# additional .o files needed
OBJADD= ifdef(`confOBJADD', `confOBJADD')
+--- sendmail-8.7.5/smrsh/README.marc Thu Aug 1 11:52:37 1996
++++ sendmail-8.7.5/smrsh/README Thu Aug 1 11:54:51 1996
+@@ -11,7 +11,7 @@
+ intended as a supplement to the CERT advisory CA-93:16.sendmail.vulnerability,
+ and to the software, smrsh.c, written by Eric Allman.
+
+-
++* Modified by Red Hat Software to reflect different paths. *
+
+ The smrsh(8) program is intended as a replacement for /bin/sh in the
+ program mailer definition of sendmail(8). This README file describes
+@@ -41,12 +41,12 @@
+
+
+ Choose a directory that smrsh will reside in. We will use the traditional
+-/usr/local/etc directory for the remainder of this document.
++/usr/sbin directory for the remainder of this document.
+
+-As root, install smrsh in /usr/local/etc directory, with mode 511.
++As root, install smrsh in /usr/sbin directory, with mode 511.
+
+-host.domain# mv smrsh /usr/local/etc
+-host.domain# chmod 511 /usr/local/etc/smrsh
++host.domain# mv smrsh /usr/sbin
++host.domain# chmod 511 /usr/sbin/smrsh
+
+
+
+@@ -68,7 +68,7 @@
+ acceptable commands.
+
+
+-You will next need to create the directory /usr/adm/sm.bin and populate
++You will next need to create the directory /etc/smrsh and populate
+ it with the programs that your site feels are allowable for sendmail
+ to execute. This directory is explicitly specified in the source
+ code for smrsh, so changing this directory must be accompanied with
+@@ -77,22 +77,22 @@
+
+ You will have to be root to make these modifications.
+
+-After creating the /usr/adm/sm.bin directory, either copy the programs
++After creating the /etc/smrsh directory, either copy the programs
+ to the directory, or establish links to the allowable programs from
+-/usr/adm/sm.bin. Change the file permissions, so that these programs
++/etc/smrsh. Change the file permissions, so that these programs
+ can not be modified by non-root users. If you use links, you should
+ ensure that the target programs are not modifiable.
+
+ To allow the popular vacation(1) program by creating a link in the
+-/usr/adm/sm.bin directory, you should:
++/etc/smrsh directory, you should:
+
+-host.domain# cd /usr/adm/sm.bin
++host.domain# cd /etc/smrsh
+ host.domain# ln -s /usr/ucb/vacation vacation
+
+
+
+
+-After populating the /usr/adm/sm.bin directory, you can now configure
++After populating the /etc/smrsh directory, you can now configure
+ sendmail to use the restricted shell. Save the current sendmail.cf
+ file prior to modifying it, as a prudent precaution.
+
+@@ -107,7 +107,7 @@
+
+ In order to configure sendmail to use smrsh, you must modify the Mprog
+ definition in the sendmail.cf file, by replacing the /bin/sh specification
+-with /usr/local/etc/smrsh.
++with /usr/sbin/smrsh.
+
+ As an example:
+
+@@ -115,14 +115,14 @@
+ Mprog, P=/bin/sh, F=lsDFMeuP, S=10, R=20, A=sh -c $u
+
+ which should be changed to:
+-Mprog, P=/usr/local/etc/smrsh, F=lsDFMeuP, S=10, R=20, A=sh -c $u
+- ^^^^^^^^^^^^^^^^^^^^
++Mprog, P=/usr/sbin/smrsh, F=lsDFMeuP, S=10, R=20, A=sh -c $u
++ ^^^^^^^^^^^^^^^
+
+ A more generic line may be:
+ Mprog, P=/bin/sh, F=lsDFM, A=sh -c $u
+
+ and should be changed to;
+-Mprog, P=/usr/local/etc/smrsh, F=lsDFM, A=sh -c $u
++Mprog, P=/usr/sbin/smrsh, F=lsDFM, A=sh -c $u
+
+
+ After modifying the Mprog definition in the sendmail.cf file, if a frozen
+@@ -133,12 +133,12 @@
+ a search of the strings(1) output of the sendmail binary.
