[c-nsp] Beware of priv level bug in sup720 SXH and SXI code that clears the boot string variable

[Charles Spurgeon]

FYI. We found a bug in SXH and SXI code on the sup720 which clears the
bootvar, blanking the "BOOT variable" string. This only occurs if you
are using CLI command privilege levels other than the default levels.

For example, we created a set of priv level 2 commands in the router
config which we call a "command sandbox" for departmental techs on our
campus. This gives them access to many VLAN commands but not to
routing commands.

If you are using anything other than privilege level 15 for CLI config
commands then beware that running the command "copy running-config
startup-config" at privilege level 2, for example, will clear the
"BOOT variable" string in the bootvars, leaving it blank for the next
reload.

We tested SXH3a, SXH4 and SXI with the same results. Here's the recipe
for testing:

1. Type "show bootvar" prior to making any change to see what it looks like
2. become enabled and check your enable priv level (should be 15):
   "sh privilege"
3. in config mode, add a priv level 2 command of the form:
"privilege exec level 2 copy running-config startup-config"
4. from enable level 15 change your priv level to 2 and check it:
   "enable 2"
   "show privilege"
5. run the command "copy running-config startup-config" from priv level 2
6. Type "show bootvar" and note that the bootvar has been cleared.
7. To restore the bootvar type "write memory"

Needless to say, we have eliminated the "copy running-config
startup-config" command from our priv level 2 command sandbox.

-Charles

Charles E. Spurgeon / UTnet
UT Austin ITS / Networking
c.spurgeon at its.utexas.edu / 512.475.9265