Note: This is an archival copy of Security Sun Alert 201197 as previously published on
Latest version of this security advisory is available from as Sun Alert 1000899.1.
Article ID : 1000899.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2004-01-21
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Basic Security Module (BSM) Functionality is Impaired on Solaris Systems Which Have Removed The SUNWscpu Package


Release Phase

Solaris 9 Operating System
Solaris 7 Operating System
Solaris 8 Operating System

Bug Id

Date of Resolved Release


Solaris systems with Basic Security Module (BSM) enabled which have been security hardened may have had the SUNWscpu package removed. If this is the case, the BSM audit_warn(1M) script will not e-mail any errors or warning messages generated by the audit daemon (auditd(1M)).

The SUNWCscp cluster provides source compatibility support for Solaris 1.0 (previously known as SunOS 4.X) and the SUNWscpu package contains the mail(1b) command which the BSM audit_warn(1M) relies on.

Contributing Factors

This issue can occur in the following releases:

SPARC Platform

  • Solaris 7
  • Solaris 8 without patch 116610-01
  • Solaris 9 without patch 116247-01

x86 Platform

  • Solaris 7
  • Solaris 8 without patch 116611-01
  • Solaris 9 without patch 116248-01

This issue only affects BSM enabled systems which do not have the SUNWscpu package installed.

To determine if a system has BSM enabled, the following line will appear in the "/etc/system" file:

    $ grep c2audit /etc/system
set c2audit:audit_load = 1

To determine if the SUNWscpu package is installed on a system, the pkginfo(1) command will display output similar to the following:

    $ pkginfo SUNWscpu
system  SUNWscpu  Source Compatibility, (Usr)


There are no reliable symptoms that would show the described issue has occurred on a system.


Sites which have removed the SUNWscpu package could edit the audit_warn(1M) script by hand to change all occurrences of mail(1b) to mailx(1).

For example, change all lines which reference /usr/ucb/mail:

    /usr/ucb/mail -s "$SUBJECT" audit_warn
/usr/bin/mailx -s "$SUBJECT" audit_warn


This issue is addressed in the following releases:

SPARC Platform

  • Solaris 8 with patch 116610-01 or later
  • Solaris 9 with patch 116247-01 or later

x86 Platform

  • Solaris 8 with patch 116611-01 or later
  • Solaris 9 with patch 116248-01 or later

Note: Sites using Solaris 7 will need to upgrade to Solaris 8 or Solaris 9 and apply the relevant patches.

Modification History



This solution has no attachment