Patch-ID# 102493-01 Keywords: suntechd forks child and hang lmdown shuts down lmgrd security hole Synopsis: FLEXlm 2.4, 2.6, 2.61: Jumbo patch. Date: Jul/24/95 Solaris Release: 1.1 1.1.1 1.1.2 SunOS Release: 4.1.1 4.1.2 4.1.3 4.1.3_U1 4.1.4 Unbundled Product: FLEXlm Unbundled Release: 2.1 2.2 2.6 2.61 Relevant Architectures: sparc BugId's fixed with this patch: 1139061 1165799 Changes incorporated in this version: 1139061 1165799 Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: Obsoleted by: Files included with this patch: lic.SUNW lmdown lmgrd.ste lmhostid lmremove lmreread lmstat lmver suntechd This patch contains the FLEXlm 4.0 version of the license manager software. A new option "-x [lmdown | lmremove]" has been added to the license manager, "lmgrd.ste", which will prohibit the shutting down of the license manager (lmgrd.ste) by any user (including root!) from any machine. If this behavior is desired, please modify the start-up script "/etc/rc2.d/S85lmgrd", line 25, to include this new option: $licdir/${lmgrd} -x lmdown -c $licdir/$licfile >> /tmp/license_log 2>&1 & ^^^^^^^^^ please add this option Having done this, the only way to gracefully shut down the license manager (lmgrd.ste) is to become root on the license server, and issue the "kill" command with the lmgrd.ste's pid as the sole parameter: # kill NOTE 1: lmgrd.ste's can be found by issuing the "ps -ef | grep lmgrd.ste" command sequence. NOTE 2: Do not use "kill -9" to kill lmgrd.ste, as this will cause the vendor daemon (suntechd) NOT to be taken down. Problem Description: (Rev 01) bug 1139061: lmdown allows a user to shutdown daemons on any server - security hole. bug 1165799: license manager fails when over 30 or 50 concurrent compiler users Patch Installation Instructions: -------------------------------- Extract the patch-tarfile in /etc/opt/licenses/ (or wherever the Licensing Software is installed) Or use installpatch script: Instructions to install patch using "installpatch" -------------------------------------------------- 1. Become super-user. 2. Apply the patch by typing: //installpatch where is the directory containing the patch.