-diff -Nru sendmail-8.11.3/smrsh/README sendmail-8.11.3.new/smrsh/README
---- sendmail-8.11.3/smrsh/README Thu Mar 1 07:19:27 2001
-+++ sendmail-8.11.3.new/smrsh/README Thu Mar 1 07:17:50 2001
+--- ./smrsh/README.org Wed Jan 24 01:05:58 2001
++++ ./smrsh/README Tue Jun 4 14:25:06 2002
@@ -6,7 +6,7 @@
intended as a supplement to the CERT advisory CA-93:16.sendmail.vulnerability,
and to the software, smrsh.c, written by Eric Allman.
@@ -76,7 +76,7 @@
acceptable commands.
- If your platform doesn't have a default CMDDIR setting, you will
+ If your platform doesn't have a default SMRSH_CMDDIR setting, you will
-next need to create the directory /usr/adm/sm.bin and populate
+next need to create the directory /etc/smrsh and populate
it with the programs that your site feels are allowable for sendmail
which should be changed to:
-Mprog, P=/usr/libexec/smrsh, F=lsDFMeuP, S=10, R=20, A=sh -c $u
-- ^^^^^^^^^^^^^^^^^^
+Mprog, P=/usr/sbin/smrsh, F=lsDFMeuP, S=10, R=20, A=sh -c $u
-+ ^^^^^^^^^^^^^^^
+ ^^^^^^^^^^^^^^^^^^
A more generic line may be:
Mprog, P=/bin/sh, F=lsDFM, A=sh -c $u
Now re-start the sendmail process. An example of how to do this on
a typical system follows:
-diff -Nru sendmail-8.11.3/smrsh/smrsh.8 sendmail-8.11.3.new/smrsh/smrsh.8
---- sendmail-8.11.3/smrsh/smrsh.8 Thu Mar 1 07:19:27 2001
-+++ sendmail-8.11.3.new/smrsh/smrsh.8 Thu Mar 1 07:17:50 2001
+--- ./smrsh/smrsh.8.org Thu Apr 25 15:33:40 2002
++++ ./smrsh/smrsh.8 Tue Jun 4 14:27:48 2002
@@ -39,7 +39,7 @@
.I smrsh
limits programs to be in a single directory,
.PP
System administrators should be conservative about populating
-the sm.bin directory.
-+the /etc/smrsh directory.
++the /etc/smrsh/ directory.
Reasonable additions are
.IR vacation (1),
.IR procmail (1),
.IR perl (1))
in the
-sm.bin
-+/etc/smrsh
++/etc/smrsh/
directory.
Note that this does not restrict the use of shell or perl scripts
in the sm.bin directory (using the ``#!'' syntax);
it simply disallows execution of arbitrary programs.
-.SH COMPILATION
-Compilation should be trivial on most systems.
--You may need to use \-DPATH=\e"\fIpath\fP\e"
+-You may need to use \-DSMRSH_PATH=\e"\fIpath\fP\e"
-to adjust the default search path
-(defaults to ``/bin:/usr/bin:/usr/ucb'')
--and/or \-DCMDBIN=\e"\fIdir\fP\e"
+-and/or \-DSMRSH_CMDDIR=\e"\fIdir\fP\e"
-to change the default program directory
-(defaults to ``/usr/adm/sm.bin'').
.SH FILES
-/usr/adm/sm.bin \- directory for restricted programs
-+/etc/smrsh \- directory for restricted programs
++/etc/smrsh/ \- directory for restricted programs
.SH SEE ALSO
sendmail(8)
-diff -Nru sendmail-8.11.3/smrsh/smrsh.c sendmail-8.11.3.new/smrsh/smrsh.c
---- sendmail-8.11.3/smrsh/smrsh.c Thu Mar 1 07:19:27 2001
-+++ sendmail-8.11.3.new/smrsh/smrsh.c Thu Mar 1 07:20:44 2001
-@@ -77,7 +77,7 @@
- # if defined(HPUX10) || defined(HPUX11) || SOLARIS >= 20800
- # define CMDDIR "/var/adm/sm.bin"
- # else /* HPUX10 || HPUX11 || SOLARIS >= 20800 */
+--- ./smrsh/smrsh.c.org Sat May 25 04:41:31 2002
++++ ./smrsh/smrsh.c Tue Jun 4 14:29:28 2002
+@@ -75,7 +75,7 @@
+ # ifdef SMRSH_CMDDIR
+ # define CMDDIR SMRSH_CMDDIR
+ # else /* SMRSH_CMDDIR */
-# define CMDDIR "/usr/adm/sm.bin"
-+# define CMDDIR "/usr/smrsh"
- # endif /* HPUX10 || HPUX11 || SOLARIS >= 20800 */
++# define CMDDIR "/etc/smrsh"
+ # endif /* SMRSH_CMDDIR */
#endif /* ! CMDDIR */
-@@ -86,7 +86,7 @@
-
- /* default search path */
- #ifndef PATH
--# define PATH "/bin:/usr/bin:/usr/ucb"
-+# define PATH "/bin:/usr/bin"
+@@ -87,7 +87,7 @@
+ # ifdef SMRSH_PATH
+ # define PATH SMRSH_PATH
+ # else /* SMRSH_PATH */
+-# define PATH "/bin:/usr/bin:/usr/ucb"
++# define PATH "/bin:/usr/bin"
+ # endif /* SMRSH_PATH */
#endif /* ! PATH */
- #ifndef __P