-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 package: smail version: 3.2.0.114-4
Greg has posted a one line fix in http://www.weird.com/~woods/projects/smail.html on line 223 of src/addr.c p[(ap - address)] = '\0'; He was not informed prior to announcement as his Smail does not accept spoofed email. A security feature. :) Be nice if the one line patch is in soon. A longer issue is having Smail run as root. I have done an ugly fix to stop in.smtpd running as root. It sort of works, but I will need to test this a bit more. I have removed setuid from the smail binary and changed files to mail with : - chown -R mail /var/log/smail /var/spool/smail In crontab -u root I have : - #(min h) (dm m dw) (command) */15 * * * * /usr/sbin/runq -q In /etc/inetd.conf I have : - smtp stream tcp nowait mail /usr/sbin/smail in.smtpd -bs -Q This also avoids the DoS from the overflow, but not ideal. Created /usr/local/bin/sendmail with : - #! /bin/sh # Last minute 53cur!ty b4 w3r3 0wn3d # hide real sendmail and remove setuid root # With visudo add the following: - # ALL ALL = NOPASSWD: /usr/sbin/smail exec /usr/bin/sudo /usr/sbin/smail "$@" Which I have used to replace the sendmail command : - # ls -l /usr/sbin/sendmail /usr/lib/sendmail lrwxrwxrwx 1 root root 21 May 4 09:46 /usr/lib/sendmail -> ../local/bin/sendmail lrwxrwxrwx 1 root root 21 May 4 09:55 /usr/sbin/sendmail -> ../local/bin/sendmail I have changed the cron that came with the pacakge. It now runs monthly and I run checkerr as root. I must still do this with above. Log files now have owner set to mail. /etc/cron.monthly/smail now reads : - #!/bin/sh # Run the Smail error checking script and rotate the logfiles. # We have to rotate the logs as root as otherwise we can't fix the # timestamps, and so we might as well add the checkerr script here # too. test -f /usr/sbin/smail || exit 0 cd /tmp #echo "Cron job - running checkerr as mail" | logger #su -c /usr/lib/smail/checkerr mail # smail: [6841] setgroups() failed: Operation not permitted # Never works as mail - AB echo "Cron job - running checkerr as ROOT" | logger /usr/lib/smail/checkerr # May actually work now in.smtpd runs as mail and su syntax correct # No still have to run as root set -e cd /var/log/smail savelog -u mail -g mail -m 644 -c 30 logfile >/dev/null # Took our paniclog as Smail sometimes dies and I would like to know why # - AB - -- \|/ ____ \|/ "@'/ .. \`@" /_| \__/ |_\ \__U_/ 6279EACE 2004-04-23 Andrew Buckeridge <[EMAIL PROTECTED]> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQFCeI9jm2fZcWJ56s4RAjBSAJ9bwDllxA9z4eA9BclqtWhop819ugCeN0X9 V+eYfKBVrHwiKFjqsev5ahU= =SZCm -----END PGP SIGNATURE-----
