From: <Saved by Microsoft Internet Explorer 5>
Subject: Solaris 2.6 Setuid/Setgid files
Date: Wed, 14 Nov 2001 08:36:53 +0100
MIME-Version: 1.0
Content-Type: multipart/related;
	boundary="----=_NextPart_000_0026_01C16CE7.832379F0";
	type="text/html"
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200

This is a multi-part message in MIME format.

------=_NextPart_000_0026_01C16CE7.832379F0
Content-Type: text/html;
	charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
Content-Location: http://ist.uwaterloo.ca/security/howto/2000-08-22.html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<!-- $Id: Solaris6_setuid.html,v 1.6 2000/11/08 16:55:29 reggers Exp $ =
--><HTML><HEAD><TITLE>Solaris 2.6 Setuid/Setgid files</TITLE>
<META content=3D"text/html; charset=3Dwindows-1252" =
http-equiv=3DContent-Type>
<META content=3D"Solaris security setuid setgid" name=3Dkeywords><LINK=20
href=3D"mailto:reggers@ist.uwaterloo.ca" rev=3Dmade>
<META content=3D"MSHTML 5.00.3315.2870" name=3DGENERATOR></HEAD>
<BODY =
background=3Dhttp://ist.uwaterloo.ca/security/howto/images/back.jpg>
<HR>

<TABLE width=3D"100%">
  <TBODY>
  <TR>
    <TD align=3Dleft>
      <H3>Security Review: Solaris 2.6 Setuid/Setgid Files =
<BR>Information=20
      Systems and Technology <BR>University of =
Waterloo</H3><EM>09-Nov-2000</EM>=20
      </EM></TD>
    <TD align=3Dright><A href=3D"http://ist.uwaterloo.ca/"><IMG =
alt=3D[IST] border=3D0=20
      height=3D75 src=3D"http://ist.uwaterloo.ca/ISTlogo.gif" =
width=3D75></A>=20
  </TD></TR></TBODY></TABLE>
<HR>

<H3>Synopsis</H3>
<BLOCKQUOTE>This paper is a brief update to the review we did on <A=20
  =
href=3D"http://ist.uwaterloo.ca/security/howto/Solaris7_setuid.html">Sola=
ris 7=20
  Setuid/Setgid Files</A> (29-Jun-1999). Solaris 2.6 (also known as =
SunOS 5.6)=20
  is very similar to Solaris 7 (also known as SunOS 5.7) with a few =
minor=20
  exceptions. We'll skip any discussion of the files which are common to =
the two=20
  systems (you should read the Solaris 7 paper) and describe only the=20
  differences. Our previous recommendations still stand for the =
setuid/setgid=20
  files common to Solaris 7 and 2.6.=20
  <BLOCKQUOTE><B>Caution:</B> the list of setuid/setgid files we found =
on our=20
    system may not correspond to what you find on your system -- it's =
only a=20
    point in time sample on one machine. The recommendations we've made =
are=20
    suitable for <EM>medium grade security</EM> requirements. It is =
possible to=20
    lock a system down very tightly -- see for example <A=20
    =
href=3D"http://www.theorygroup.com/Archive/YASSP/2000/msg00548.html">Warr=
en=20
    Belfer</A> (11-Aug-2000). </BLOCKQUOTE>
  <P>A <A=20
  =
href=3D"http://ist.uwaterloo.ca/security/howto/Solaris6_setuid.sh">Bourne=
 Shell=20
  script</A> to implement the recommendations made here is available =
(suitable=20
  for systems at UW and perhaps elsewhere) -- it can be edited to =
implement your=20
  choices. </P></BLOCKQUOTE>
<HR align=3Dcenter width=3D"90%">

