A potential security vulnerability has been discovered, where under
certain circumstances, system integrity may be compromised. This may
be in the form of improper file access.  Compaq has corrected this
potential vulnerability.

In addition the following changes were made: 
        - shell inline input files are more secure
        - sh noclobber and new constructs added
        - updated mkdir system call  
        - added two new sysconfig tunable attributes to control 
          dumping cores 


Updated sh, csh and ksh 
-----------------------  
   The updated shells in this kit all implement the following changes 
   when processing shell inline input files:
        - File permissions allow only read and write for owner

        - If excessive inline input file name collisions occur the 
          the following error message will be returned:
            "Unable to create temporary file" 


sh noclobber option and >| , >>| constructs added 
-------------------------------------------------
  A noclobber option similar to that already available with csh and ksh 
  has been added to the Bourne shell. 

  When the noclobber option is used (set -C), the shell behavior for the 
  redirection operators > and >> changes as follows: 

        - For > with noclobber set,  sh will return an error rather than 
          overwrite an existing file. If the specified filename is 
          actually a symlink, the presence of the symlink satisfies the 
          criteria "file exists" whether or not the symlink target exists, 
          and sh returns an error. The >| construct will suppress these 
          checks and create the file.

        - For >> with noclobber set, output is appended to the tail of 
          an existing file. If the file does not exist, or the filename
          is actually a symlink whose target does not exist, sh returns 
          an error rather than create the file. The >>| construct will
          suppress these checks and create the file. 

ksh noclobber behavior clarified 
--------------------------------
  For > with noclobber set,  ksh returns an error rather than overwrite 
  an existing file. If the filename is actually a symlink, the presence 
  of the symlink satisfies the criteria "file exists" whether or not the 
  symlink target exists, and ksh returns an error. The >| construct will 
  suppress these checks and create the file. 

  For >> with noclobber set, output is appended to the tail of an existing 
  file. If the filename is actually a symlink to a non-existent file, ksh 
  returns an error. 

csh noclobber behavior clarified
--------------------------------
For > with noclobber set,  csh returns an error rather than overwrite an
existing file. If the filename is actually a symlink, the presence of
the symlink satisfies the criteria "file exists" whether or not the
symlink target exists, and csh returns an error. The >! construct will
suppress these checks and create the file.

For >> with noclobber set, output is appended to the tail of an existing
file. If the filename is actually a symlink to a non-existant file, csh
returns an error. The >>! construct will suppress these checks and
create the file.

Updated mkdir system call and command
-------------------------------------
  This kit reverts the mkdir system call, and thus the mkdir command, to 
  its Tru64 UNIX V4.n behavior with respect to symlinks. For the unusual 
  case where a symlink is used as the very last elment of a mkdir path,
  the mkdir syscall nows returns an error than create the target. 

  If, for some reason, you want mkdir to follow the symlink you can
  do so by making the last character of the mkdir pathname a slash. 
  The following example depicts how to get mkdir to follow the symlink:

        - If /var/tmp/foo is a symlink to /usr/xxx, which does not exist, 
          then mkdir("/var/tmp/foo",0644) will return an error but 
          mkdir("var/tmp/foo/",0644) will create /usr/xxx. 

  Mkdir behavior can also be controlled systemwide by an addition to 
  the sysconfig options for the vfs subsystem. The new sysconfig option  
  "follow_mkdir_symlinks" defaults to 0, specifying the secure symlink 
  behavior. Changing this option to 1, which Compaq strongly discourages, 
  will cause mkdir to follow symlinks.

New sysconfig tunable attributes to control dumping cores 
---------------------------------------------------------
  Two new sysconfig tunable attributes have been added:

        - to control dumping cores from setuid/setgid processes.  
          The default is set to disable such dumps (dump_setugid_cores = 0)

        - to control dumping any core.  
          The default is to allow dumps other than those from setuid/setgid 
          processes (dump_cores = 1).

  The determination of setuid/setgid is now based on both the file's 
  mode bits and the process' id set.  





