Apply by doing: cd /usr/src patch -p0 < 017_smrsh.patch And then rebuild and install smrsh: cd gnu/usr.sbin/sendmail/libsm make obj make depend make cd ../smrsh make obj make depend make make install Index: gnu/usr.sbin/sendmail/smrsh/smrsh.c =================================================================== RCS file: /cvs/src/gnu/usr.sbin/sendmail/smrsh/smrsh.c,v retrieving revision 1.8 retrieving revision 1.8.4.1 diff -u -r1.8 -r1.8.4.1 --- gnu/usr.sbin/sendmail/smrsh/smrsh.c 1 Oct 2001 17:18:30 -0000 1.8 +++ gnu/usr.sbin/sendmail/smrsh/smrsh.c 6 Nov 2002 22:07:54 -0000 1.8.4.1 @@ -56,6 +56,8 @@ #include #include #include +#include +#include #include #include #include @@ -148,6 +150,7 @@ char cmdbuf[1000]; char pathbuf[1000]; char specialbuf[32]; + struct stat st; #ifndef DEBUG # ifndef LOG_MAIL @@ -288,6 +291,38 @@ (void) sm_io_fprintf(smioout, SM_TIME_DEFAULT, "Trying %s\n", cmdbuf); #endif /* DEBUG */ + if (stat(cmdbuf, &st) < 0) + { + /* can't stat it */ + (void) sm_io_fprintf(smioerr, SM_TIME_DEFAULT, + "%s: %s not available for sendmail programs (stat failed)\n", + prg, cmd); + if (p != NULL) + *p = ' '; +#ifndef DEBUG + syslog(LOG_CRIT, "uid %d: attempt to use %s (stat failed)", + (int) getuid(), cmd); +#endif /* ! DEBUG */ + exit(EX_UNAVAILABLE); + } + if (!S_ISREG(st.st_mode) +#ifdef S_ISLNK + && !S_ISLNK(st.st_mode) +#endif /* S_ISLNK */ + ) + { + /* can't stat it */ + (void) sm_io_fprintf(smioerr, SM_TIME_DEFAULT, + "%s: %s not available for sendmail programs (not a file)\n", + prg, cmd); + if (p != NULL) + *p = ' '; +#ifndef DEBUG + syslog(LOG_CRIT, "uid %d: attempt to use %s (not a file)", + (int) getuid(), cmd); +#endif /* ! DEBUG */ + exit(EX_UNAVAILABLE); + } if (access(cmdbuf, X_OK) < 0) { /* oops.... crack attack possiblity */