long int c;
a[8] = '\0';
c = strtoll(a, NULL, 16);
printf("the num is %8x", c);
return 0;
}

My understanding of the OS, Platform (SPARC), ofcourse C is just of a beginner and am eager to learn, please provide supporting comments..

Thanks and Regards

Re: Dealing with BSM Audit Logs

2007-03-08T00:36:45Z

Crist J. Clark-2 wrote:

Anyway, I am in search of tools to deal with audit logs. For
example, I suspect that this noise is from ufsdump/restore,
but this is hard to back out. It'd be sweet to have a tool
where I could pull out all of the logs related to a process,
including its children, and look at them. Something interactive
would be so-o cool. Using auditreduce(1M) and praudit(1M) with
grep, perl, and awk only goes so far, especially when it
comes to GBs of logs.

Are there tools out there for this? Any leads, from Sun, free
stuff, your scripts, or third-party commercial, would help.

We are working on an audit trail tool which will be available as beta shortly:
http://auditanalyzer.com/

Sol DST issues - revisited

2007-02-16T10:21:25Z

Just a note, Amy Rich, in the Q&A section of Sys Admin:
http://www.samag.com/documents/s=10118/sam0703j/0703j.htm

gives a list of fixes - including Java updates needed and firmware patches
for various Sun boxes.

a

Andy Bach
Systems Mangler
Internet: andy_bach@...
VOICE: (608) 261-5738 FAX 264-5932

"Procrastination is like putting lots and lots of commas in the sentence
of your life."
Ze Frank
http://lifehacker.com/software/procrastination/ze-frank-on-procrastination-235859.php

Re: Re: Solaris 2.7 Daylight saving time fix.

2007-02-06T08:52:41Z

Ron Jack (Systems Network) wrote:

>
> This seems to work for us for US/Eastern (note - no changes to existing
> zdump/zic):
>
> 3) edit /usr/share/lib/zoneinfo/northamerica.
>
> Zone EST5EDT -5:00 US E%sT <-- yank this line. paste
> below.
> Zone Eastern -5:00 US E%sT <-- change to "Eastern"
>
>
>

I am a little unclear with step 3.
Do I yank the line and copy it. Then modify it, to now have two (2) lines
representing that zone (I am in Central)? With the Eastern ahead of the
ESTDST?

--
View this message in context: http://www.nabble.com/Solaris-2.7-Daylight-saving-time-fix.-tf2955037.html#a8829564
Sent from the Security - Sun mailing list archive at Nabble.com.

Re: Solaris 2.7 Daylight saving time fix

2007-01-31T08:37:12Z

>The specification that I can find (SUS3 at Open Group) leaves it
>completely unspecified what rules might apply to the switch between winter
>and summer (or standard and daylight saving) times. It shows how to set
>the rule by including the information in the TZ variable, but it does not
>state what the rule is in the absence of a specific setting.

I misremembered this. But remember that in the old zoneinfo files
GMT+/-xx was defined backward and using such timezones would result
in non-POSIX compliant timestamps. (GMT+5 was interpreted as POSIX GMT-5
and vice versa)

It appears we stopped shipping those in Solaris 2.4 so I guess it's about time
that we removed the hardcoded defaults from libc and rely on the rule
files from now on.

(And make it so that changes to the rule files do not require a reboot)

Casper

Re: Solaris 2.7 Daylight saving time fix

2007-01-30T19:12:22Z

Casper Dik <casper.dik@...> wrote:
>The POSIX standard *requires* that the ?STx?DT format precludes
>the use of zone files.
>
>Any OS which uses the zoneinfo files is not compliant when the $TZ
>variable can be parsed under the POSIX rules.

Please can you indicate chapter and verse in POSIX where it says that?

The specification that I can find (SUS3 at Open Group) leaves it
completely unspecified what rules might apply to the switch between winter
and summer (or standard and daylight saving) times. It shows how to set
the rule by including the information in the TZ variable, but it does not
state what the rule is in the absence of a specific setting.