+
+ In order to create a new frozen configuration, if it is required:
+-host.domain# /usr/lib/sendmail -bz
++host.domain# /usr/sbin/sendmail -bz
+
+ Now re-start the sendmail process. An example of how to do this on
+ a typical system follows:
+
+ host.domain# /usr/bin/ps aux | /usr/bin/grep sendmail
+-root 130 0.0 0.0 168 0 ? IW Oct 2 0:10 /usr/lib/sendmail -bd -q
++root 130 0.0 0.0 168 0 ? IW Oct 2 0:10 /usr/sbin/sendmail -bd -q
+ host.domain# /bin/kill -9 130
+-host.domain# /usr/lib/sendmail -bd -q30m
++host.domain# /usr/sbin/sendmail -bd -q30m
+--- sendmail-8.7.5/smrsh/smrsh.8.marc Sun Nov 13 13:25:16 1994
++++ sendmail-8.7.5/smrsh/smrsh.8 Thu Aug 1 11:48:07 1996
+@@ -59,7 +59,7 @@
+ Briefly,
+ .I smrsh
+ limits programs to be in the directory
+-/usr/adm/sm.bin,
++/etc/smrsh,
+ allowing the system administrator to choose the set of acceptable commands.
+ It also rejects any commands with the characters
+ `\`', `<', `>', `|', `;', `&', `$', `(', `)', `\r' (carriage return),
+@@ -73,10 +73,10 @@
+ and
+ ``vacation''
+ all actually forward to
+-``/usr/adm/sm.bin/vacation''.
++``/etc/smrsh/vacation''.
+ .PP
+ System administrators should be conservative about populating
+-/usr/adm/sm.bin.
++/etc/smrsh
+ Reasonable additions are
+ .IR vacation (1),
+ .IR procmail (1),
+@@ -86,20 +86,12 @@
+ (such as
+ .IR perl (1))
+ in the
+-sm.bin
++/etc/smrsh
+ directory.
+ Note that this does not restrict the use of shell or perl scripts
+-in the sm.bin directory (using the ``#!'' syntax);
++in the /etc/smrsh directory (using the ``#!'' syntax);
+ it simply disallows execution of arbitrary programs.
+-.SH COMPILATION
+-Compilation should be trivial on most systems.
+-You may need to use \-DPATH=\e"\fIpath\fP\e"
+-to adjust the default search path
+-(defaults to ``/bin:/usr/bin:/usr/ucb'')
+-and/or \-DCMDBIN=\e"\fIdir\fP\e"
+-to change the default program directory
+-(defaults to ``/usr/adm/sm.bin'').
+ .SH FILES
+-/usr/adm/sm.bin \- directory for restricted programs
++/etc/smrsh \- directory for restricted programs
+ .SH SEE ALSO
+ sendmail(8)
+--- sendmail-8.9.3/smrsh/smrsh.c~ Tue Dec 29 12:42:52 1998
++++ sendmail-8.9.3/smrsh/smrsh.c Mon Apr 5 11:25:36 1999
+@@ -58,7 +58,7 @@
+
+ /* directory in which all commands must reside */
+ #ifndef CMDDIR
+-# define CMDDIR "/usr/adm/sm.bin"
++# define CMDDIR "/etc/smrsh"
+ #endif
+
+ /* characters disallowed in the shell "-c" argument */
+@@ -66,7 +66,7 @@
+
+ /* default search path */
+ #ifndef PATH
+-# define PATH "/bin:/usr/bin:/usr/ucb"
++# define PATH "/bin:/usr/bin"
+ #endif
+
+ int
projects / packages / sendmail.git / blobdiff