<H3>Baseline</H3>
<BLOCKQUOTE>The Solaris 2.6 system we reviewed and the list of =
setuid/setgid=20
  files we found where as follows:=20
  <BLOCKQUOTE><PRE>Script started on Tue Aug 22 10:22:09 2000
[10:22am sun560] <B>uname -a</B>
SunOS sun560 5.6 Generic_105181-20 sun4m sparc SUNW,SPARCstation-10
[10:22am sun560] <B>awk '/ f none [246]/ {print}' =
/var/sadm/install/contents</B>
/etc/lp/alerts/printer f none 4555 lp lp 203 15969 867879441 SUNWlpmsg
/usr/bin/admintool f none 4511 root sys 343672 46136 948421095 SUNWadmap
/usr/bin/at f none 4755 root sys 34212 13410 960594051 SUNWcsu
/usr/bin/atq f none 4755 root sys 13048 43613 960594051 SUNWcsu
/usr/bin/atrm f none 4755 root sys 11840 20713 960594052 SUNWcsu
/usr/bin/cancel f none 4511 root lp 9576 3046 957812225 SUNWpcu
/usr/bin/chkey f none 4555 root sys 22016 12602 896925637 SUNWnisu
/usr/bin/crontab f none 4555 root bin 16016 33392 960594052 SUNWcsu
/usr/bin/eject f none 4555 root bin 13144 35474 869027299 SUNWcsu
/usr/bin/fdformat f none 4555 root bin 28148 6997 869026819 SUNWcsu
/usr/bin/ipcs f none 2555 bin sys 10436 32251 869026908 SUNWipc
/usr/bin/login f none 4555 root bin 29512 15168 903661878 SUNWcsu
/usr/bin/lp f none 4511 root lp 21912 16041 957812222 SUNWpcu
/usr/bin/lpset f none 4511 root lp 6536 20644 957812216 SUNWpcu
/usr/bin/lpstat f none 4511 root lp 20996 43238 957812223 SUNWpcu
/usr/bin/mail f none 2511 bin mail 64440 31754 955053891 SUNWcsu
/usr/bin/mailx f none 2511 bin mail 127540 33301 869027405 SUNWcsu
/usr/bin/netstat f none 2555 bin sys 52272 7929 869027497 SUNWcsu
/usr/bin/newgrp f none 4755 root sys 10616 32219 869026960 SUNWcsu
/usr/bin/passwd f none 6555 root sys 96416 51811 935464586 SUNWcsu
/usr/bin/ps f none 4555 root sys 26372 37864 869027017 SUNWcsu
/usr/bin/rcp f none 4555 root bin 20292 37990 869027482 SUNWcsu
/usr/bin/rdist f none 4555 root bin 54516 46936 903571854 SUNWcsu
/usr/bin/rlogin f none 4555 root bin 15808 4264 869027483 SUNWcsu
/usr/bin/rsh f none 4555 root bin 8772 34264 869027483 SUNWcsu
/usr/bin/su f none 4555 root sys 18348 32323 869027128 SUNWcsu
/usr/bin/tip f none 4711 uucp bin 54100 18922 952385345 SUNWcsu
/usr/bin/uptime f none 4555 root bin 11848 43276 869027176 SUNWcsu
/usr/bin/volcheck f none 4555 root bin 5840 39171 869027300 SUNWvolu
/usr/bin/volrmmount f none 4555 root bin 10608 9479 875332547 SUNWvolu
/usr/bin/write f none 2555 bin tty 10880 11081 869027185 SUNWcsu
/usr/dt/bin/dtaction f none 6555 root sys 22516 7009 934240978 SUNWdtbas
/usr/dt/bin/dtappgather f none 4555 root bin 33120 26624 928954786 =
SUNWdtdte
/usr/dt/bin/dtmail f none 2555 bin mail 1461084 62654 944856777 =
SUNWdtdst
/usr/dt/bin/dtmailpr f none 2555 bin mail 528284 3656 944856783 =
SUNWdtdst
/usr/dt/bin/dtprintinfo f none 4555 root bin 335744 52065 926720229 =
SUNWdtdst
/usr/dt/bin/dtsession f none 4555 root bin 138220 52305 946924481 =
SUNWdtwm
/usr/dt/bin/sdtcm_convert f none 6555 root daemon 297572 56287 931323125 =
SUNWdtdmn
/usr/lib/exrecover f none 4555 root bin 22392 20532 869027539 SUNWcsu
/usr/lib/fs/ufs/quota f none 4555 root bin 13260 32893 869027384 SUNWcsu
/usr/lib/fs/ufs/ufsdump f none 6555 root tty 167628 40196 956339799 =
SUNWcsu
/usr/lib/fs/ufs/ufsrestore f none 4555 root bin 776080 32363 956339671 =
SUNWcsu
/usr/lib/lp/bin/netpr f none 4511 root bin 19128 19872 957810972 SUNWpsu
/usr/lib/pt_chmod f none 4111 root bin 3996 64038 869027019 SUNWcsu
/usr/lib/sendmail f none 4555 root bin 346984 38715 927154304 SUNWcsu
/usr/lib/utmp_update f none 4555 root bin 8088 53965 869027168 SUNWcsu
/usr/openwin/bin/Xsun f none 2755 root root 943048 39856 960805754 =
SUNWxwplt
/usr/openwin/bin/ff.core f none 6555 root bin 19168 34476 890249935 =
SUNWoldst
/usr/openwin/bin/kcms_calibrate f none 6755 root bin 89992 39594 =
918156400 SUNWkcspg
/usr/openwin/bin/kcms_configure f none 6755 root bin 22424 20596 =
918156400 SUNWkcsrt
/usr/openwin/bin/mailtool f none 2555 root mail 641776 26618 944781476 =
SUNWoldst
/usr/openwin/bin/sys-suspend f none 4775 root bin 39860 21203 867283168 =
SUNWpmowu
/usr/openwin/bin/xlock f none 4755 root bin 65896 18057 959162293 =
SUNWxwplt
/usr/openwin/lib/mkcookie f none 4755 root bin 22952 33280 868328527 =
SUNWxwplt
/usr/platform/sun4m/sbin/eeprom f none 2555 bin sys 11156 38155 =
869026882 SUNWkvm
/usr/sbin/allocate f none 4755 root bin 16904 4783 960287288 SUNWcsu
/usr/sbin/arp f none 2555 root bin 7940 53209 869027228 SUNWcsu
/usr/sbin/dmesg f none 2555 bin sys 6260 2065 869026812 SUNWesu
/usr/sbin/fusage f none 2555 bin sys 7168 1191 869026850 SUNWcsu
/usr/sbin/lpmove f none 4511 root lp 6424 59368 957812227 SUNWpcu
/usr/sbin/mkdevalloc f none 4755 root bin 9256 10752 869027328 SUNWcsu
/usr/sbin/mkdevmaps f none 4755 root bin 9512 20263 869027327 SUNWcsu
/usr/sbin/ping f none 4555 root bin 19452 24036 896744791 SUNWcsu
/usr/sbin/pmconfig f none 4555 root bin 10928 4281 869027091 SUNWpmu
/usr/sbin/prtconf f none 2555 root sys 18508 38784 869027054 SUNWcsu
/usr/sbin/sacadm f none 4755 root sys 22084 33979 869027145 SUNWcsu
/usr/sbin/swap f none 2555 bin sys 8236 33865 869027132 SUNWcsu
/usr/sbin/sysdef f none 2555 root sys 23992 17697 869027150 SUNWcsu
/usr/sbin/wall f none 2555 bin tty 9496 11440 869027176 SUNWcsu
/usr/sbin/whodo f none 4555 root bin 12140 15762 869027182 SUNWcsu
/usr/ucb/ps f none 4755 root sys 21536 12263 869028282 SUNWscpu
[10:22am sun560] <B>exit</B>
script done on Tue Aug 22 10:23:03 2000
</PRE></BLOCKQUOTE>The system we reviewed has some 71 programs to =
consider.=20
  Fortunately most match those we found in Solaris 7 (where we had 84 =
programs=20
  to consider). Of those that we didn't find there were a large number =
that=20
  matched packages not installed on Solaris 2.6 -- in particular the 2.6 =
system=20
  we reviewed did not have the UUCP packages nor the accounting =
packages. I've=20
  nevertheless tried to deal with those files in my script. =
</BLOCKQUOTE>
<HR align=3Dcenter width=3D"90%">

