public inbox for gnats-prs@sourceware.org
help / color / mirror / Atom feed
* Re: gnats/24
@ 1999-11-10  7:14 Klaus Muth
  0 siblings, 0 replies; 5+ messages in thread
From: Klaus Muth @ 1999-11-10  7:14 UTC (permalink / raw)
  To: nobody; +Cc: gnats-prs

The following reply was made to PR gnats/24; it has been noted by GNATS.

From: Klaus Muth <muth@hagos.de>
To: gnats-gnats@sourceware.cygnus.com, mh@hagos.de,
        nobody@sourceware.cygnus.com
Cc:  
Subject: Re: gnats/24
Date: Wed, 10 Nov 1999 16:12:39 +0100

 Ok, I found the secure solution for RedHat, may work on all sendmail
 installation using smrsh:
 smrsh strips the path from an executable with s-Bit set and tries to
 find it in a special directory, according to O'Reilly's Sendmail Bible
 (Costales & Allman) this is /usr/adm/sm.bin. However, on my RedHat,
 it is /etc/smrsh/.
 
 The secure solution is to create a link in this dir:
     ln -s /etc/smrsh/queue-pr /usr/local/libexec/gnats/queue-pr
 
 klaus


^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: gnats/24
@ 2001-05-10 15:14 yngves
  0 siblings, 0 replies; 5+ messages in thread
From: yngves @ 2001-05-10 15:14 UTC (permalink / raw)
  To: yngves; +Cc: gnats-prs

The following reply was made to PR gnats/24; it has been noted by GNATS.

From: yngves@sources.redhat.com
To: gnats-gnats@sourceware.cygnus.com, mh@hagos.de,
  nobody@sourceware.cygnus.com, yngves@sources.redhat.com
Cc:  
Subject: Re: gnats/24
Date: 10 May 2001 22:07:50 -0000

 Synopsis: queue-pr not available for sendmail programs
 
 Responsible-Changed-From-To: unassigned->yngves
 Responsible-Changed-By: yngves
 Responsible-Changed-When: Thu May 10 15:07:50 2001
 Responsible-Changed-Why:
     -
 State-Changed-From-To: open->closed
 State-Changed-By: yngves
 State-Changed-When: Thu May 10 15:07:50 2001
 State-Changed-Why:
     Closing this now. I'll mark this as an FAQ candidate.
 
 http://sources.redhat.com/cgi-bin/gnatsweb.pl?cmd=view&pr=24&database=gnats


^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: gnats/24
@ 1999-11-10  1:34 Jason Molenda
  0 siblings, 0 replies; 5+ messages in thread
From: Jason Molenda @ 1999-11-10  1:34 UTC (permalink / raw)
  To: nobody; +Cc: gnats-prs

The following reply was made to PR gnats/24; it has been noted by GNATS.

From: Jason Molenda <jsm@cygnus.com>
To: Klaus Muth <muth@hagos.de>
Cc: gnats-gnats@sourceware.cygnus.com
Subject: Re: gnats/24
Date: Wed, 10 Nov 1999 01:27:16 -0800

 On Wed, Nov 10, 1999 at 09:24:00AM -0000, Klaus Muth wrote:
 
 >  The offending Program is smrsh: It is used in modern sendmail distributions
 >  for secure executing of "| blah" aliases.
 >  It seems, that queue-pr is not considered as secure (because of the
 >  s-bit maybe) and smrsh refuses to execute it.
 
 Thanks for the information.  Please do send along any further information
 if you find it.  I use qmail on the sourceware.cygnus.com site so I'm
 afraid I can't provide much help with this one.
 
 I suppose we should put together some kind of FAQs for GNATS; this
 would definitely be high on the list if it is a problem people will have
 with default sendmail installations.
 
 Jason
 Free the Software!


^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: gnats/24
@ 1999-11-10  1:24 Klaus Muth
  0 siblings, 0 replies; 5+ messages in thread
From: Klaus Muth @ 1999-11-10  1:24 UTC (permalink / raw)
  To: nobody; +Cc: gnats-prs

The following reply was made to PR gnats/24; it has been noted by GNATS.

From: Klaus Muth <muth@hagos.de>
To: gnats-gnats@sourceware.cygnus.com, mh@hagos.de,
        nobody@sourceware.cygnus.com
Cc:  
Subject: Re: gnats/24
Date: Wed, 10 Nov 1999 10:17:19 +0100

 I found another fix related to the 
 "queue-pr not available for sendmail programs"-Problem:
 
 The offending Program is smrsh: It is used in modern sendmail distributions
 for secure executing of "| blah" aliases.
 It seems, that queue-pr is not considered as secure (because of the
 s-bit maybe) and smrsh refuses to execute it.
 
 Fix: find the line "Mprog, ...." in /etc/sendmail.cf and replace
 /usr/sbin/smrsh with /bin/sh. Be aware: this seems to be a security hazard.
 I'll read on: Maybe, there is a way to convince smrsh, that queue-pr is secure.
 
 klaus


^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: gnats/24
@ 1999-11-08 23:34 Klaus Muth
  0 siblings, 0 replies; 5+ messages in thread
From: Klaus Muth @ 1999-11-08 23:34 UTC (permalink / raw)
  To: nobody; +Cc: gnats-prs

The following reply was made to PR gnats/24; it has been noted by GNATS.

From: Klaus Muth <muth@hagos.de>
To: gnats-gnats@sourceware.cygnus.com, nobody@sourceware.cygnus.com
Cc:  
Subject: Re: gnats/24
Date: Tue, 09 Nov 1999 08:28:54 +0100

 Hi!
 I pinned id down: queue-pr -q does an Segmentation Fault, iff 
 gnats-db/gnats-adm/states exists:
 A strace of queue-pr -q showed:
 -----------------------------------------------------------------------
 ...
 ...
 open("/usr/local/share/gnats/gnats-db/gnats-adm/states", O_RDONLY) = 3
 fstat(3, {st_mode=S_ISGID|S_ISVTX|0632, st_size=0, ...}) = 0
 mmap(0, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x400140
 00
 read(3, "#\t\t    Possible states for a P"..., 4096) = 2352
 --- SIGSEGV (Segmentation Fault) ---
 +++ killed by SIGSEGV +++
 -----------------------------------------------------------------------
 and removal of the offending file fixed the problem.
 
 klaus
 -- 
 mit freundlichen Gruessen,
 Klaus Muth
  
 HAGOS eG                 Industriestr. 62       fon: (+49) 711 78805-86
 EDV-Programmierung       D-70565 Stuttgart      fax: (+49) 711 78805-99
 http://www.hagos.de      Germany                mailto:muth@hagos.de
 -----------------------------------------------------------------------
 Alle  heissen  hier  Klaus,   nur  nicht  Norbert,  der  heisst  Ernst!


^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2001-05-10 15:14 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
1999-11-10  7:14 gnats/24 Klaus Muth
  -- strict thread matches above, loose matches on Subject: below --
2001-05-10 15:14 gnats/24 yngves
1999-11-10  1:34 gnats/24 Jason Molenda
1999-11-10  1:24 gnats/24 Klaus Muth
1999-11-08 23:34 gnats/24 Klaus Muth

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).