Quoting some standard (Base Definitions, Environment Variables)

TZ
This variable shall represent timezone information. The contents of the
environment variable named TZ shall be used by the ctime(), localtime(),
strftime(), mktime(), ctime_r(), and localtime_r() functions, and by
various utilities, to override the default timezone. The value of TZ has
one of the two forms (spaces inserted for clarity):
:characters
or:
std offset dst offset, rule
If TZ is of the first format (that is, if the first character is a colon),
the characters following the colon are handled in an
implementation-defined manner.
The expanded format (for all TZ s whose value does not have a colon as the
first character) is as follows:
stdoffset[dst[offset][,start[/time],end[/time]]]
Where:
std and dst
Indicate no less than three, nor more than {TZNAME_MAX}, bytes that are
the designation for the standard ( std) or the alternative ( dst -such as
Daylight Savings Time) timezone. Only std is required; if dst is missing,
then the alternative time does not apply in this locale.
Each of these fields may occur in either of two formats quoted or
unquoted:
In the quoted form, the first character shall be the less-than ( '<' )
character and the last character shall be the greater-than ( '>' )
character. All characters between these quoting characters shall be
alphanumeric characters from the portable character set in the current
locale, the plus-sign ( '+' ) character, or the minus-sign ( '-' )
character. The std and dst fields in this case shall not include the
quoting characters.
In the unquoted form, all characters in these fields shall be alphabetic
characters from the portable character set in the current locale.
The interpretation of these fields is unspecified if either field is less
than three bytes (except for the case when dst is missing), more than
{TZNAME_MAX} bytes, or if they contain characters other than those
specified.
offset
Indicates the value added to the local time to arrive at Coordinated
Universal Time. The offset has the form:
hh[:mm[:ss]]
The minutes ( mm) and seconds ( ss) are optional. The hour ( hh) shall be
required and may be a single digit. The offset following std shall be
required. If no offset follows dst, the alternative time is assumed to be
one hour ahead of standard time. One or more digits may be used; the value
is always interpreted as a decimal number. The hour shall be between zero
and 24, and the minutes (and seconds)-if present-between zero and 59. The
result of using values outside of this range is unspecified. If preceded
by a '-', the timezone shall be east of the Prime Meridian; otherwise, it
shall be west (which may be indicated by an optional preceding '+' ).
rule
Indicates when to change to and back from the alternative time. The rule
has the form:
date[/time],date[/time]
where the first date describes when the change from standard to
alternative time occurs and the second date describes when the change back
happens. Each time field describes when, in current local time, the change
to the other time is made.
The format of date is one of the following:
Jn
The Julian day n (1 <= n <= 365). Leap days shall not be counted. That is,
in all years-including leap years-February 28 is day 59 and March 1 is day
60. It is impossible to refer explicitly to the occasional February 29.
n
The zero-based Julian day (0 <= n <= 365). Leap days shall be counted, and
it is possible to refer to February 29.
Mm.n.d
The d'th day (0 <= d <= 6) of week n of month m of the year (1 <= n <= 5,
1 <= m <= 12, where week 5 means "the last d day in month m" which may
occur in either the fourth or the fifth week). Week 1 is the first week in
which the d'th day occurs. Day zero is Sunday.
The time has the same format as offset except that no leading sign ( '-'
or '+' ) is allowed. The default, if time is not given, shall be 02:00:00.

--
Jonathan Leffler (jleffler@...)
STSM, Informix Database Engineering, IBM Information Management Division
4100 Bohannon Drive, Menlo Park, CA 94025-1013
Tel: +1 650-926-6921 Tie-Line: 630-6921
"I don't suffer from insanity; I enjoy every minute of it!"

Re: BSM, SSH, and Session ID

2007-01-30T13:47:49Z

On Fri, Jan 26, 2007 at 08:03:04PM -0500, Jalex wrote:
> Solaris BSM makes more sense. I didn't realize it was the praudit xml
> output.
>
> Are you logging in as root through ssh or is that just the way it is
> logging it?

Yes. The particular example below is a "forced command"
assocaited with a specific "authorized key." Root cannot
log in except "without password" and all authorized keys
have forced commands for some specific tasks.

> I can't recall how Sun SSH on Solaris 9 behaves but recent versions of
> Sun SSH/OpenSSH should fork off before the login because the sshd
> process that a user is connected to after authentication runs with their
> privileges, not root's. It should always be a different session, even
> if the user login is root.

