From eb211e2c5500383f8769b46837d9c9c942bb3605 Mon Sep 17 00:00:00 2001 From: Eric Allman Date: Sun, 23 Aug 1981 19:09:17 -0800 Subject: [PATCH] plug assorted security holes SCCS-vsn: usr.sbin/sendmail/src/deliver.c 3.30 SCCS-vsn: usr.sbin/sendmail/src/version.c 3.12 SCCS-vsn: usr.sbin/sendmail/src/main.c 3.26 SCCS-vsn: usr.sbin/sendmail/src/readcf.c 3.12 SCCS-vsn: usr.sbin/sendmail/src/recipient.c 3.8 --- usr/src/usr.sbin/sendmail/src/deliver.c | 14 ++++++++++++-- usr/src/usr.sbin/sendmail/src/main.c | 10 +++++++--- usr/src/usr.sbin/sendmail/src/readcf.c | 17 +++++++++++++---- usr/src/usr.sbin/sendmail/src/recipient.c | 9 ++++++++- usr/src/usr.sbin/sendmail/src/version.c | 4 ++-- 5 files changed, 42 insertions(+), 12 deletions(-) diff --git a/usr/src/usr.sbin/sendmail/src/deliver.c b/usr/src/usr.sbin/sendmail/src/deliver.c index 0cad43ec8f..2d2f9c107d 100644 --- a/usr/src/usr.sbin/sendmail/src/deliver.c +++ b/usr/src/usr.sbin/sendmail/src/deliver.c @@ -5,7 +5,7 @@ # include # endif LOG -static char SccsId[] = "@(#)deliver.c 3.29 %G%"; +static char SccsId[] = "@(#)deliver.c 3.30 %G%"; /* ** DELIVER -- Deliver a message to a particular address. @@ -342,9 +342,11 @@ sendoff(m, pvp, editfcn) { /* child -- set up input & exec mailer */ /* make diagnostic output be standard output */ + (void) signal(SIGINT, SIG_DFL); + (void) signal(SIGHUP, SIG_DFL); + (void) signal(SIGTERM, SIG_DFL); (void) close(2); (void) dup(1); - (void) signal(SIGINT, SIG_IGN); (void) close(0); if (dup(pvect[0]) < 0) { @@ -354,7 +356,10 @@ sendoff(m, pvp, editfcn) (void) close(pvect[0]); (void) close(pvect[1]); if (!bitset(M_RESTR, m->m_flags)) + { (void) setuid(getuid()); + (void) setgid(getgid()); + } # ifndef VFORK /* ** We have to be careful with vfork - we can't mung up the @@ -630,6 +635,9 @@ mailfile(filename) /* child -- actually write to file */ (void) setuid(getuid()); (void) setgid(getgid()); + (void) signal(SIGINT, SIG_DFL); + (void) signal(SIGHUP, SIG_DFL); + (void) signal(SIGTERM, SIG_DFL); f = fopen(filename, "a"); if (f == NULL) exit(EX_CANTCREAT); @@ -654,6 +662,8 @@ mailfile(filename) break; } } + if ((stat & 0377) != 0) + stat = EX_UNAVAILABLE << 8; return ((stat >> 8) & 0377); } } diff --git a/usr/src/usr.sbin/sendmail/src/main.c b/usr/src/usr.sbin/sendmail/src/main.c index 7fe9e4f93f..073e237e61 100644 --- a/usr/src/usr.sbin/sendmail/src/main.c +++ b/usr/src/usr.sbin/sendmail/src/main.c @@ -5,7 +5,7 @@ # include # endif LOG -static char SccsId[] = "@(#)main.c 3.25 %G%"; +static char SccsId[] = "@(#)main.c 3.26 %G%"; /* ** SENDMAIL -- Post mail to a set of destinations. @@ -160,6 +160,7 @@ main(argc, argv) char *aliasname; register int i; bool verifyonly = FALSE; /* only verify names */ + bool safecf = TRUE; /* this conf file is sys default */ char pbuf[10]; /* holds pid */ char tbuf[10]; /* holds "current" time */ char cbuf[5]; /* holds hop count */ @@ -171,6 +172,8 @@ main(argc, argv) if (signal(SIGINT, SIG_IGN) != SIG_IGN) (void) signal(SIGINT, finis); + if (signal(SIGHUP, SIG_IGN) != SIG_IGN) + (void) signal(SIGHUP, finis); (void) signal(SIGTERM, finis); setbuf(stdout, (char *) NULL); # ifdef