<H3>Setuid/Setgid files in Solaris 2.6 not in Solaris 7</H3>
<BLOCKQUOTE>There are several setuid/setgid programs we find in Solaris =
2.6=20
  that do not match files of the same name in Solaris 7:=20
  <BLOCKQUOTE><PRE>/usr/bin/ipcs
/usr/bin/ps
/usr/bin/uptime
/usr/lib/exrecover
/usr/sbin/dmesg
/usr/sbin/fusage
/usr/sbin/prtconf
/usr/sbin/swap
/usr/sbin/sysdef
/usr/sbin/whodo
/usr/ucb/ps
</PRE></BLOCKQUOTE>All of these, save for three, are adequately =
discussed in=20
  the Solaris 7 paper. In Solaris 7 there's a distinction between =
different ISA=20
  (Instruction Set Archictecture) versions. Solaris 7 has different =
kernels for=20
  the Sparc 32-bit and Ultra-Sparc 64-bit architectures and that's =
reflected in=20
  the programs that peek and prod at the kernel. For example, on Solaris =
7 the=20
  <B>ipcs</B> setuid program is found as <B>/usr/bin/sparcv7/ipcs</B> =
(or=20
  <B>sparcv9</B> on the Ultra-Sparc). Most of the above are capture by =
that=20
  subtle distinction between the two Solaris releases. </BLOCKQUOTE>
<HR align=3Dcenter width=3D"90%">

