[packages/sendmail.git] / sendmail-smrsh.patch

diff -Nur sendmail-8.9.3/smrsh/Makefile.m4 sendmail-8.9.3.pld/smrsh/Makefile.m4
--- sendmail-8.9.3/smrsh/Makefile.m4	Tue Dec 29 18:42:52 1998
+++ sendmail-8.9.3.pld/smrsh/Makefile.m4	Thu May 27 19:42:08 1999
@@ -31,8 +31,8 @@
 # libraries required on your system
 LIBS=	ifdef(`confLIBS', `confLIBS')
 
-# location of smrsh binary (usually /usr/libexec or /usr/etc)
-EBINDIR=${DESTDIR}ifdef(`confEBINDIR', `confEBINDIR', `/usr/libexec')
+# location of smrsh binary (usually /usr/sbin or /usr/etc)
+EBINDIR=${DESTDIR}ifdef(`confEBINDIR', `confEBINDIR', `/usr/sbin')
 
 # additional .o files needed
 OBJADD=	ifdef(`confOBJADD', `confOBJADD')
--- sendmail-8.7.5/smrsh/README.marc	Thu Aug  1 11:52:37 1996
+++ sendmail-8.7.5/smrsh/README	Thu Aug  1 11:54:51 1996
@@ -11,7 +11,7 @@
 intended as a supplement to the CERT advisory CA-93:16.sendmail.vulnerability,
 and to the software, smrsh.c, written by Eric Allman.
 
-
+* Modified by Red Hat Software to reflect different paths. *
 
 The smrsh(8) program is intended as a replacement for /bin/sh in the
 program mailer definition of sendmail(8).  This README file describes
@@ -41,12 +41,12 @@
 
 
 Choose a directory that smrsh will reside in.  We will use the traditional 
-/usr/local/etc directory for the remainder of this document.
+/usr/sbin directory for the remainder of this document.
 
-As root, install smrsh in /usr/local/etc directory, with mode 511.
+As root, install smrsh in /usr/sbin directory, with mode 511.
 
-host.domain# mv smrsh /usr/local/etc
-host.domain# chmod 511 /usr/local/etc/smrsh
+host.domain# mv smrsh /usr/sbin
+host.domain# chmod 511 /usr/sbin/smrsh
 
 
 
@@ -68,7 +68,7 @@
 acceptable commands.
 
 
-You will next need to create the directory /usr/adm/sm.bin and populate 
+You will next need to create the directory /etc/smrsh and populate 
 it with the programs that your site feels are allowable for sendmail
 to execute.   This directory is explicitly specified in the source
 code for smrsh, so changing this directory must be accompanied with
@@ -77,22 +77,22 @@
 
 You will have to be root to make these modifications.
 
-After creating the /usr/adm/sm.bin directory, either copy the programs
+After creating the /etc/smrsh directory, either copy the programs
 to the directory, or establish links to the allowable programs from
-/usr/adm/sm.bin.  Change the file permissions, so that these programs
+/etc/smrsh.  Change the file permissions, so that these programs
 can not be modified by non-root users.  If you use links, you should
 ensure that the target programs are not modifiable.
 
 To allow the popular vacation(1) program by creating a link in the 
-/usr/adm/sm.bin directory, you should:
+/etc/smrsh directory, you should:
 
-host.domain# cd /usr/adm/sm.bin
+host.domain# cd /etc/smrsh
 host.domain# ln -s /usr/ucb/vacation vacation
 
 
 
 
-After populating the /usr/adm/sm.bin directory, you can now configure
+After populating the /etc/smrsh directory, you can now configure
 sendmail to use the restricted shell.  Save the current sendmail.cf
 file prior to modifying it, as a prudent precaution.
 
@@ -107,7 +107,7 @@
 
 In order to configure sendmail to use smrsh, you must modify the Mprog 
 definition in the sendmail.cf file, by replacing the /bin/sh specification 
-with /usr/local/etc/smrsh.
+with /usr/sbin/smrsh.
 
