--- /dev/null
+--- sendmail-8.10.0/smrsh/README.smrsh Tue Apr 27 22:26:10 1999
++++ sendmail-8.10.0/smrsh/README Thu Mar 9 13:21:10 2000
+@@ -6,7 +6,7 @@
+ intended as a supplement to the CERT advisory CA-93:16.sendmail.vulnerability,
+ and to the software, smrsh.c, written by Eric Allman.
+
+-
++* Modified by Red Hat Software to reflect different paths. *
+
+ The smrsh(8) program is intended as a replacement for /bin/sh in the
+ program mailer definition of sendmail(8). This README file describes
+@@ -46,15 +46,15 @@
+
+
+
+-As root, install smrsh in /usr/libexec. Using the Build script:
++As root, install smrsh in /usr/sbin. Using the Build script:
+
+ host.domain# sh Build install
+
+-For manual installation: install smrsh in the /usr/libexec
++For manual installation: install smrsh in the /usr/sbin
+ directory, with mode 511.
+
+- host.domain# mv smrsh /usr/libexec
+- host.domain# chmod 511 /usr/libexec/smrsh
++ host.domain# mv smrsh /usr/sbin
++ host.domain# chmod 511 /usr/sbin/smrsh
+
+
+
+@@ -76,7 +76,7 @@
+ acceptable commands.
+
+
+-You will next need to create the directory /usr/adm/sm.bin and populate
++You will next need to create the directory /etc/smrsh and populate
+ it with the programs that your site feels are allowable for sendmail
+ to execute. This directory is explicitly specified in the source
+ code for smrsh, so changing this directory must be accompanied with
+@@ -85,22 +85,22 @@
+
+ You will have to be root to make these modifications.
+
+-After creating the /usr/adm/sm.bin directory, either copy the programs
++After creating the /etc/smrsh directory, either copy the programs
+ to the directory, or establish links to the allowable programs from
+-/usr/adm/sm.bin. Change the file permissions, so that these programs
++/etc/smrsh. Change the file permissions, so that these programs
+ can not be modified by non-root users. If you use links, you should
+ ensure that the target programs are not modifiable.
+
+ To allow the popular vacation(1) program by creating a link in the
+-/usr/adm/sm.bin directory, you should:
++/etc/smrsh directory, you should:
+
+- host.domain# cd /usr/adm/sm.bin
++ host.domain# cd /etc/smrsh
+ host.domain# ln -s /usr/ucb/vacation vacation
+
+
+
+
+-After populating the /usr/adm/sm.bin directory, you can now configure
++After populating the /etc/smrsh directory, you can now configure
+ sendmail to use the restricted shell. Save the current sendmail.cf
+ file prior to modifying it, as a prudent precaution.
+
+@@ -115,7 +115,7 @@
+
+ In order to configure sendmail to use smrsh, you must modify the Mprog
+ definition in the sendmail.cf file, by replacing the /bin/sh specification
+-with /usr/libexec/smrsh.
++with /usr/sbin/smrsh.
+
+ As an example:
+
+@@ -123,14 +123,14 @@
+ Mprog, P=/bin/sh, F=lsDFMeuP, S=10, R=20, A=sh -c $u
+
+ which should be changed to:
+-Mprog, P=/usr/libexec/smrsh, F=lsDFMeuP, S=10, R=20, A=sh -c $u
++Mprog, P=/usr/sbin/smrsh, F=lsDFMeuP, S=10, R=20, A=sh -c $u
+ ^^^^^^^^^^^^^^^^^^
+
+ A more generic line may be:
+ Mprog, P=/bin/sh, F=lsDFM, A=sh -c $u
+
+ and should be changed to;
+-Mprog, P=/usr/libexec/smrsh, F=lsDFM, A=sh -c $u
++Mprog, P=/usr/sbin/smrsh, F=lsDFM, A=sh -c $u
+
+
+ After modifying the Mprog definition in the sendmail.cf file, if a frozen
+@@ -141,7 +141,7 @@
+ a search of the strings(1) output of the sendmail binary.
+
+ In order to create a new frozen configuration, if it is required:
+- host.domain# /usr/lib/sendmail -bz
++ host.domain# /usr/sbin/sendmail -bz
+
+ Now re-start the sendmail process. An example of how to do this on
+ a typical system follows:
+--- sendmail-8.10.0/smrsh/smrsh.8.smrsh Tue Jun 15 00:50:19 1999
++++ sendmail-8.10.0/smrsh/smrsh.8 Thu Mar 9 13:21:40 2000
+@@ -38,7 +38,7 @@
+ Briefly,
+ .I smrsh
+ limits programs to be in the directory
+-/usr/adm/sm.bin,
++/etc/smrsh,
+ allowing the system administrator to choose the set of acceptable commands,
+ and to the shell builtin commands ``exec'', ``exit'', and ``echo''.
+ It also rejects any commands with the characters
+@@ -55,10 +55,10 @@
+ and
+ ``vacation''
+ all actually forward to
+-``/usr/adm/sm.bin/vacation''.
++``/etc/smrsh/vacation''.
+ .PP
+ System administrators should be conservative about populating
+-/usr/adm/sm.bin.
++/etc/smrsh
+ Reasonable additions are
+ .IR vacation (1),
+ .IR procmail (1),
+@@ -68,20 +68,12 @@
+ (such as
+ .IR perl (1))
+ in the
+-sm.bin
++/etc/smrsh
+ directory.
+ Note that this does not restrict the use of shell or perl scripts
+-in the sm.bin directory (using the ``#!'' syntax);
++in the /etc/smrsh directory (using the ``#!'' syntax);
+ it simply disallows execution of arbitrary programs.
+-.SH COMPILATION
+-Compilation should be trivial on most systems.
+-You may need to use \-DPATH=\e"\fIpath\fP\e"
+-to adjust the default search path
+-(defaults to ``/bin:/usr/bin:/usr/ucb'')
+-and/or \-DCMDBIN=\e"\fIdir\fP\e"
+-to change the default program directory
+-(defaults to ``/usr/adm/sm.bin'').
+ .SH FILES
+-/usr/adm/sm.bin \- directory for restricted programs
++/etc/smrsh \- directory for restricted programs
+ .SH SEE ALSO
+ sendmail(8)
+--- sendmail-8.10.0/smrsh/smrsh.c.smrsh2 Tue Oct 26 22:49:51 1999
++++ sendmail-8.10.0/smrsh/smrsh.c Thu Mar 9 13:28:37 2000
+@@ -76,7 +76,7 @@
+
+ /* directory in which all commands must reside */
+ #ifndef CMDDIR
+-# define CMDDIR "/usr/adm/sm.bin"
++# define CMDDIR "/etc/smrsh"
+ #endif /* ! CMDDIR */
+
+ /* characters disallowed in the shell "-c" argument */
+@@ -84,7 +84,7 @@
+
+ /* default search path */
+ #ifndef PATH
+-# define PATH "/bin:/usr/bin:/usr/ucb"
++# define PATH "/bin:/usr/bin:"
+ #endif /* ! PATH */
+
+ #ifndef __P
projects / packages / sendmail.git / commitdiff