Blame SOURCES/sendmail-8.14.3-smrsh_paths.patch

813923
diff -up sendmail-8.14.3/smrsh/README.smrsh_paths sendmail-8.14.3/smrsh/README
813923
--- sendmail-8.14.3/smrsh/README.smrsh_paths	2008-02-12 17:40:06.000000000 +0100
813923
+++ sendmail-8.14.3/smrsh/README	2008-07-15 14:40:36.000000000 +0200
813923
@@ -6,7 +6,7 @@ Software Engineering Institute, Carnegie
813923
 intended as a supplement to the CERT advisory CA-93:16.sendmail.vulnerability,
813923
 and to the software, smrsh.c, written by Eric Allman.
813923
 
813923
-
813923
+* Modified by Red Hat, Inc., to reflect different paths. *
813923
 
813923
 The smrsh(8) program is intended as a replacement for /bin/sh in the
813923
 program mailer definition of sendmail(8).  This README file describes
813923
@@ -56,15 +56,15 @@ These can be added to the devtools/Site/
813923
 global M4 macro confENVDEF or the smrsh specific M4 macro
813923
 conf_smrsh_ENVDEF.
813923
 
813923
-As root, install smrsh in /usr/libexec.  Using the Build script:
813923
+As root, install smrsh in /usr/sbin.  Using the Build script:
813923
 
813923
 	host.domain# sh ./Build install
813923
 
813923
-For manual installation: install smrsh in the /usr/libexec
813923
+For manual installation: install smrsh in the /usr/sbin
813923
 directory, with mode 511.
813923
 
813923
-	host.domain# mv smrsh /usr/libexec
813923
-	host.domain# chmod 511 /usr/libexec/smrsh
813923
+	host.domain# mv smrsh /usr/sbin
813923
+	host.domain# chmod 511 /usr/sbin/smrsh
813923
 
813923
 
813923
 
813923
@@ -86,7 +86,7 @@ perl(1), uudecode(1) or the stream edito
813923
 acceptable commands.
813923
 
813923
 If your platform doesn't have a default SMRSH_CMDDIR setting, you will
813923
-next need to create the directory /usr/adm/sm.bin and populate
813923
+next need to create the directory /etc/smrsh and populate
813923
 it with the programs that your site feels are allowable for sendmail
813923
 to execute.   This directory is explicitly specified in the source
813923
 code for smrsh, so changing this directory must be accompanied with
813923
@@ -95,22 +95,22 @@ a change in smrsh.c.
813923
 
813923
 You will have to be root to make these modifications.
813923
 
813923
-After creating the /usr/adm/sm.bin directory, either copy the programs
813923
+After creating the /etc/smrsh directory, either copy the programs
813923
 to the directory, or establish links to the allowable programs from
813923
-/usr/adm/sm.bin.  Change the file permissions, so that these programs
813923
+/etc/smrsh.  Change the file permissions, so that these programs
813923
 can not be modified by non-root users.  If you use links, you should
813923
 ensure that the target programs are not modifiable.
813923
 
813923
 To allow the popular vacation(1) program by creating a link in the
813923
-/usr/adm/sm.bin directory, you should:
813923
+/etc/smrsh directory, you should:
813923
 
813923
-	host.domain# cd /usr/adm/sm.bin
813923
+	host.domain# cd /etc/smrsh
813923
 	host.domain# ln -s /usr/ucb/vacation vacation
813923
 
813923
 
813923
 
813923
 
813923
-After populating the /usr/adm/sm.bin directory, you can now configure
813923
+After populating the /etc/smrsh directory, you can now configure
813923
 sendmail to use the restricted shell.  Save the current sendmail.cf
813923
 file prior to modifying it, as a prudent precaution.
813923
 
813923
@@ -125,7 +125,7 @@ help to locate it.
813923
 
813923
 In order to configure sendmail to use smrsh, you must modify the Mprog
813923
 definition in the sendmail.cf file, by replacing the /bin/sh specification
813923
-with /usr/libexec/smrsh.
813923
+with /usr/sbin/smrsh.
813923
 
813923
 As an example:
813923
 
813923
@@ -133,14 +133,14 @@ In most Sun Microsystems' sendmail.cf fi
813923
 Mprog,	P=/bin/sh,   F=lsDFMeuP,  S=10, R=20, A=sh -c $u
813923
 
813923
 which should be changed to:
813923
-Mprog,	P=/usr/libexec/smrsh,   F=lsDFMeuP,  S=10, R=20, A=sh -c $u
813923
-          ^^^^^^^^^^^^^^^^^^
813923
+Mprog,	P=/usr/sbin/smrsh,   F=lsDFMeuP,  S=10, R=20, A=sh -c $u
813923
+         ^^^^^^^^^^^^^^^^
813923
 
813923
 A more generic line may be:
813923
 Mprog,		P=/bin/sh, F=lsDFM, A=sh -c $u
813923
 
813923
 and should be changed to;
813923
-Mprog,		P=/usr/libexec/smrsh, F=lsDFM, A=sh -c $u
813923
+Mprog,		P=/usr/sbin/smrsh, F=lsDFM, A=sh -c $u
813923
 