<H3>Recommendations</H3>
<BLOCKQUOTE>These recommendations are restricted to just those =
setuid/setgid=20
  files we find in Solaris 2.6 which we do not find in Solaris 7:=20
  <P>
  <OL>
    <LI><TT><B>/usr/lib/exrecover f none 4555 root bin 22392 20532 =
869027539=20
    SUNWcsu </B></TT>
    <P>This setuid <B>root</B> tool is part of the <EM>"Core Solaris,=20
    (Usr)"</EM> (SUWcsu) package but comes with no manual page. The same =
program=20
    exists in Solaris 7 but it's no longer setuid. The program is there =
to=20
    assist in the recovery of ex (and vi) edits that are abandoned =
should your=20
    line drop -- it has a very long history dating back to the very old =
days.=20
    These days this is seldom if ever required and there have been =
security=20
    exploits!=20
    <P><B>Recommendation:</B> Drop the setuid.=20
    <P></P>
    <LI><TT><B>/usr/sbin/dmesg f none 2555 bin sys 6260 2065 869026812 =
SUNWesu=20
    </B></TT>
    <P>Another setuid <B>root</B> tool. This is part of the =
<EM>"Extended System=20
    Utilities"</EM> (SUNWesu) package. At this writing <B>dmesg</B> is =
<EM>not=20
    installed</EM> setuid(root) on Solaris7 although it was at one time. =
See the=20
    Solaris 7 paper for more details.=20
    <P><B>Recommendation:</B> Drop the setuid.=20
    <P></P>
    <LI><TT><B>/usr/sbin/fusage f none 2555 bin sys 7168 1191 869026850 =
SUNWcsu=20
    </B></TT>
    <P>This setuid <B>root</B> tool is part of the <EM>"Core Solaris,=20
    (Usr)"</EM> (SUWcsu) package. The program is not provided at all =
with=20
    Solaris 7 (or at least it's not on the Solaris 7 system I reviewed). =
I can=20
    find no manual page for this tool but when you run it you get a =
"FILE USAGE=20
    REPORT". This looks like a system management tool that shouldn't be =
made=20
    available to the casual users.=20
    <P><B>Recommendation:</B> Drop the setuid. If you need to use this =
you=20
    should <B>su</B> first. </P></LI></OL>Solaris 2.6 isn't much =
different from=20
  Solaris 7 (as we would expect). The differences noted above present, =
in my=20
  opinion, an unwarranted risk. You can reduce your risk by using the <A =

  =
href=3D"http://ist.uwaterloo.ca/security/howto/Solaris6_setuid.sh">Bourne=
 Shell=20
  script</A> that implements the recommendations made here and in the =
companion=20
  paper on Solaris 7. </BLOCKQUOTE>
<HR align=3Dcenter width=3D"90%">

<H3>See Also</H3>
<BLOCKQUOTE>Some further reading for the brave or curious:=20
  <UL>
    <LI><A href=3D"http://yassp.parc.xerox.com/">YASSP: Yet Another =
Solaris=20
    Security Package</A> Jean Chounard=20
    <LI><A =
href=3D"http://www.science.uva.nl/pub/solaris/solaris2/">Solaris 2=20
    FAQ</A> Casper Dik=20
    <LI><A href=3D"http://sunsolve.sun.com/">SUNSOLVE ONLINE</A> =
(vendor's site)=20
    <LI><A href=3D"http://docs.sun.com/">Sun Product Documentation</A> =
(vendor's=20
    site)=20
    <LI><A=20
    =
href=3D"http://www.sunworld.com/sunworldonline/common/security-faq.html">=
The=20
    Solaris Security FAQ</A> (sunworld -- Peter Baer Galvin) =
</LI></UL></BLOCKQUOTE>
<HR>

<DIV align=3Dright><SMALL><I>2000/08/22 - 2000/11/09; <A=20
href=3D"mailto:reggers@ist.uwaterloo.ca">Reg Quinton</A></I></SMALL>=20
</DIV></BODY></HTML>

