From owner-freebsd-security Sun Nov 17 19:42:06 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id TAA05912 for security-outgoing; Sun, 17 Nov 1996 19:42:06 -0800 (PST) Received: from knecht.Sendmail.ORG (root@knecht.oxford.reference.com [205.217.47.98]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id TAA05892; Sun, 17 Nov 1996 19:41:50 -0800 (PST) Received: from knecht.Sendmail.ORG (eric@LOCALHOST [127.0.0.1]) by knecht.Sendmail.ORG (8.8.3/8.8.3) with ESMTP id TAA21895; Sun, 17 Nov 1996 19:42:59 -0800 (PST) Message-Id: <199611180342.TAA21895@knecht.Sendmail.ORG> X-Mailer: exmh version 1.6.7 5/3/96 To: igor@alecto.physics.uiuc.edu (Igor Roshchin) From: Eric Allman X-URL: http://WWW.InReference.COM/~eric cc: roberto@keltia.freenix.fr (Ollivier Robert), freebsd-security@freebsd.org, freebsd-hackers@freebsd.org Subject: Re: New sendmail bug... In-reply-to: Mail from igor@alecto.physics.uiuc.edu (Igor Roshchin) dated Sun, 17 Nov 1996 21:12:33 CST <199611180312.VAA27437@alecto.physics.uiuc.edu> Date: Sun, 17 Nov 1996 19:42:58 -0800 Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk This patch is against 8.8.2, not 8.7.6. You need to upgrade to 8.8; 8.7.x is no long supported. eric ============= In Reply To: =========================================== : From: igor@alecto.physics.uiuc.edu (Igor Roshchin) : Subject: Re: New sendmail bug... : Date: Sun, 17 Nov 1996 21:12:33 -0600 (CST) : Hello! : : May be I am missing something, : but I was not able to compile the patched version : of the sendmail 8.7.6.4, : as it appears in FreeBSD distribution (sup.freebsd.org). : : main.o: Undefined symbol `_vendor_daemon_setup' referenced from text segment : *** Error code 1 : : : Is it a problem due to the version of FreeBSD ? : I tried it on 2.1.5-stable and 2.1.5-release; - : results were the same. : : Thanks in advance for your suggestions. : : IgoR : : : > : > ------- main.c ------- : > *** - Wed Dec 31 16:00:00 1969 : > --- main.c Sat Nov 16 07:07:17 1996 : > *************** : > *** 493,507 **** : > { : > case MD_DAEMON: : > case MD_FGDAEMON: : > ! # ifdef DAEMON : > ! if (RealUid != 0) : > ! { : > ! usrerr("Permission denied"); : > ! exit(EX_USAGE); : > ! } : > ! vendor_daemon_setup(CurEnv); : > ! /* fall through ... */ : > ! # else : > usrerr("Daemon mode not implemented"); : > ExitStat = EX_USAGE; : > break; : > --- 493,499 ---- : > { : > case MD_DAEMON: : > case MD_FGDAEMON: : > ! # ifndef DAEMON : > usrerr("Daemon mode not implemented"); : > ExitStat = EX_USAGE; : > break; : > *************** : > *** 899,904 **** : > --- 891,904 ---- : > /* fall through ... */ : > : > case MD_DAEMON: : > + /* check for permissions */ : > + if (RealUid != 0) : > + { : > + usrerr("Permission denied"); : > + exit(EX_USAGE); : > + } : > + vendor_daemon_setup(CurEnv); : > + : > /* remove things that don't make sense in daemon mode */ : > FullName = NULL; : > GrabTo = FALSE; : > *************** : > *** 1932,1937 **** : > --- 1932,1946 ---- : > syslog(LOG_INFO, "restarting %s on signal", SaveArgv[0]); : > #endif : > releasesignal(SIGHUP); : > + if (setuid(RealUid) < 0 || setgid(RealGid) < 0) : > + { : > + #ifdef LOG : > + if (LogLevel > 0) : > + syslog(LOG_ALERT, "could not set[ug]id(%d, %d): %m", : > + RealUid, RealGid); : > + #endif : > + exit(EX_OSERR); : > + } : > execv(SaveArgv[0], (ARGV_T) SaveArgv); : > #ifdef LOG : > if (LogLevel > 0) : > : > :