Philip Hazel writes:
>
> (2) A recent security patch to Solaris 2 supplied a new version of
> /usr/bin/vacation which calls /usr/lib/sendmail with "--" as one of its
> options. Needless to say, the Solaris 2 man page for sendmail makes no
> mention of this option. However, it is commonly used to mean "end of
> options; anything following is an argument" and it is pretty clear that
> that is what is meant here, so I have added it to Exim with that
> meaning.
A bit of further information for Solaris 2 users. The patch in question
first appears in the 1997-12-01 security bulletin from Sun, and has the
following ids:
2.3 101782-02
2.4 102066-21
2.4_x86 102064-19
2.5 105533-01
2.5_x86 105534-01
2.5.1 105520-01
2.5.1_x86 105521-01
2.6 105518-01
2.6_x86 105519-01
The change seems to be that /usr/bin/vacation calls /usr/lib/sendmail with
arguments "-eq -f [sender] -- [recipient]", the "--" being new. Presumably
it's meant to guard against the recipient (the original sender) starting
with "-" and invoking some evil option of sendmail. I must admit I haven't
worked out quite what sort of damage one could do.
We actually applied the Sun patch on our Solaris 2.5 systems here on the same
day that Philip installed Exim 1.80, so it took us a little time to work out
what was at fault...
Chris Thompson Cambridge University Computing Service,
Email: cet1@??? New Museums Site, Cambridge CB2 3QG,
Phone: +44 1223 334715 United Kingdom.
--
*** Exim information can be found at
http://www.exim.org/ ***