 As an example:
 
@@ -115,14 +115,14 @@
 Mprog,	P=/bin/sh,   F=lsDFMeuP,  S=10, R=20, A=sh -c $u
 
 which should be changed to:
-Mprog,	P=/usr/local/etc/smrsh,   F=lsDFMeuP,  S=10, R=20, A=sh -c $u
-          ^^^^^^^^^^^^^^^^^^^^
+Mprog,	P=/usr/sbin/smrsh,   F=lsDFMeuP,  S=10, R=20, A=sh -c $u
+          ^^^^^^^^^^^^^^^
 
 A more generic line may be:
 Mprog,		P=/bin/sh, F=lsDFM, A=sh -c $u
 
 and should be changed to;
-Mprog,		P=/usr/local/etc/smrsh, F=lsDFM, A=sh -c $u
+Mprog,		P=/usr/sbin/smrsh, F=lsDFM, A=sh -c $u
 
 
 After modifying the Mprog definition in the sendmail.cf file, if a frozen 
@@ -133,12 +133,12 @@
 a search of the strings(1) output of the sendmail binary.
 
 In order to create a new frozen configuration, if it is required:
-host.domain# /usr/lib/sendmail -bz
+host.domain# /usr/sbin/sendmail -bz
 
 Now re-start the sendmail process.  An example of how to do this on 
 a typical system follows:
  
 host.domain# /usr/bin/ps aux | /usr/bin/grep sendmail
-root 130  0.0  0.0  168    0 ?  IW   Oct  2  0:10 /usr/lib/sendmail -bd -q
+root 130  0.0  0.0  168    0 ?  IW   Oct  2  0:10 /usr/sbin/sendmail -bd -q
 host.domain# /bin/kill -9 130
-host.domain# /usr/lib/sendmail -bd -q30m
+host.domain# /usr/sbin/sendmail -bd -q30m
--- sendmail-8.7.5/smrsh/smrsh.8.marc	Sun Nov 13 13:25:16 1994
+++ sendmail-8.7.5/smrsh/smrsh.8	Thu Aug  1 11:48:07 1996
@@ -59,7 +59,7 @@
 Briefly,
 .I smrsh
 limits programs to be in the directory
-/usr/adm/sm.bin,
+/etc/smrsh,
 allowing the system administrator to choose the set of acceptable commands.
 It also rejects any commands with the characters
 `\`', `<', `>', `|', `;', `&', `$', `(', `)', `\r' (carriage return),
@@ -73,10 +73,10 @@
 and
 ``vacation''
 all actually forward to
-``/usr/adm/sm.bin/vacation''.
+``/etc/smrsh/vacation''.
 .PP
 System administrators should be conservative about populating
-/usr/adm/sm.bin.
+/etc/smrsh
 Reasonable additions are
 .IR vacation (1),
 .IR procmail (1),
@@ -86,20 +86,12 @@
 (such as
 .IR perl (1))
 in the
-sm.bin
+/etc/smrsh
 directory.
 Note that this does not restrict the use of shell or perl scripts
-in the sm.bin directory (using the ``#!'' syntax);
+in the /etc/smrsh directory (using the ``#!'' syntax);
 it simply disallows execution of arbitrary programs.
-.SH COMPILATION
-Compilation should be trivial on most systems.
-You may need to use \-DPATH=\e"\fIpath\fP\e"
-to adjust the default search path
-(defaults to ``/bin:/usr/bin:/usr/ucb'')
-and/or \-DCMDBIN=\e"\fIdir\fP\e"
-to change the default program directory
-(defaults to ``/usr/adm/sm.bin'').
 .SH FILES
-/usr/adm/sm.bin \- directory for restricted programs
+/etc/smrsh \- directory for restricted programs
 .SH SEE ALSO
 sendmail(8)
--- sendmail-8.9.3/smrsh/smrsh.c~	Tue Dec 29 12:42:52 1998
+++ sendmail-8.9.3/smrsh/smrsh.c	Mon Apr  5 11:25:36 1999
@@ -58,7 +58,7 @@
 
 /* directory in which all commands must reside */
 #ifndef CMDDIR
-# define CMDDIR		"/usr/adm/sm.bin"
+# define CMDDIR		"/etc/smrsh"
 #endif
 