813923
 
813923
 After modifying the Mprog definition in the sendmail.cf file, if a frozen
813923
@@ -151,7 +151,7 @@ or /etc/mail directories.  The specific 
813923
 a search of the strings(1) output of the sendmail binary.
813923
 
813923
 In order to create a new frozen configuration, if it is required:
813923
-	host.domain# /usr/lib/sendmail -bz
813923
+	host.domain# /usr/sbin/sendmail -bz
813923
 
813923
 Now re-start the sendmail process.  An example of how to do this on
813923
 a typical system follows:
813923
diff -up sendmail-8.14.3/smrsh/smrsh.8.smrsh_paths sendmail-8.14.3/smrsh/smrsh.8
813923
--- sendmail-8.14.3/smrsh/smrsh.8.smrsh_paths	2004-08-06 05:55:35.000000000 +0200
813923
+++ sendmail-8.14.3/smrsh/smrsh.8	2008-07-15 14:38:07.000000000 +0200
813923
@@ -39,7 +39,7 @@ Briefly,
813923
 .I smrsh
813923
 limits programs to be in a single directory,
813923
 by default
813923
-/usr/adm/sm.bin,
813923
+/etc/smrsh,
813923
 allowing the system administrator to choose the set of acceptable commands,
813923
 and to the shell builtin commands ``exec'', ``exit'', and ``echo''.
813923
 It also rejects any commands with the characters
813923
@@ -56,10 +56,10 @@ so forwarding to ``/usr/ucb/vacation'',
813923
 and
813923
 ``vacation''
813923
 all actually forward to
813923
-``/usr/adm/sm.bin/vacation''.
813923
+``/etc/smrsh/vacation''.
813923
 .PP
813923
 System administrators should be conservative about populating
813923
-the sm.bin directory.
813923
+the /etc/smrsh directory.
813923
 For example, a reasonable additions is
813923
 .IR vacation (1),
813923
 and the like.
813923
@@ -68,7 +68,7 @@ never include any shell or shell-like pr
813923
 (such as
813923
 .IR perl (1))
813923
 in the
813923
-sm.bin
813923
+/etc/smrsh
813923
 directory.
813923
 Note that this does not restrict the use of shell or perl scripts
813923
 in the sm.bin directory (using the ``#!'' syntax);
813923
@@ -79,20 +79,7 @@ is a very bad idea.
813923
 .IR procmail (1)
813923
 allows users to run arbitrary programs in their
813923
 .IR procmailrc (5).
813923
-.SH COMPILATION
813923
-Compilation should be trivial on most systems.
813923
-You may need to use \-DSMRSH_PATH=\e"\fIpath\fP\e"
813923
-to adjust the default search path
813923
-(defaults to ``/bin:/usr/bin:/usr/ucb'')
813923
-and/or \-DSMRSH_CMDDIR=\e"\fIdir\fP\e"
813923
-to change the default program directory
813923
-(defaults to ``/usr/adm/sm.bin'').
813923
 .SH FILES
813923
-/usr/adm/sm.bin \- default directory for restricted programs on most OSs
813923
-.PP
813923
-/var/adm/sm.bin \- directory for restricted programs on HP UX and Solaris
813923
-.PP
813923
-/usr/libexec/sm.bin \- directory for restricted programs on FreeBSD (>= 3.3) and DragonFly BSD
813923
-
813923
+/etc/smrsh \- directory for restricted programs
813923
 .SH SEE ALSO
813923
 sendmail(8)
813923
diff -up sendmail-8.14.3/smrsh/smrsh.c.smrsh_paths sendmail-8.14.3/smrsh/smrsh.c
813923
--- sendmail-8.14.3/smrsh/smrsh.c.smrsh_paths	2004-08-06 20:54:22.000000000 +0200
813923
+++ sendmail-8.14.3/smrsh/smrsh.c	2008-07-15 14:38:07.000000000 +0200
813923
@@ -77,7 +77,7 @@ SM_IDSTR(id, "@(#)$Id: smrsh.c,v 8.65 20
813923
 # ifdef SMRSH_CMDDIR
813923
 #  define CMDDIR	SMRSH_CMDDIR
813923
 # else /* SMRSH_CMDDIR */
813923
-#  define CMDDIR	"/usr/adm/sm.bin"
813923
+#  define CMDDIR	"/etc/smrsh"
813923
 # endif /* SMRSH_CMDDIR */
813923
 #endif /* ! CMDDIR */
813923
 
813923
@@ -89,7 +89,7 @@ SM_IDSTR(id, "@(#)$Id: smrsh.c,v 8.65 20
813923
 # ifdef SMRSH_PATH
813923
 #  define PATH		SMRSH_PATH
813923
 # else /* SMRSH_PATH */
813923
-#  define PATH		"/bin:/usr/bin:/usr/ucb"
813923
+#  define PATH		"/bin:/usr/bin"
813923
 # endif /* SMRSH_PATH */
813923
 #endif /* ! PATH */
813923