1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
|
$NetBSD: patch-ag,v 1.4 2002/10/03 03:59:24 itojun Exp $
http://www.sendmail.org/smrsh.adv.txt
--- smrsh/smrsh.c.orig Sat May 25 11:41:31 2002
+++ smrsh/smrsh.c Thu Oct 3 12:56:10 2002
@@ -57,6 +57,8 @@
#include <sm/limits.h>
#include <sm/string.h>
#include <sys/file.h>
+#include <sys/types.h>
+#include <sys/stat.h>
#include <string.h>
#include <ctype.h>
#include <errno.h>
@@ -145,6 +147,7 @@
char *newenv[2];
char pathbuf[1000];
char specialbuf[32];
+ struct stat st;
#ifndef DEBUG
# ifndef LOG_MAIL
@@ -302,6 +305,38 @@
(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
"Trying %s\n", cmdbuf);
#endif /* DEBUG */
+ if (stat(cmdbuf, &st) < 0)
+ {
+ /* can't stat it */
+ fprintf(stderr,
+ "%s: %s not available for sendmail programs (stat failed)\n",
+ prg, cmd);
+ if (p != NULL)
+ *p = ' ';
+#ifndef DEBUG
+ syslog(LOG_CRIT, "uid %d: attempt to use %s (stat failed)",
+ (int) getuid(), cmd);
+#endif /* ! DEBUG */
+ exit(EX_UNAVAILABLE);
+ }
+ if (!S_ISREG(st.st_mode)
+#ifdef S_ISLNK
+ && !S_ISLNK(st.st_mode)
+#endif /* S_ISLNK */
+ )
+ {
+ /* can't stat it */
+ fprintf(stderr,
+ "%s: %s not available for sendmail programs (not a file)\n",
+ prg, cmd);
+ if (p != NULL)
+ *p = ' ';
+#ifndef DEBUG
+ syslog(LOG_CRIT, "uid %d: attempt to use %s (not a file)",
+ (int) getuid(), cmd);
+#endif /* ! DEBUG */
+ exit(EX_UNAVAILABLE);
+ }
if (access(cmdbuf, X_OK) < 0)
{
/* oops.... crack attack possiblity */
|
