_____________________________________________________

             The Computer Incident Advisory Capability

                         ___  __ __    _     ___

                        /       |     / \   /

                        \___  __|__  /___\  \___

        _____________________________________________________

                         Information Bulletin



             Increasing Security on Your UNICOS System



March 5, 1100 PST                                          Number B-17



                     Critical UNICOS Information

________________________________________________________________________

PROBLEM:   Some UNICOS systems have not installed all patches that may

have security implications 

PLATFORM: Many versions of the Cray UNICOS operating system 

DAMAGE:  Possibility that some UNICOS systems are not operating as

securely as possible 

SOLUTIONS:  Install UNICOS patches that apply to your version of UNICOS

_______________________________________________________________________





CIAC has been working with Cray Research Corporation as well as Cray

users in the DOE community to determine which basic set of UNICOS

patches provides a baseline level of security in UNICOS systems.  The

patches described below have been identified as important in assuring

that this baseline level has been met.  Some of these patches have been

the subject of Cray alert bulletins (Cray Field Alerts), each of which

(if applicable) will be referenced as each patch is identified.  You

may contact Cray for additional information in obtaining, installing,

and assuring that these patches have been installed on your UNICOS

system.



The mods listed below are Cray binary files available to correct each

described problem.  These mods are available on the crayamid system.

Each UNICOS mod has a unique identification.  For example, Cray mod

d15567cmda) and is appropriate to specific versions of the UNICOS

operating system.  Unless otherwise stated, the mod will apply to the

entire family of Cray hardware,  including Cray-1, X-MP, Y-MP, and

Cray-2.



1.      Cray mod d15567cmda, UNICOS version 5.0/5.1



Modifies the command /bin/du  .  Alternatively, removing the SETUID bit

from the /bin/du command by executing the following command as root

will effectively replace the need for the above mod:



        chmod 0755 /bin/du



2.      Cray mod d18028, UNICOS version 5.0/5.1



Modifies the command /etc/nu.  This mod has been integrated in the

baseline operating system for  Cray-1/XMP/YMP at version 5.1.8d and

Version 5.1.8 for Cray-2.  For more details, see Cray Field Alert #93.



3.      Cray mod e13159utsa, UNICOS version 4.0, 4.EA, 5.0



This patch was the subject of Cray Field Alert #72.  The patch modifies

the read/write and reada/writea system calls.  A copy of the mod may be

found on the crayamid system under

/u/mods/unicos_x/5.0/uts/e13159utsa.



4.      Limited buffer space in the kernel for some entries.  



This problem has been corrected with the following mods.  CIAC

recommends that you install any mods that apply to your system.



UNICOS 5.1:     XMP             d19646utsa

                Cray-2          d19647inca

                XMP, Cray-2     d19648tcpa

UNICOS 6.0      XMP             60uts07182a

                XMP             60uts07187a

                XMP, Cray-2     60uts07186a

                Cray-2          60uts07184a

UNICOS 6.1      XMP             61uts07182a

                XMP             61uts07187a

                XMP,Cray-2      61uts07186a

                Cray-2          61uts07184a



CIAC recommends that you install any mods (listed above) appropriate to

your UNICOS system.  In addition, you should upgrade your version of

UNICOS to the most recent available, since many improvements to the

security of your system have been integrated into the most recent base

operating system.



For additional information or assistance, please contact CIAC:   

 

        Tom Longstaff

        (415) 423-4416 or (FTS) 543-4416, or



        Eugene Schultz

        (415) 422-7781 or (FTS) 532-7781



        Call CIAC at (415) 422-8193 or (FTS) 532-8193 or send 

        e-mail to ciac@cheetah.llnl.gov



        Send FAX messages to:  (415) 423-0913 or (FTS) 543-0913



Karis Forster and Chuck Athey provided information contained in this

bulletin.  Neither the United States Government nor the University of

California nor any of their employees, makes any warranty, expressed

or implied, or assumes any legal liability or responsibility for the

accuracy, completeness, or usefulness of any information, product, or

process disclosed, or represents that its use would not infringe

privately owned rights.  Reference herein to any specific commercial

products, process, or service by trade name, trademark manufacturer,

or otherwise, does not necessarily constitute or imply its

endorsement, recommendation, or favoring by the United States

Government or the University of California.  The views and opinions of

authors expressed herein do not necessarily state or reflect those of

the United States Government nor the University of California, and

shall not be used for advertising or product endorsement purposes.