Something like that is going on, but it's not turning out
how I would expect. Here's the process tree,

sshd
[26065]
| \
| sh -c locale -a
| [26066]
| \
| locale -a
|\ [26067]
| \
| sshd
| [26068]
| \
| ksh -c etc/security/sox_baseline
| [26069]
(auditon) \...
(ssh - login)

So, we start with the sshd child spawned by the listening daemon,
26065. It runs the locale command. Then it spins off another
child, 26068. This child runs the forced command and all of
those children sprout off of that branch. The parent sshd doesn't
call auditon, log the login, or change the session ID until
_after_ it's forked the child doing all of the work.

I've trussed sshd, but it just made my head hurt more.

What gets annoying in other cases is that if the user logging
in is non-root, the "audit user" is root for all of the children
processes doing the work, like 26068 in this case, and the
"do nothing" main sshd process is the one that gets its audit
user changed to the user loging in. I end up with a bunch of
logs that I don't want.

> Are you just auditing the root user?

For all exec's and fork's, yes, just root.

> >>Crist J. Clark wrote:
> >>>I am trying to write a script that does the following:
> >>>
> >>> 1) Finds all root logins and su's to root.
> >>> 2) Tracks all commands run after that login.
> >>> 3) Associates each command with its login.
> >>>
> >>>Sounds easy, huh? Devil's in the details.
> >>>
> >>>Current method of attack is to find all of the su's and logins,
> >>>and save the session ID. Then I can go through and pick out the
> >>>'exec' events with that session ID and run as root. My old
> >>>method was to follow all of the forks from a login. It was not
> >>>pretty, but seemed to work most of the time. I thought following
> >>>session IDs would be more robust and less error prone.
> >>>
> >>>But I have a audit trail here that is confounding my best
> >>>efforts. What we have is a "forced" SSH command. There are a
> >>>few problems with the trail. First, it looks like it starts
> >>>forking children before the login. Second, the login has a
> >>>different session ID than its children. I'm a bit confused
> >>>about what is going on here. Here's the audit trail. It's in
> >>>XML format. I find that easier to read with the labels.
> >>>
> >>>What's killing me is that the login (the 'login - ssh' event)
> >>>has a different session ID that its children (the 'exec(2)'
> >>>of 'ksh -c /etc/security/sox_baseline'). Bug? Feature? Do I
> >>>need to revert to my old method? This is Solaris 9 using
> >>>the Sun SSH daemon.
> >>>
> >>>
> >>><?xml version='1.0' encoding='UTF-8' ?>
> >>><?xml-stylesheet type='text/xsl'
> >>>href='file:///usr/share/lib/xml/style/adt_record.xsl.1' ?>
> >>>
> >>><!DOCTYPE audit PUBLIC '-//Sun Microsystems, Inc.//DTD Audit V1//EN'
> >>>'file:///usr/share/lib/xml/dtd/adt_record.dtd.1'>
> >>>
> >>><audit>
> >>><file time="Thu Jan 11 10:46:19 PST 2007" msec="0"></file>
> >>><record version="2" event="vfork(2)" time="Thu Jan 11 10:46:19 PST 2007"
> >>>msec="731">
> >>><argument arg-num="0" value="0x5e02" desc="child PID"/>
> >>><subject audit-uid="root" uid="root" gid="root" ruid="root" rgid="root"
> >>>pid="24065" sid="3539585011" tid="11953 196630 spa.example.com"/>
> >>><return errval="success" retval="0"/>
> >>></record>
> >>><record version="2" event="execve(2)" time="Thu Jan 11 10:46:19 PST
> >>>2007" msec="732">
> >>><path>/usr/bin/sh</path>
> >>><attribute mode="100555" uid="root" gid="root" fsid="136" nodeid="8469"
> >>>device="0"/>
> >>><exec_args><arg>sh</arg><arg>-c</arg><arg>/usr/bin/locale -a
> >>></arg></exec_args>
> >>><subject audit-uid="root" uid="root" gid="root" ruid="root" rgid="root"
> >>>pid="24066" sid="3539585011" tid="11953 196630 spa.example.com"/>
> >>><return errval="success" retval="0"/>
> >>></record>
> >>><record version="2" event="fork(2)" time="Thu Jan 11 10:46:19 PST 2007"
> >>>msec="741">
> >>><argument arg-num="0" value="0x5e03" desc="child PID"/>
> >>><subject audit-uid="root" uid="root" gid="root" ruid="root" rgid="root"
> >>>pid="24066" sid="3539585011" tid="11953 196630 spa.example.com"/>
> >>><return errval="success" retval="0"/>
> >>></record>
