OBSOLETE Patch-ID# 102356-01
Keywords: matching wildcard sendmail uid security performance null owner-alias 
Synopsis: OBSOLETED by 102423
Date: Feb/22/95

Solaris Release: 1.1.2

SunOS release: 4.1.4
 
Topic: sendmail jumbo patch 
 
BugId's fixed with this patch: 	1153954 1092073 1189411 1191075 1193189

Changes incorporated in this version: 1153954 1092073 1189411 1191075 1193189

Architectures for which this patch is available: sparc

Patches which may conflict with this patch:

Obsoleted by: 102423 on Mar/28/95

Problem Description: 

Bug ID: 1189411
---------------
security loophole using "M" option.

Bug ID: 1191075
---------------
security loophole by tampering with qf files.

Bug ID: 1193189
---------------
sendmail coredumps for unknown users when using "-bv"

Bug ID: 1153954
---------------
Unknown user in an alias can cause the entire list to be dropped.

Bug ID: 1092073
---------------
sendmail loops on mail where name of recipient contains eight bit


INSTALL: 

Make a copy of the old files:
mv /usr/lib/sendmail.mx /usr/lib/sendmail.mx.fcs
mv /usr/lib/sendmail    /usr/lib/sendmail.fcs

Change permissions on old files so they can't be executed:
chmod 0400 /usr/lib/sendmail.mx.fcs /usr/lib/sendmail.fcs

Install the patched files:
cp `arch`/`uname -r`/sendmail /usr/lib/sendmail
cp `arch`/`uname -r`/sendmail.mx /usr/lib/sendmail.mx

change the owner and file permissions of /usr/lib/sendmail and 
/usr/lib/sendmail.mx to match those below:

chown root.staff /usr/lib/sendmail.mx /usr/lib/sendmail
chmod 4551 /usr/lib/sendmail.mx /usr/lib/sendmail


-r-sr-x--x  1 root     staff      155648 Oct 19 17:20 /usr/lib/sendmail
-r-sr-x--x  1 root     staff      172032 Oct 19 17:20 /usr/lib/sendmail.mx


Kill and restart sendmail and mailtool.