------=_NextPart_000_0026_01C16CE7.832379F0
Content-Type: image/gif
Content-Transfer-Encoding: base64
Content-Location: http://ist.uwaterloo.ca/ISTlogo.gif

R0lGODlhYABfALMAAP///wAAAJ2dnYAGHPDm6F1dXSwsLNK3vKJJWkZGRv7+/saQmrNreIKCgpIq
PeHM0CH5BAEAAAAALAAAAABgAF8AAAT+EMhJq7046827/2AojmRpnmiqrmzrvuZxbAoB3yAzT8ww
MJPHAOHY4Y4SI2AxUCQHB6ZzCR0ikUKGDXCASoSL3rQHcAAzhMP2SmIOtorfhFnkaQcLjcMhZ48I
CE0TCGcbBGsXe10Pfh0EOhMEPkonj10OD4iNFwd7A4wSCwdTKZKieJsbCAt7DqQuXT6gCpSpAAoO
C4SaLWmgAEK/jWu4XpsMDo+8OIF5Eq9sTg5EdVcKrM22EmY+DNDMA8nI32wPZsJHgEXhBOTat3vL
KQqBMgju2g9drDfF6O8UOmHDh4LAAoLvEARyoaAQQA7XaqFghfDhhUcM/oWQhMrih2v+PpyZIMDH
oUcNgfZU9HBA40kLZm693KQPxQMG3jIcaMCTp4cHDwQIHSpgCwGiSJMOlXgCFx8EGQQEmBrAgKEC
BqhqnbpD6tavXwtguKlFhBBaDqJuzaCgAditOw68nRtArIU4Q6BuDBcTg9epVi8oSECXatfCYO1W
MCVFxIFV+P5WxVAAMdcklrcqrpAr3EoRAgyINpDgguTCcUUnUJ1V62rSohtgeLTA5QVR8kQQaE21
AFMNbqkGhkHkUwq5WmWPCA4YRycfuU4wn/rZwvThH/SJ3BDl8W8JAlav3iyhcu8S10HgDQdLK/by
WsmDSA9ClLncJCS/B2B+qvwP9H3+cAAyxqygn3Xu4QeceyHQYdwGQoTEwYEVnNZAdRQECMIDCnHQ
BU7fgcfgYl8ZUFQIGjriQx8aCKTGhCNW0N9WBhRwIgcpdoBbBz1MAqNwF/E2l4345OgCUAoCQKEF
u2XWwDJGarMkk9PRZQAvUWpwyAtTXhQeYldWkGUG65g0G5IexmjITqu9pdwEXXJAEgNEbMDHitv5
peYHRwlJXYZ7yllSWijhtEBtPzZHwmBbCQAokCHgVBMLcYJAgGaPKupRpSDMWNoEY27CKYBqhtrI
qB5MaaofqHag4ao2VdQqB55mOlkID2D4WJ6cbJUkW1u9CQCsc5hR3T4IKRBsCTP+BqDErIv15cEh
tlFAWHzV3nWAnwG8QuwzW76A3FfKKcAabOi6KWagDzXr3zOZJbgupC8xiikAl8Z72byaspGkAs3a
pWy8Bmi06iMotERIBwdcW5cE+SKWgADurLqPCXixku0EtAiwgwJKIZUrhEjJqU+BIxSxh5kzwbTi
gyMUg0nLNGgn7QgMHEQzWxTgEmJ29+xMwS5BqBCLzjs35AMCvwoYThZCd/EIOytcQ09HNEuyBxMb
R4r1zo/lnEwvOxiURyYPDbgGMk2TEMgPN6eCDB9tV4JHLHWrAAcUwfg7Dd1yuyJBOGz7MXUt7Rxx
Mb5EN0LLBcgskLfXk18x9Q94lWNACyhaC91D4aV44sxjmePQOQtMAFCn0KEUiI1tq0MchRVUsMLy
TBR98UNjSzROhC42aN2DDdeYUbotHwZiw4c4SfB5R9OYwnoH9CjifBNrDwBAH2KsMv20I+M7RB9S
9PUA0t//IUMkB6Gd/vvwxy///PTXz0EEADs=

------=_NextPart_000_0026_01C16CE7.832379F0
Content-Type: image/jpeg
Content-Transfer-Encoding: base64
Content-Location: http://ist.uwaterloo.ca/security/howto/images/back.jpg

