Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 304490 Details for
Bug 445133
Sendmail 8.14.3 is released
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
sendmail-8.14.3-smrsh_paths.patch
sendmail-8.14.3-smrsh_paths.patch (text/plain), 5.93 KB, created by
Robert Scheck
on 2008-05-04 12:00:22 UTC
(
hide
)
Description:
sendmail-8.14.3-smrsh_paths.patch
Filename:
MIME Type:
Creator:
Robert Scheck
Created:
2008-05-04 12:00:22 UTC
Size:
5.93 KB
patch
obsolete
>--- sendmail-8.14.3/smrsh/README 2008-02-12 17:40:06.000000000 +0100 >+++ sendmail-8.14.3/smrsh/README.smrsh_paths 2008-05-04 13:33:53.000000000 +0200 >@@ -6,7 +6,7 @@ > intended as a supplement to the CERT advisory CA-93:16.sendmail.vulnerability, > and to the software, smrsh.c, written by Eric Allman. > >- >+* Modified by Red Hat, Inc., to reflect different paths. * > > The smrsh(8) program is intended as a replacement for /bin/sh in the > program mailer definition of sendmail(8). This README file describes >@@ -56,15 +56,15 @@ > global M4 macro confENVDEF or the smrsh specific M4 macro > conf_smrsh_ENVDEF. > >-As root, install smrsh in /usr/libexec. Using the Build script: >+As root, install smrsh in /usr/sbin. Using the Build script: > > host.domain# sh ./Build install > >-For manual installation: install smrsh in the /usr/libexec >+For manual installation: install smrsh in the /usr/sbin > directory, with mode 511. > >- host.domain# mv smrsh /usr/libexec >- host.domain# chmod 511 /usr/libexec/smrsh >+ host.domain# mv smrsh /usr/sbin >+ host.domain# chmod 511 /usr/sbin/smrsh > > > >@@ -86,7 +86,7 @@ > acceptable commands. > > If your platform doesn't have a default SMRSH_CMDDIR setting, you will >-next need to create the directory /usr/adm/sm.bin and populate >+next need to create the directory /etc/smrsh and populate > it with the programs that your site feels are allowable for sendmail > to execute. This directory is explicitly specified in the source > code for smrsh, so changing this directory must be accompanied with >@@ -95,22 +95,22 @@ > > You will have to be root to make these modifications. > >-After creating the /usr/adm/sm.bin directory, either copy the programs >+After creating the /etc/smrsh directory, either copy the programs > to the directory, or establish links to the allowable programs from >-/usr/adm/sm.bin. Change the file permissions, so that these programs >+/etc/smrsh. Change the file permissions, so that these programs > can not be modified by non-root users. If you use links, you should > ensure that the target programs are not modifiable. > > To allow the popular vacation(1) program by creating a link in the >-/usr/adm/sm.bin directory, you should: >+/etc/smrsh directory, you should: > >- host.domain# cd /usr/adm/sm.bin >+ host.domain# cd /etc/smrsh > host.domain# ln -s /usr/ucb/vacation vacation > > > > >-After populating the /usr/adm/sm.bin directory, you can now configure >+After populating the /etc/smrsh directory, you can now configure > sendmail to use the restricted shell. Save the current sendmail.cf > file prior to modifying it, as a prudent precaution. > >@@ -125,7 +125,7 @@ > > In order to configure sendmail to use smrsh, you must modify the Mprog > definition in the sendmail.cf file, by replacing the /bin/sh specification >-with /usr/libexec/smrsh. >+with /usr/sbin/smrsh. > > As an example: > >@@ -133,14 +133,14 @@ > Mprog, P=/bin/sh, F=lsDFMeuP, S=10, R=20, A=sh -c $u > > which should be changed to: >-Mprog, P=/usr/libexec/smrsh, F=lsDFMeuP, S=10, R=20, A=sh -c $u >- ^^^^^^^^^^^^^^^^^^ >+Mprog, P=/usr/sbin/smrsh, F=lsDFMeuP, S=10, R=20, A=sh -c $u >+ ^^^^^^^^^^^^^^^^ > > A more generic line may be: > Mprog, P=/bin/sh, F=lsDFM, A=sh -c $u > > and should be changed to; >-Mprog, P=/usr/libexec/smrsh, F=lsDFM, A=sh -c $u >+Mprog, P=/usr/sbin/smrsh, F=lsDFM, A=sh -c $u > > > After modifying the Mprog definition in the sendmail.cf file, if a frozen >@@ -151,7 +151,7 @@ > a search of the strings(1) output of the sendmail binary. > > In order to create a new frozen configuration, if it is required: >- host.domain# /usr/lib/sendmail -bz >+ host.domain# /usr/sbin/sendmail -bz > > Now re-start the sendmail process. An example of how to do this on > a typical system follows: >--- sendmail-8.14.3/smrsh/smrsh.c 2004-08-06 20:54:22.000000000 +0200 >+++ sendmail-8.14.3/smrsh/smrsh.c.smrsh_paths 2008-05-04 13:34:27.000000000 +0200 >@@ -77,7 +77,7 @@ > # ifdef SMRSH_CMDDIR > # define CMDDIR SMRSH_CMDDIR > # else /* SMRSH_CMDDIR */ >-# define CMDDIR "/usr/adm/sm.bin" >+# define CMDDIR "/etc/smrsh" > # endif /* SMRSH_CMDDIR */ > #endif /* ! CMDDIR */ > >@@ -89,7 +89,7 @@ > # ifdef SMRSH_PATH > # define PATH SMRSH_PATH > # else /* SMRSH_PATH */ >-# define PATH "/bin:/usr/bin:/usr/ucb" >+# define PATH "/bin:/usr/bin" > # endif /* SMRSH_PATH */ > #endif /* ! PATH */ > >--- sendmail-8.14.3/smrsh/smrsh.8 2004-08-06 05:55:35.000000000 +0200 >+++ sendmail-8.14.3/smrsh/smrsh.8.smrsh_paths 2008-05-04 13:54:21.000000000 +0200 >@@ -39,7 +39,7 @@ > .I smrsh > limits programs to be in a single directory, > by default >-/usr/adm/sm.bin, >+/etc/smrsh, > allowing the system administrator to choose the set of acceptable commands, > and to the shell builtin commands ``exec'', ``exit'', and ``echo''. > It also rejects any commands with the characters >@@ -56,10 +56,10 @@ > and > ``vacation'' > all actually forward to >-``/usr/adm/sm.bin/vacation''. >+``/etc/smrsh/vacation''. > .PP > System administrators should be conservative about populating >-the sm.bin directory. >+the /etc/smrsh directory. > For example, a reasonable additions is > .IR vacation (1), > and the like. >@@ -68,7 +68,7 @@ > (such as > .IR perl (1)) > in the >-sm.bin >+/etc/smrsh > directory. > Note that this does not restrict the use of shell or perl scripts > in the sm.bin directory (using the ``#!'' syntax); >@@ -79,20 +79,7 @@ > .IR procmail (1) > allows users to run arbitrary programs in their > .IR procmailrc (5). >-.SH COMPILATION >-Compilation should be trivial on most systems. >-You may need to use \-DSMRSH_PATH=\e"\fIpath\fP\e" >-to adjust the default search path >-(defaults to ``/bin:/usr/bin:/usr/ucb'') >-and/or \-DSMRSH_CMDDIR=\e"\fIdir\fP\e" >-to change the default program directory >-(defaults to ``/usr/adm/sm.bin''). > .SH FILES >-/usr/adm/sm.bin \- default directory for restricted programs on most OSs >-.PP >-/var/adm/sm.bin \- directory for restricted programs on HP UX and Solaris >-.PP >-/usr/libexec/sm.bin \- directory for restricted programs on FreeBSD (>= 3.3) and DragonFly BSD >- >+/etc/smrsh \- directory for restricted programs > .SH SEE ALSO > sendmail(8)
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=304490">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 445133
: 304490