> >>><record version="2" event="execve(2)" time="Thu Jan 11 10:46:19 PST
> >>>2007" msec="764">
> >>><path>/usr/bin/locale</path>
> >>><attribute mode="100555" uid="root" gid="bin" fsid="136" nodeid="347411"
> >>>device="0"/>
> >>><exec_args><arg>/usr/bin/locale</arg><arg>-a
> >>></arg></exec_args>
> >>><subject audit-uid="root" uid="root" gid="root" ruid="root" rgid="root"
> >>>pid="24067" sid="3539585011" tid="11953 196630 spa.example.com"/>
> >>><return errval="success" retval="0"/>
> >>></record>
> >>><record version="2" event="exit(2)" time="Thu Jan 11 10:46:19 PST 2007"
> >>>msec="800">
> >>><subject audit-uid="root" uid="root" gid="root" ruid="root" rgid="root"
> >>>pid="24067" sid="3539585011" tid="11953 196630 spa.example.com"/>
> >>><return errval="success" retval="0"/>
> >>></record>
> >>><record version="2" event="exit(2)" time="Thu Jan 11 10:46:19 PST 2007"
> >>>msec="801">
> >>><subject audit-uid="root" uid="root" gid="root" ruid="root" rgid="root"
> >>>pid="24066" sid="3539585011" tid="11953 196630 spa.example.com"/>
> >>><return errval="success" retval="0"/>
> >>></record>
> >>><record version="2" event="fork(2)" time="Thu Jan 11 10:46:21 PST 2007"
> >>>msec="548">
> >>><argument arg-num="0" value="0x5e04" desc="child PID"/>
> >>><subject audit-uid="root" uid="root" gid="root" ruid="root" rgid="root"
> >>>pid="24065" sid="3539585011" tid="11953 196630 spa.example.com"/>
> >>><return errval="success" retval="0"/>
> >>></record>
> >>><record version="2" event="auditon(2) - get audit state" time="Thu Jan
> >>>11 10:46:21 PST 2007" msec="557">
> >>><subject audit-uid="root" uid="root" gid="root" ruid="root" rgid="root"
> >>>pid="24065" sid="3539585011" tid="11953 196630 spa.example.com"/>
> >>><return errval="success" retval="0"/>
> >>></record>
> >>><record version="2" event="getaudit_addr(2)" time="Thu Jan 11 10:46:21
> >>>PST 2007" msec="557">
> >>><subject audit-uid="root" uid="root" gid="root" ruid="root" rgid="root"
> >>>pid="24065" sid="3539585011" tid="11953 196630 spa.example.com"/>
> >>><return errval="success" retval="0"/>
> >>></record>
> >>><record version="2" event="auditon(2) - get audit policy flags"
> >>>time="Thu Jan 11 10:46:21 PST 2007" msec="557">
> >>><subject audit-uid="root" uid="root" gid="root" ruid="root" rgid="root"
> >>>pid="24065" sid="3539585011" tid="11953 196630 spa.example.com"/>
> >>><return errval="success" retval="0"/>
> >>></record>
> >>><record version="2" event="login - ssh" time="Thu Jan 11 10:46:21 PST
> >>>2007" msec="568">
> >>><subject audit-uid="root" uid="root" gid="other" ruid="root"
> >>>rgid="other" pid="24065" sid="3603920788" tid="11953 196630
> >>>spa.example.com"/>
> >>><return errval="success" retval="0"/>
> >>></record>
> >>><record version="2" event="fork(2)" time="Thu Jan 11 10:46:21 PST 2007"
> >>>msec="583">
> >>><argument arg-num="0" value="0x5e05" desc="child PID"/>
> >>><subject audit-uid="root" uid="root" gid="other" ruid="root"
> >>>rgid="other" pid="24068" sid="3539585011" tid="11953 196630
> >>>spa.example.com"/>
> >>><return errval="success" retval="0"/>
> >>></record>
> >>><record version="2" event="execve(2)" time="Thu Jan 11 10:46:21 PST
> >>>2007" msec="598">
> >>><path>/usr/bin/ksh</path>
> >>><attribute mode="100555" uid="root" gid="bin" fsid="136" nodeid="42497"
> >>>device="0"/>
> >>><exec_args><arg>ksh</arg><arg>-c</arg><arg>/etc/security/sox_baseline
> >>></arg></exec_args>
> >>><subject audit-uid="root" uid="root" gid="other" ruid="root"
> >>>rgid="other" pid="24069" sid="3539585011" tid="11953 196630
> >>>spa.example.com"/>
> >>><return errval="success" retval="0"/>
> >>></record>
> >>><record version="2" event="execve(2)" time="Thu Jan 11 10:46:21 PST
> >>>2007" msec="614">
> >>><path>/etc/security/sox_baseline</path>
> >>><attribute mode="100755" uid="root" gid="other" fsid="136"
> >>>nodeid="64371" device="0"/>
> >>><exec_args><arg>/bin/sh</arg><arg>/etc/security/sox_baseline
> >>></arg></exec_args>
> >>><subject audit-uid="root" uid="root" gid="other" ruid="root"
> >>>rgid="other" pid="24069" sid="3539585011" tid="11953 196630
> >>>spa.example.com"/>
> >>><return errval="success" retval="0"/>
> >>></record>
> >