/9j/4AAQSkZJRgABAgEASABIAAD/7QG4UGhvdG9zaG9wIDMuMAA4QklNA+kAAAAAAHgAAwAAAEgA
SAAAAAAC2gIo/+H/4gL5AkYDRwUoA/wAAgAAAEgASAAAAAAC2gIoAAEAAABkAAAAAQABAQEAAAAB
Jw8AAQABAAAAAAAAAAAAAAAAAAIAGQGQAAAAAABAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAA4
QklNA+0AAAAAABAASAAAAAEAAQBIAAAAAQABOEJJTQPzAAAAAAAIAAAAAAAAAAA4QklNJxAAAAAA
AAoAAQAAAAAAAAACOEJJTQP1AAAAAABIAC9mZgABAGxmZgAGAAAAAAABAC9mZgABAKGZmgAGAAAA
AAABADIAAAABAFoAAAAGAAAAAAABADUAAAABAC0AAAAGAAAAAAABOEJJTQP4AAAAAABwAAD/////
////////////////////////A+gAAAAA/////////////////////////////wPoAAAAAP//////
//////////////////////8D6AAAAAD/////////////////////////////A+gAADhCSU0EBgAA
AAAAAgAC/+4ADkFkb2JlAGSAAAAAAf/bAIQADAgICAkIDAkJDBELCgsRFQ8MDA8VGBMTFRMTGBEM
DAwMDAwRDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAENCwsNDg0QDg4QFA4ODhQUDg4ODhQR
DAwMDAwREQwMDAwMDBEMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwM/8AAEQgAYABgAwEiAAIR
AQMRAf/EAT8AAAEFAQEBAQEBAAAAAAAAAAMAAQIEBQYHCAkKCwEAAQUBAQEBAQEAAAAAAAAAAQAC
AwQFBgcICQoLEAABBAEDAgQCBQcGCAUDDDMBAAIRAwQhEjEFQVFhEyJxgTIGFJGhsUIjJBVSwWIz
NHKC0UMHJZJT8OHxY3M1FqKygyZEk1RkRcKjdDYX0lXiZfKzhMPTdePzRieUpIW0lcTU5PSltcXV
5fVWZnaGlqa2xtbm9jdHV2d3h5ent8fX5/cRAAICAQIEBAMEBQYHBwYFNQEAAhEDITESBEFRYXEi
EwUygZEUobFCI8FS0fAzJGLhcoKSQ1MVY3M08SUGFqKygwcmNcLSRJNUoxdkRVU2dGXi8rOEw9N1
4/NGlKSFtJXE1OT0pbXF1eX1VmZ2hpamtsbW5vYnN0dXZ3eHl6e3x//dAAQABv/aAAwDAQACEQMR
AD8A9GHtHKbcToFKQmn5BFSwlS8p1TaKQLQElLFgTe3hJz5UNZSUkcdICZo8U0kJCSkpnP7o+aGT
rqiF2kKOwclJSzXaqTgCowJTgT3SU//Q9FAcE+3u5Rc4ypAyNSipQMmAE5b4mEwIHCkAOTqUlMDH
ASACRBJ0TQQUlMnN00TNHjwn3GIT699ElK3DwTF274JbR3PyShJSgB2GiRmNE4BPJ0UiQElP/9H0
QCU5GibcVMERqipgCZRI8SogDnukZnQJKZEho05UdeSmg904geZSUrhNukqYb4qLi1qSlvhqniOT
qnDhGiiG6yUlMtY0US091MEnRo+ag+Qkp//S9GO3gJASkPIJ4J0CKlSBwmk/BLYZklOGg8lJSwPh
qnBhMSQYCcDTXRJSxeeygZKmSANAo6JKUAQlOvKm0AhRLDKSmQPYapbZ1KW6BCYvJ0SU/wD/0/Rw
AdJUpa1QGvCRb4mEVLPdPCZpSjXRSASUtu8FJuupUHAgqTYiSUlLu93CiWQFOWhR55OiSlhITgHu
lpymJKSlyG90vhoEhPhqlEauPySU/wD/1PRwY0ak4QOZKZvkJKltJ5RUj1TsKk4gaBRhJS5IJ4SM
p5ACaZSUrb4n5JAeSbvpqpapKXAJ1KTiAmc48BQM90lLh5lORPKiG90jokp//9k=

------=_NextPart_000_0026_01C16CE7.832379F0--