 /* characters disallowed in the shell "-c" argument */
@@ -66,7 +66,7 @@
 
 /* default search path */
 #ifndef PATH
-# define PATH		"/bin:/usr/bin:/usr/ucb"
+# define PATH		"/bin:/usr/bin"
 #endif
 
 int
Commit	Line	Data
c99e5551	1	diff -Nur sendmail-8.9.3/smrsh/Makefile.m4 sendmail-8.9.3.pld/smrsh/Makefile.m4
	2	--- sendmail-8.9.3/smrsh/Makefile.m4 Tue Dec 29 18:42:52 1998
	3	+++ sendmail-8.9.3.pld/smrsh/Makefile.m4 Thu May 27 19:42:08 1999
	4	@@ -31,8 +31,8 @@
	5	# libraries required on your system
	6	LIBS= ifdef(`confLIBS', `confLIBS')
	7
	8	-# location of smrsh binary (usually /usr/libexec or /usr/etc)
	9	-EBINDIR=${DESTDIR}ifdef(`confEBINDIR', `confEBINDIR', `/usr/libexec')
	10	+# location of smrsh binary (usually /usr/sbin or /usr/etc)
	11	+EBINDIR=${DESTDIR}ifdef(`confEBINDIR', `confEBINDIR', `/usr/sbin')
	12
	13	# additional .o files needed
	14	OBJADD= ifdef(`confOBJADD', `confOBJADD')
b3a5aac5	15	--- sendmail-8.7.5/smrsh/README.marc Thu Aug 1 11:52:37 1996
	16	+++ sendmail-8.7.5/smrsh/README Thu Aug 1 11:54:51 1996
	17	@@ -11,7 +11,7 @@
	18	intended as a supplement to the CERT advisory CA-93:16.sendmail.vulnerability,
	19	and to the software, smrsh.c, written by Eric Allman.
	20
	21	-
	22	+* Modified by Red Hat Software to reflect different paths. *
	23
	24	The smrsh(8) program is intended as a replacement for /bin/sh in the
	25	program mailer definition of sendmail(8). This README file describes
	26	@@ -41,12 +41,12 @@
	27
	28
	29	Choose a directory that smrsh will reside in. We will use the traditional
	30	-/usr/local/etc directory for the remainder of this document.
	31	+/usr/sbin directory for the remainder of this document.
	32
	33	-As root, install smrsh in /usr/local/etc directory, with mode 511.
	34	+As root, install smrsh in /usr/sbin directory, with mode 511.
	35
	36	-host.domain# mv smrsh /usr/local/etc
	37	-host.domain# chmod 511 /usr/local/etc/smrsh
	38	+host.domain# mv smrsh /usr/sbin
	39	+host.domain# chmod 511 /usr/sbin/smrsh
	40
	41
	42
	43	@@ -68,7 +68,7 @@
	44	acceptable commands.
	45
	46
	47	-You will next need to create the directory /usr/adm/sm.bin and populate
	48	+You will next need to create the directory /etc/smrsh and populate
	49	it with the programs that your site feels are allowable for sendmail
	50	to execute. This directory is explicitly specified in the source
	51	code for smrsh, so changing this directory must be accompanied with
	52	@@ -77,22 +77,22 @@
	53
	54	You will have to be root to make these modifications.
	55
	56	-After creating the /usr/adm/sm.bin directory, either copy the programs
	57	+After creating the /etc/smrsh directory, either copy the programs
	58	to the directory, or establish links to the allowable programs from
	59	-/usr/adm/sm.bin. Change the file permissions, so that these programs
	60	+/etc/smrsh. Change the file permissions, so that these programs
	61	can not be modified by non-root users. If you use links, you should
	62	ensure that the target programs are not modifiable.
	63
	64	To allow the popular vacation(1) program by creating a link in the
	65	-/usr/adm/sm.bin directory, you should:
	66	+/etc/smrsh directory, you should:
	67
	68	-host.domain# cd /usr/adm/sm.bin
	69	+host.domain# cd /etc/smrsh
	70	host.domain# ln -s /usr/ucb/vacation vacation
	71
	72
	73
	74
	75	-After populating the /usr/adm/sm.bin directory, you can now configure
	76	+After populating the /etc/smrsh directory, you can now configure
	77	sendmail to use the restricted shell. Save the current sendmail.cf
	78	file prior to modifying it, as a prudent precaution.
79
80	@@ -107,7 +107,7 @@
81
82	In order to configure sendmail to use smrsh, you must modify the Mprog