--
Crist J. Clark | cjclark@...

Re: Solaris 2.7 Daylight saving time fix.

2007-01-30T10:00:10Z

> The cheesy file copy update appears to work for non-POSIX time zones.

% zdump -v US/Pacific | egrep 2007

The regular process works for "US/Pacific" as does the standard Sol zdump
- its only the POSIX ?STX?DT format that the original Sun zdump won't do
correctly. Casper from Sun says this is the way its supposed to be in
that format is hard coded into some lib and that lib is not being updated
(yet). But the "Olson" format ("US/xxxxx") works as does most anything
that makes zdump go to the zoneinfo file. The POSIX format isn't supposed
to and won't be fixed (for the pre-10 Sol zdump) until the appropriate
library is updated. I don't know what lib that is though.

a

Andy Bach
Systems Mangler
Internet: andy_bach@...
VOICE: (608) 261-5738 FAX 264-5932

If GM had developed technology like Microsoft:
5. Only one person at a time could use the car, unless you bought 'Car95'
or 'CarNT', and then added more seats.
http://www.snopes.com/humor/jokes/autos.asp

RE: Solaris 2.7 Daylight saving time fix.

2007-01-29T19:18:29Z

Terix seems to be handing out a patch for free:
http://www.terix.com

It looks to me as it doesn't fix Sun's zdump or zic,
but it is in patch format so you can check your showrev -p output.

-----Original Message-----
From: listbounce@... [mailto:listbounce@...]
On Behalf Of Andy_Bach@...
Sent: Monday, January 29, 2007 11:37 AM
To: Casper.Dik@...
Cc: casper@...; daniel.raymer@...;
focus-sun@...; listbounce@...
Subject: Re: Solaris 2.7 Daylight saving time fix.

> The POSIX standard *requires* that the ?STx?DT format precludes
the use of zone files.

> Any OS which uses the zoneinfo files is not compliant when the $TZ
variable can be parsed under the POSIX rules.

Okay, well the NIH zdump (and, as it happens, the Sol 10 zdump.c I got
to compile on Sol 2.7), "trussed" shows:
open("/usr/share/lib/zoneinfo/GMT", O_RDONLY) = 3
open("/usr/share/lib/zoneinfo/CST6CDT", O_RDONLY) = 3

So I guess the reason it 'works' is its not properly POSIX ... so the
question (to my mind) remains - where does Sol's POSIX-valid zdump get
its TZ info? From a library file? That would be the one we need to
update.

a

Andy Bach
Systems Mangler
Internet: andy_bach@...
VOICE: (608) 261-5738 FAX 264-5932

Although few may originate a policy, we are all able to judge it.
Pericles of Athens, c.430 B.C.

Re: Solaris 2.7 Daylight saving time fix.

2007-01-29T17:25:47Z

daniel.raymer@... wrote:
> Sadly, this script still leaves me with zdump -v showing April 1st for DST changeover.

The cheesy file copy update appears to work for non-POSIX time zones.

