                        Patch for Tru64 UNIX V5.0 

=======================================================================

/usr/dt/bin/ttsession
CHECKSUM:  35329    366 

/usr/dt/bin/ttauth
CHECKSUM:  51053     48 

/usr/dt/lib/libtt.so
CHECKSUM:  20485   1343 

/usr/dt/lib/libtt.a
CHECKSUM:  45691   1475  

/usr/dt/man/man1/ttauth.1.gz
CHECKSUM:  13488      1 
----------------------

Problem Description:

A potential security vulnerability has been discovered in Tooltalk whereby an 
unauthorized user may gain access to your system.  A new authentication 
mechanism has been added to "ttsession" which corrects this problem.  
All CDE vendors have agreed to incorporate these changes into Tooltalk thereby 
retaining interoperability.

This new mechanism will use a key, contained in a new file called ".TTsession" 
which resides in the user's home directory, to authenticate Tooltalk messages.  
Users do not need to do anything to activate this mechanism since it will used 
by default.  Users wishing to send Tooltalk messages to a "ttsession" process 
that is owned by a different user will need to add that other user's key to 
their ".TTauthority" file via a new command called "ttauth".  Both users will 
need to have this patch installed, however.

The following files are included with this patch:

ttsession   - This application has been modified to accept the new "-a cookie"
              option which enables the AUTH_MIT_MAGIC_COOKIE authentication.
              This option is now the default.
           
libtt.a     - This is the static version of the Tooltalk library which has been 
              modified to handle the new security mechanism.
              
libtt.so    - This is the shared version of the Tooltalk library which has been 
              modified to handle the new security mechanism.
            
ttauth      - A new program for manipulating the keys stored in the 
              ".TTauthority" file.  
            
ttauth.1.gz - Man page for the new ttauth command.


Installation Instructions:

Log in as root.

# /sbin/init.d/xlogin stop

# cd /usr/dt/man/man1
# cp /patches/ttauth.1.gz .
# chmod 644 ttauth.1.gz
# chown root:system ttauth.1.gz

# cd /usr/dt/bin
# mv ttsession ttsession.orig
# cp /patches/ttsession .
# chmod 555 ttsession
# chown bin:bin ttsession

# cp /patches/ttauth .
# chmod 755 ttauth
# chown bin:bin ttauth

# cd /usr/dt/lib
# mv libtt.so libtt.so.orig
# cp /patches/libtt.so .
# chmod 555 libtt.so
# chown bin:bin libtt.so
# mv libtt.a libtt.a.orig
# cp /patches/libtt.a .
# chmod 555 libtt.a
# chown bin:bin libtt.a

# /sbin/init.d/xlogin start
