Import sfw build 137
Bugs Fixed
----------
6926835 Wireshark cannot open files typed into the location bar
6930214 CVE-2010-0624: Heap-based buffer overflow in GNU Tar
6933424 Various sfw manual pages need to be adjusted to use the new OpenSolaris package names.
6937764 upgrade OpenSSL to 0.9.8n (and fix CVE-2010-0740)
*** man/man8/tcsd.8.in.old Thu Dec 18 07:09:04 2008
--- man/man8/tcsd.8.in Thu Dec 18 07:37:35 2008
***************
*** 74,85 ****
the TCS and stays valid across application lifetimes, \fBtcsd\fR restarts and
system resets. Data registered in system PS stays valid until an application
requests that it be removed. User PS files are by default stored as
! /var/tpm/user.{pid} and the system PS file by default is /var/tpm/system.data.
The system PS file is initially created when ownership of the TPM is first
taken.
.SH "CONFIGURATION"
! \fBtcsd\fR configuration is stored by default in /etc/tcsd.conf
.SH "DEBUG OUTPUT"
If TrouSerS has been compiled with debugging enabled, the debugging output
--- 74,105 ----
the TCS and stays valid across application lifetimes, \fBtcsd\fR restarts and
system resets. Data registered in system PS stays valid until an application
requests that it be removed. User PS files are by default stored as
! $HOME/.trousers/user.data and the system PS file by default is /var/tpm/system/system.data.
The system PS file is initially created when ownership of the TPM is first
taken.
+ .PP
+ \fB/var/tpm/system/system.data\fR
+ .ad
+ .RS 4n
+ Contains the system PS (persistent storage) data controlled by the TCS. By default,
+ the SRK key is installed in PS and does not require owner authorization to use. If the
+ TPM has previously been provisioned and owner-auth is required to load the SRK,
+ then the /var/tpm/system/system.data.auth file should be moved to
+ /var/tpm/system/system.data before starting the TCS (See NOTES).
+ .RE
+ .sp
+ .PP
+ \fB/var/tpm/system/system.data.auth\fR
+ .ad
+ .RS 4n
+ This is the default PS data file to use if the TPM has been previously
+ configured to require owner-auth to access the SRK. Copy this file
+ to /var/tpm/system/system.data prior to starting the TCS if owner-auth is
+ needed, otherwise this file can be ignored.
+ .RE
.SH "CONFIGURATION"
! \fBtcsd\fR configuration is stored by default in /etc/security/tcsd.conf
.SH "DEBUG OUTPUT"
If TrouSerS has been compiled with debugging enabled, the debugging output
***************
*** 88,95 ****
.SH "DEVICE DRIVERS"
.PP
\fBtcsd\fR is compatible with the IBM Research TPM device driver available
! from http://www.research.ibm.com/gsal/tcpa and the TPM device driver available
! from http://sf.net/projects/tmpdd
.SH "CONFORMING TO"
.PP
--- 108,116 ----
.SH "DEVICE DRIVERS"
.PP
\fBtcsd\fR is compatible with the IBM Research TPM device driver available
! from http://www.research.ibm.com/gsal/tcpa and the TPM device driver for
! Linux available from http://sf.net/projects/tmpdd. It is also compatible
! with the TPM device driver for Solaris which is available in the driver/crypto/tpm package.
.SH "CONFORMING TO"
.PP
***************
*** 98,105 ****
.SH "SEE ALSO"
.PP
! \fBtcsd.conf\fR(5)
.SH "AUTHOR"
Kent Yoder
--- 119,142 ----
.SH "SEE ALSO"
.PP
! \fBtcsd.conf\fR(5), \fBsvcadm\fR(1M), \fBsmf\fR(5)
+ .SH "NOTES"
+ .sp
+ .LP
+ The \fBtcsd\fR service is managed by the service management facility, \fBsmf\fR(5), under
+ the service identifier:
+ .sp
+ .in +2
+ .nf
+ svc:/application/security/tcsd:default
+ .fi
+ .in -2
+ .sp
+ .LP
+ Administrative actions on this service, such as enabling, disabling, or requesting restart, can be
+ performed using \fBsvcadm\fR(1M). The service's status can be queried using the \fBsvcs\fR(1) command.
+
.SH "AUTHOR"
Kent Yoder