Apply by doing: cd /usr/src patch -p0 < 003_smrsh.patch And then rebuild and install smrsh: cd gnu/usr.sbin/sendmail/libsm make obj make depend make cd ../smrsh make obj make depend make make install Index: gnu/usr.sbin/sendmail/smrsh/smrsh.c =================================================================== RCS file: /cvs/src/gnu/usr.sbin/sendmail/smrsh/smrsh.c,v retrieving revision 1.9 retrieving revision 1.9.2.1 diff -u -r1.9 -r1.9.2.1 --- gnu/usr.sbin/sendmail/smrsh/smrsh.c 3 Jun 2002 17:25:47 -0000 1.9 +++ gnu/usr.sbin/sendmail/smrsh/smrsh.c 4 Nov 2002 14:29:09 -0000 1.9.2.1 @@ -57,6 +57,8 @@ #include #include #include +#include +#include #include #include #include @@ -145,6 +147,7 @@ char *newenv[2]; char pathbuf[1000]; char specialbuf[32]; + struct stat st; #ifndef DEBUG # ifndef LOG_MAIL @@ -302,6 +305,38 @@ (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, "Trying %s\n", cmdbuf); #endif /* DEBUG */ + if (stat(cmdbuf, &st) < 0) + { + /* can't stat it */ + (void) sm_io_fprintf(smioerr, SM_TIME_DEFAULT, + "%s: %s not available for sendmail programs (stat failed)\n", + prg, cmd); + if (p != NULL) + *p = ' '; +#ifndef DEBUG + syslog(LOG_CRIT, "uid %d: attempt to use %s (stat failed)", + (int) getuid(), cmd); +#endif /* ! DEBUG */ + exit(EX_UNAVAILABLE); + } + if (!S_ISREG(st.st_mode) +#ifdef S_ISLNK + && !S_ISLNK(st.st_mode) +#endif /* S_ISLNK */ + ) + { + /* can't stat it */ + (void) sm_io_fprintf(smioerr, SM_TIME_DEFAULT, + "%s: %s not available for sendmail programs (not a file)\n", + prg, cmd); + if (p != NULL) + *p = ' '; +#ifndef DEBUG + syslog(LOG_CRIT, "uid %d: attempt to use %s (not a file)", + (int) getuid(), cmd); +#endif /* ! DEBUG */ + exit(EX_UNAVAILABLE); + } if (access(cmdbuf, X_OK) < 0) { /* oops.... crack attack possiblity */