LOG @@ -328,6 +331,7 @@ main(argc, argv) cfname = "sendmail.cf"; else cfname = &p[2]; + safecf = FALSE; break; case 'A': /* select alias file */ @@ -396,7 +400,7 @@ main(argc, argv) ** Read control file. */ - readcf(cfname); + readcf(cfname, safecf); # ifndef V6 p = getenv("HOME"); @@ -407,7 +411,7 @@ main(argc, argv) define('z', p); (void) expand("$z/.mailcf", cfbuf, &cfbuf[sizeof cfbuf - 1]); if (access(cfbuf, 2) == 0) - readcf(cfbuf); + readcf(cfbuf, FALSE); } # endif V6 diff --git a/usr/src/usr.sbin/sendmail/src/readcf.c b/usr/src/usr.sbin/sendmail/src/readcf.c index 1c16046b85..bc611c382c 100644 --- a/usr/src/usr.sbin/sendmail/src/readcf.c +++ b/usr/src/usr.sbin/sendmail/src/readcf.c @@ -1,6 +1,6 @@ # include "sendmail.h" -static char SccsId[] = "@(#)readcf.c 3.11 %G%"; +static char SccsId[] = "@(#)readcf.c 3.12 %G%"; /* ** READCF -- read control file. @@ -10,6 +10,10 @@ static char SccsId[] = "@(#)readcf.c 3.11 %G%"; ** ** Parameters: ** cfname -- control file name. +** safe -- set if this is a system configuration file. +** Non-system configuration files can not do +** certain things (e.g., leave the SUID bit on +** when executing mailers). ** ** Returns: ** none. @@ -21,8 +25,9 @@ static char SccsId[] = "@(#)readcf.c 3.11 %G%"; struct rewrite *RewriteRules[10]; -readcf(cfname) +readcf(cfname, safe) char *cfname; + bool safe; { FILE *cf; char buf[MAXLINE]; @@ -132,7 +137,7 @@ readcf(cfname) break; case 'M': /* define mailer */ - makemailer(&buf[1]); + makemailer(&buf[1], safe); break; default: @@ -156,6 +161,7 @@ readcf(cfname) ** a local "from" name to one that can be ** returned to this machine. ** * the argument vector (a series of parameters). +** safe -- set if this is a safe configuration file. ** ** Returns: ** none. @@ -175,8 +181,9 @@ readcf(cfname) *p++ = '\0'; \ } -makemailer(line) +makemailer(line, safe) char *line; + bool safe; { register char *p; register char *q; @@ -203,6 +210,8 @@ makemailer(line) mpath = q; SETWORD; mopts = crackopts(q); + if (!safe) + mopts &= ~M_RESTR; SETWORD; mfrom = q; diff --git a/usr/src/usr.sbin/sendmail/src/recipient.c b/usr/src/usr.sbin/sendmail/src/recipient.c index 7051f1712a..5c946515ac 100644 --- a/usr/src/usr.sbin/sendmail/src/recipient.c +++ b/usr/src/usr.sbin/sendmail/src/recipient.c @@ -1,7 +1,7 @@ # include # include "sendmail.h" -static char SccsId[] = "@(#)recipient.c 3.7 %G%"; +static char SccsId[] = "@(#)recipient.c 3.8 %G%"; /* ** SENDTO -- Designate a send list. @@ -104,6 +104,13 @@ recipient(a) a->q_mailer = MN_PROG; m = Mailer[MN_PROG]; a->q_user++; +# ifdef PARANOID + if (AliasLevel <= 0) + { + usrerr("Cannot mail directly to programs"); + a->q_flags |= QDONTSEND; + } +# endif PARANOID } } diff --git a/usr/src/usr.sbin/sendmail/src/version.c b/usr/src/usr.sbin/sendmail/src/version.c index 9374c282e0..b050729b8d 100644 --- a/usr/src/usr.sbin/sendmail/src/version.c +++ b/usr/src/usr.sbin/sendmail/src/version.c @@ -1,3 +1,3 @@ -static char SccsId[] = "@(#)SendMail version 3.11 of %G%"; +static char SccsId[] = "@(#)SendMail version 3.12 of %G%"; -char Version[] = "3.11 [%G%]"; +char Version[] = "3.12 [%G%]"; -- 2.20.1