1 files changed, 62 insertions, 0 deletions

diff --git a/mail/sendmail/patches/patch-ag b/mail/sendmail/patches/patch-ag
new file mode 100644
index 00000000000..a11b100b9cf
--- /dev/null
+++ b/mail/sendmail/patches/patch-ag
@@ -0,0 +1,62 @@
+$NetBSD: patch-ag,v 1.4 2002/10/03 03:59:24 itojun Exp $
+
+http://www.sendmail.org/smrsh.adv.txt
+
+--- smrsh/smrsh.c.orig	Sat May 25 11:41:31 2002
++++ smrsh/smrsh.c	Thu Oct  3 12:56:10 2002
+@@ -57,6 +57,8 @@
+ #include <sm/limits.h>
+ #include <sm/string.h>
+ #include <sys/file.h>
++#include <sys/types.h>
++#include <sys/stat.h>
+ #include <string.h>
+ #include <ctype.h>
+ #include <errno.h>
+@@ -145,6 +147,7 @@
+ 	char *newenv[2];
+ 	char pathbuf[1000];
+ 	char specialbuf[32];
++	struct stat st;
+ 
+ #ifndef DEBUG
+ # ifndef LOG_MAIL
+@@ -302,6 +305,38 @@
+ 			(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
+ 					     "Trying %s\n", cmdbuf);
+ #endif /* DEBUG */
++			if (stat(cmdbuf, &st) < 0)
++			{
++				/* can't stat it */
++				fprintf(stderr,
++				    "%s: %s not available for sendmail programs (stat failed)\n",
++						      prg, cmd);
++				if (p != NULL)
++					*p = ' ';
++#ifndef DEBUG
++				syslog(LOG_CRIT, "uid %d: attempt to use %s (stat failed)",
++				       (int) getuid(), cmd);
++#endif /* ! DEBUG */
++				exit(EX_UNAVAILABLE);
++			}
++			if (!S_ISREG(st.st_mode)
++#ifdef S_ISLNK
++			    && !S_ISLNK(st.st_mode)
++#endif /* S_ISLNK */
++			   )
++			{
++				/* can't stat it */
++				fprintf(stderr,
++					"%s: %s not available for sendmail programs (not a file)\n",
++						      prg, cmd);
++				if (p != NULL)
++					*p = ' ';
++#ifndef DEBUG
++				syslog(LOG_CRIT, "uid %d: attempt to use %s (not a file)",
++				       (int) getuid(), cmd);
++#endif /* ! DEBUG */
++				exit(EX_UNAVAILABLE);
++			}
+ 			if (access(cmdbuf, X_OK) < 0)
+ 			{
+ 				/* oops....  crack attack possiblity */