By Gerry Haskins on Nov 16, 2009
Here's some interesting tricks-of-the-trade and security related resources which I saw in a couple of email threads last week, which you may find useful:
What patches patch a specific object ?
We'll soon be enhancing the PatchFinder tool further to enable you to search for patches which patch a specified object. So, if you're experiencing a problem with an object, you'll be able to see what patches exist for that object and look at the Bug fix synopses to see if any look like the issue you are experiencing.
But what patches on an installed system patch a specific object ?
The question which sparked the thread was: "What's the easiest way to determine what patch a binary (e.g. mpt(7D) driver) is tied to on a system?"
Option 1: What patches installed on the system patch a specific object (e.g. /kernel/drv/mpt) ?
# cd /var/sadm/patch
# for x in `ls -rt` ; do grep "\^/kernel/drv/mpt \*$" $x/README.$x > /dev/null && echo $x; done
Option 2: What patches installed on the system patch a specific object (e.g. /kernel/drv/sparcv9/mpt) ? (This output is from a different system at a different patch level to the previous example.)
# /usr/ccs/bin/mcs -p /kernel/drv/sparcv9/mpt
@(#)SunOS 5.10 Generic 143128-01 Nov 2009
Option 3: What patches installed on the system patch a specific object (e.g. /usr/bin/ls) ? (See Sun Blueprint on the SunSolve fingerprint DB: http://www.sun.com/blueprints/0306/816-1148.pdf )
# digest -a md5 /usr/bin/ls
and from http://sunsolve.sun.com/fileFingerprints.do
Results of Last Search
6f20408d15ddfce2261436a27e33c0bd - - 1 match(es)
\* canonical-path: /usr/bin/ls
\* package: SUNWcsu
\* version: 11.10.0,REV=2005.01.21.15.53
\* architecture: sparc
\* source: Solaris 10/SPARC
\* patch: 138377-01
Here are some excellent resources from Sun Distinguished Engineer, Glenn Brunette:
Everything you ever wanted to know about Solaris security...
The Solaris Package Companion is a small Korn shell script that allows you to ask quite a number of interesting questions about the relationships between Solaris metaclusters, clusters and packages as well as their respective dependencies. Useful for system hardening, etc.: http://hub.opensolaris.org/bin/view/Project+svr4_packaging/package_companion
A Sun Blueprint on the SunSolve fingerprint DB: http://www.sun.com/blueprints/0306/816-1148.pdf