% zdump -v US/Pacific | egrep 2007
US/Pacific Tue Jan 30 01:20:52 2007 GMT = Mon Jan 29 17:20:52 2007 PST isdst=0
US/Pacific Sun Mar 11 09:59:59 2007 GMT = Sun Mar 11 01:59:59 2007 PST isdst=0
US/Pacific Sun Mar 11 10:00:00 2007 GMT = Sun Mar 11 03:00:00 2007 PDT isdst=1
US/Pacific Sun Nov 4 08:59:59 2007 GMT = Sun Nov 4 01:59:59 2007 PDT isdst=1
US/Pacific Sun Nov 4 09:00:00 2007 GMT = Sun Nov 4 01:00:00 2007 PST isdst=0

% date -u
Tue Jan 30 01:21:11 GMT 2007

RES: Re: Solaris 2.7 Daylight saving time fix.

2007-01-29T11:16:39Z

-----Mensagem original-----
De: listbounce@... [mailto:listbounce@...] Em
nome de Andy_Bach@...
Enviada em: sexta-feira, 26 de janeiro de 2007 16:43
Para: daniel.raymer@...
Cc: focus-sun@...; listbounce@...
Assunto: Re: Re: Solaris 2.7 Daylight saving time fix.

> Sadly, this script still leaves me with zdump -v showing April 1st for
DST changeover.

Yeah, it appears you need to do a couple things - one is change from the
old school "?STx?DT" TZ format (to US/Central for example) and the other
is to ditch the solaris zdump for the nih one. I'm still hoping for a
response but it was indicated that Sun holds that the ?STx?DT format
precludes using any zoneinfo files - not sure where it gets the info then
(one of libc or libdl? time()?) but ....

Not sure if the "problem" extends beyond just zdump, that is, what other
programs might not use the zoneinfo info

a

Andy Bach
Systems Mangler
Internet: andy_bach@...
VOICE: (608) 261-5738 FAX 264-5932

Although few may originate a policy, we are all able to judge it.
Pericles of Athens, c.430 B.C.

smime.p7s (4K) Download Attachment

Re: Solaris 2.7 Daylight saving time fix.

2007-01-29T08:43:08Z

>> The POSIX standard *requires* that the ?STx?DT format precludes
>the use of zone files.
>
>> Any OS which uses the zoneinfo files is not compliant when the $TZ
>variable can be parsed under the POSIX rules.
>
>Okay, well the NIH zdump (and, as it happens, the Sol 10 zdump.c I got to
>compile on Sol 2.7), "trussed" shows:
>open("/usr/share/lib/zoneinfo/GMT", O_RDONLY) = 3
>open("/usr/share/lib/zoneinfo/CST6CDT", O_RDONLY) = 3
>
>So I guess the reason it 'works' is its not properly POSIX ... so the
>question (to my mind) remains - where does Sol's POSIX-valid zdump get its
>TZ info? From a library file? That would be the one we need to update.

If Solaris zdump does not dump the zone file, then that's somewhat
strange; these POSIX rules are hardcoded in the library
file.

What you really should do is switch to the appriate Olson timezone.

(US/...)

Casper

Re: Solaris 2.7 Daylight saving time fix.

2007-01-29T08:37:22Z

> The POSIX standard *requires* that the ?STx?DT format precludes
the use of zone files.

> Any OS which uses the zoneinfo files is not compliant when the $TZ
variable can be parsed under the POSIX rules.

Okay, well the NIH zdump (and, as it happens, the Sol 10 zdump.c I got to
compile on Sol 2.7), "trussed" shows:
open("/usr/share/lib/zoneinfo/GMT", O_RDONLY) = 3
open("/usr/share/lib/zoneinfo/CST6CDT", O_RDONLY) = 3

So I guess the reason it 'works' is its not properly POSIX ... so the
question (to my mind) remains - where does Sol's POSIX-valid zdump get its
TZ info? From a library file? That would be the one we need to update.

a

Andy Bach
Systems Mangler
Internet: andy_bach@...
VOICE: (608) 261-5738 FAX 264-5932

Although few may originate a policy, we are all able to judge it.
Pericles of Athens, c.430 B.C.

Re: Solaris 2.7 Daylight saving time fix.

2007-01-27T13:54:45Z

>old school "?STx?DT" TZ format (to US/Central for example) and the other
>is to ditch the solaris zdump for the nih one. I'm still hoping for a
>response but it was indicated that Sun holds that the ?STx?DT format
>precludes using any zoneinfo files - not sure where it gets the info then
>(one of libc or libdl? time()?) but ....

The POSIX standard *requires* that the ?STx?DT format precludes
the use of zone files.

Any OS which uses the zoneinfo files is not compliant when the $TZ
variable can be parsed under the POSIX rules.

Casper