mp@andante.UUCP (Mark Plotnick) (11/18/88)
I've been reading through the sendmail source a bit, looking for security holes similar to that offered by the now-famous DEBUG command, and I figured that before I go too far in fixing bugs I should get a more recent version (we have 5.51, which came on the 4.3BSD tape). Is there one, or should I wait until the powers-that-be here purchase 4.3bsd-tahoe? Also, if anyone has ported the 4.3bsd-based sendmail to 4.2bsd, I'd like to know about any problems that were encountered (we have to run 4.2bsd on some of our systems because the 4.3 massbus disk driver handles ECC errors incorrectly when using Emulex controllers, but that's another story). Someone here who ported the 4.2bsd version to 4.3 said that the syslog() log levels had to be changed, so I imagine there are similar problems when porting in the other direction. Mark Plotnick allegra!mp
vixie@decwrl.dec.com (Paul Vixie) (11/18/88)
# [...] more recent version (we have 5.51, which came on the 4.3BSD tape). Is # there one, or should I wait until the powers-that-be here purchase 4.3-tahoe? The latest official release is always the one in ucbarpa's ~ftp area, just about. The one that went out with 4.3-tahoe was 5.59, and that plus the most recent patches in comp.bugs.4bsd.ucb-fixes (to repair some wormholes) is the one everyone thinks of as "most current" as of this instant. Latest news from CSRG is that they are looking at the IDA stuff for possible inclusion into a future release of sendmail. Don't quote me, and don't bug them, but don't be surprised if this happens in the next quarter or two. -- Paul Vixie Work: vixie@decwrl.dec.com decwrl!vixie +1 415 853 6600 Play: paul@vixie.sf.ca.us vixie!paul +1 415 864 7013
vixie@decwrl.dec.com (Paul Vixie) (11/18/88)
# The latest official release is always the one in ucbarpa's ~ftp area [...] Note that sendmail is publically available. Not "public domain", since that has some legal connotations that CSRG and the UC Regents don't want to deal with. But it comes mostly to the same thing: you can use sendmail, give away or sell source or binaries, supported or unsupported. These are not the exact terms of the license; see the headers in the comments for the exact details. But anyone who wants sendmail and can physically get a copy of it can have it and use it, without breaking any laws or pissing anybody at CSRG off. Note that I am not a spokesman of CSRG (or anyone else, for that matter). You should consider these claims unsubstantiated until you look at the comments at the top of the sendmail source files, or until you hear from someone who _is_ a spokesman for CSRG. But since so many people think that sendmail is a restricted piece of code, I thought I'd amplify my own understanding of its status. -- Paul Vixie Work: vixie@decwrl.dec.com decwrl!vixie +1 415 853 6600 Play: paul@vixie.sf.ca.us vixie!paul +1 415 864 7013
Lovstrand.EuroPARC@Xerox.COM (Lennart) (11/19/88)
In article <13731@andante.UUCP> mp@andante.UUCP (Mark Plotnick) writes: > Also, if anyone has ported the 4.3bsd-based sendmail to 4.2bsd, I'd > like to know about any problems that were encountered [...] As Paul Vixie previously said, the latest release is 5.59 and is available from ucbarpa.berkeley.edu:4.3/sendmail.tar.Z via anonymous ftp. I don't know about vanilla 4.2, but I didn't have much problems making the IDA Kit [which is based on 5.59] run under SunOS 3.x -- in addition to removing the third parameter of the openlog() call in main.c to, all I had to do was to remove the unsetenv() call in main.c and to change the way the local time zone was gathered in arpadate.c to use localtime() instead of timezone(). This gives a grand total of two new #ifdef sun's and one #ifdef LOG_MAIL [for the openlog() call]. Not quite what I would call "#ifdef sun all over the place", as a previous writer to this news group has claimed. (Sorry, had to get that out) Note that you'll need bind 4.8 to run sendmail 5.59, but I think it will compile without any problems. On the other hand, you will then also need to recompile 4.2's syslog.c since the host address field has changed. Good Luck, --Lennart <Lovstrand.EuroPARC@Xerox.COM> Rank Xerox EuroPARC, 61 Regent St, Cambridge, CB2 1AB, England.
guy@auspex.UUCP (Guy Harris) (11/22/88)
>I don't know about vanilla 4.2, but I didn't have much problems >making the IDA Kit [which is based on 5.59] run under SunOS 3.x -- in >addition to removing the third parameter of the openlog() call in main.c >to, all I had to do was to remove the unsetenv() call in main.c and to >change the way the local time zone was gathered in arpadate.c to use >localtime() instead of timezone(). You will probably have to do all three to make it run under 4.2BSD. The first change is a change between 4.2's "openlog" and 4.3's "openlog" (since SunOS 4.0 uses 4.3's "openlog", it shouldn't be necessary under SunOS 4.0). The second change (which I presume you meant the other way around - change to use "timezone()" instead of "localtime()") is a change between V7's/4.2's/4.3's time zone handling code and 4.3-tahoe's time zone handling code (SunOS 4.0 uses the Arthur Olson time zone code, with "tm_zone" added, just as 4.3-tahoe does, so this change shouldn't be necessary under SunOS 4.0). Note that some parts of 4.3BSD were in SunOS 3.2 and later, so you may run into some more changes that have to be made to make it work under vanilla 4.2BSD.
prc@ERBE.SE (Robert Claeson) (11/23/88)
In article <451@arisia.Xerox.COM>, Lovstrand.EuroPARC@Xerox.COM (Lennart) writes: > As Paul Vixie previously said, the latest release is 5.59 and is > available from ucbarpa.berkeley.edu:4.3/sendmail.tar.Z via anonymous > ftp. Beware if you get your sendmail 5.59 from another place, though. I did so, and it obviously wasn't the same as the sendmail now available at Berkeley.EDU, even though they both say "5.59". -- Robert Claeson ERBE DATA AB rclaeson@ERBE.SE
kre@cs.mu.oz.au (Robert Elz) (11/27/88)
In article <451@arisia.Xerox.COM>, Lovstrand.EuroPARC@Xerox.COM (Lennart) writes (about putting 5.59 on SunOS): > all I had to do was to ... and to > change the way the local time zone was gathered in arpadate.c to use > localtime() instead of timezone(). No .. this is a BUG, its always been a sendmail bug, and it should be fixed. RFC822 defines exactly 5 3 letter zone names (and the daylight saving equivalents for the 4 US zones defined), plus "UT", the US military time 1 letter names, and numeric offsets. Taking whatever the system has defined the zone name to be, and truncating that to 3 characters is not a sensible thing to do. I have modified arpadate.c to generate only the numeric offset (and consequently gotten rid of the absurd code (sorry Teus) that knew what the European time zone names would be, and converted those back into numeric offsets). This code should work on any system with both localtime() and gmtime(), and not need special case ifdef's for suns. I will send the code to Lennart, and to Berkeley. Hopefully it will turn up in some future release of sendmail. If someone wants they could put special cases in for the known approved zone names, but there doesn't seem to be any particularly good reason, the numeric offset form is always acceptable. kre