83	definition in the sendmail.cf file, by replacing the /bin/sh specification
84	-with /usr/local/etc/smrsh.
85	+with /usr/sbin/smrsh.
86
87	As an example:
88
89	@@ -115,14 +115,14 @@
90	Mprog, P=/bin/sh, F=lsDFMeuP, S=10, R=20, A=sh -c $u
91
92	which should be changed to:
93	-Mprog, P=/usr/local/etc/smrsh, F=lsDFMeuP, S=10, R=20, A=sh -c $u
94	- ^^^^^^^^^^^^^^^^^^^^
95	+Mprog, P=/usr/sbin/smrsh, F=lsDFMeuP, S=10, R=20, A=sh -c $u
96	+ ^^^^^^^^^^^^^^^
97
98	A more generic line may be:
99	Mprog, P=/bin/sh, F=lsDFM, A=sh -c $u
100
101	and should be changed to;
102	-Mprog, P=/usr/local/etc/smrsh, F=lsDFM, A=sh -c $u
103	+Mprog, P=/usr/sbin/smrsh, F=lsDFM, A=sh -c $u
104
105
106	After modifying the Mprog definition in the sendmail.cf file, if a frozen
107	@@ -133,12 +133,12 @@
108	a search of the strings(1) output of the sendmail binary.
109
110	In order to create a new frozen configuration, if it is required:
111	-host.domain# /usr/lib/sendmail -bz
112	+host.domain# /usr/sbin/sendmail -bz
113
114	Now re-start the sendmail process. An example of how to do this on
115	a typical system follows:
116
117	host.domain# /usr/bin/ps aux \| /usr/bin/grep sendmail
118	-root 130 0.0 0.0 168 0 ? IW Oct 2 0:10 /usr/lib/sendmail -bd -q
119	+root 130 0.0 0.0 168 0 ? IW Oct 2 0:10 /usr/sbin/sendmail -bd -q
120	host.domain# /bin/kill -9 130
121	-host.domain# /usr/lib/sendmail -bd -q30m
122	+host.domain# /usr/sbin/sendmail -bd -q30m
123	--- sendmail-8.7.5/smrsh/smrsh.8.marc Sun Nov 13 13:25:16 1994
124	+++ sendmail-8.7.5/smrsh/smrsh.8 Thu Aug 1 11:48:07 1996
125	@@ -59,7 +59,7 @@
126	Briefly,
127	.I smrsh
128	limits programs to be in the directory
129	-/usr/adm/sm.bin,
130	+/etc/smrsh,
131	allowing the system administrator to choose the set of acceptable commands.
132	It also rejects any commands with the characters
133	`\`', `<', `>', `\|', `;', `&', `$', `(', `)', `\r' (carriage return),
134	@@ -73,10 +73,10 @@
135	and
136	``vacation''
137	all actually forward to
138	-``/usr/adm/sm.bin/vacation''.
139	+``/etc/smrsh/vacation''.
140	.PP
141	System administrators should be conservative about populating
142	-/usr/adm/sm.bin.
143	+/etc/smrsh
144	Reasonable additions are
145	.IR vacation (1),
146	.IR procmail (1),
147	@@ -86,20 +86,12 @@
148	(such as
149	.IR perl (1))
150	in the
151	-sm.bin
152	+/etc/smrsh
153	directory.
154	Note that this does not restrict the use of shell or perl scripts
155	-in the sm.bin directory (using the ``#!'' syntax);
156	+in the /etc/smrsh directory (using the ``#!'' syntax);
157	it simply disallows execution of arbitrary programs.
158	-.SH COMPILATION
159	-Compilation should be trivial on most systems.
160	-You may need to use \-DPATH=\e"\fIpath\fP\e"
161	-to adjust the default search path
162	-(defaults to ``/bin:/usr/bin:/usr/ucb'')
163	-and/or \-DCMDBIN=\e"\fIdir\fP\e"
164	-to change the default program directory
165	-(defaults to ``/usr/adm/sm.bin'').
166	.SH FILES
167	-/usr/adm/sm.bin \- directory for restricted programs
168	+/etc/smrsh \- directory for restricted programs
169	.SH SEE ALSO
170	sendmail(8)
171	--- sendmail-8.9.3/smrsh/smrsh.c~ Tue Dec 29 12:42:52 1998
172	+++ sendmail-8.9.3/smrsh/smrsh.c Mon Apr 5 11:25:36 1999
173	@@ -58,7 +58,7 @@
174
175	/* directory in which all commands must reside */
176	#ifndef CMDDIR
177	-# define CMDDIR "/usr/adm/sm.bin"
178	+# define CMDDIR "/etc/smrsh"
179	#endif
180
181	/* characters disallowed in the shell "-c" argument */
182	@@ -66,7 +66,7 @@
183
184	/* default search path */
185	#ifndef PATH
186	-# define PATH "/bin:/usr/bin:/usr/ucb"
187	+# define PATH "/bin:/usr/bin"
188	#endif
189
190	int