ArcInfo Workstation 9.0 Security Patch on UNIX
This Patch addresses possible security vulnerabilities in the ArcStorm and Geoprocessing Server features of ArcInfo Workstation 9.0 on UNIX.Description
- Issues Addressed with this Patch
- Files Installed in this Patch
- Installing this Patch
- How to identify which Patch is installed
- Patch Updates Updated Tar Files as of June 9, 2006
- Getting Help
ESRI® announces the ArcInfo Workstation 9.0 Security Patch on UNIX. This
Patch addresses possible security vulnerabilities in the ArcStorm and Geoprocessing
Server features of ArcInfo Workstation 9.0 on UNIX. It deals specifically with
the issues listed below under Issues Addressed with this Patch.
We recommend that all ArcInfo Workstation 9.0 on UNIX customers, who use ArcStorm or the Geoprocessing Server feature, download and install this Patch at their earliest convenience to ensure the highest quality experience when working with ArcInfo Workstation 9.0. ArcInfo users who do not use ArcStorm or the Geoprocessing Server do not need to apply this patch. For those users, however, we strongly recommend that the ownership of the files in $ARCHOME/bin be reviewed and any root-owned executables be switched back to the ownership of the normal ArcInfo install account. If ArcStorm and the Geoprocessing Server are not in use, there should be no root-owned executables in the $ARCHOME/bin directory.
CQ00291050 - Possible vulnerabilities found in ArcInfo Workstation binaries
when using ArcStorm or the Geoprocessing Server features.
- Under the ArcInfo Workstation 9.0 installation bin directory:
This Patch is intended for ArcInfo users who run ArcStorm or the Geoprocessing Server feature. The installation of those features require that selected ArcInfo executables be assigned root ownership. This Patch provides new versions of those root-owned files.
ArcInfo Workstation 9.0 must be installed before you can install this Patch. During installation, you can either save the original 9.0 files or overwrite them. If you choose to save them, make sure you have enough disk space. The disk space requirements, for each platform, are displayed during the installation process.
- Make sure you have write access to the ArcInfo Workstation installation location, and that no one is using ArcInfo.
- Download the appropriate tar file to a location other than ArcInfoWorkstation installation location:
- Extract the specified tar file by typing:
- Start the installation by typing:
- Under the $ARCHOME/bin directory, become ROOT and change the ownership and permissions of the following ArcStorm executables:
- (Optional - Perform this step only if you chose to back up the original
files when applying the patch.)
Under the $ARCHOME/bin directory, become ROOT and change the ownership and permissions of the following files:
|File Updated Tar Files as of June 9, 2006||Size|
% tar -xvf ai90-sec-patch-<Platform>.tar
This will start the dialog for the menu-driven installation procedure. Default selections are noted in parentheses ( ). To quit the installation procedure, type 'q' at any time.
#chown root abservice asbuild asmaster asrecovery asuser asutility
lockmgr se wservice
#chmod 6755 abservice asbuild asmaster asrecovery asuser asutility lockmgr se wservice
#chown <your_user_account_name> abservice.orig asbuild.orig asmaster.orig
asrecovery.orig asuser.orig asutility.orig lockmgr.orig se.orig wservice.orig
#chmod 444 abservice.orig asbuild.orig asmaster.orig asrecovery.orig asuser.orig asutility.orig lockmgr.orig se.orig wservice.orig
Any modified UNIX executables (or libraries) being sent out as part of a Patch will return the unique identification number for that fix when checked with the "what" command for UNIX and the "strings" command for Linux. For example, to display the identification string for this Patch, type:
%what se | grep QFE
Check the Online Support Center periodically for the availability of additional Patches. New information about this Patch will be posted here.
UPDATE 06/09/2006 - Updated Tar Files to address
two additional security vulnerabilities.
Domestic sites, please contact ESRI Technical Support at 909.793.3774, if you have any difficulty installing this Patch. International sites, please contact your local ESRI software distributor.