Subject: pkg/21012: sendmail pkg uses /usr/adm/sm.bin for smrsh restricted programs
To: None <gnats-bugs@gnats.netbsd.org>
From: None <jbernard@mines.edu>
List: netbsd-bugs
Date: 04/04/2003 15:40:38
>Number:         21012
>Category:       pkg
>Synopsis:       sendmail pkg uses /usr/adm/sm.bin for smrsh restricted programs
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    pkg-manager
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Fri Apr 04 14:41:00 PST 2003
>Closed-Date:
>Last-Modified:
>Originator:     Jim Bernard
>Release:        NetBSD 1.6Q
>Organization:
>Environment:
System: NetBSD knox 1.6Q NetBSD 1.6Q (KNOX-$Revision: 1.1 $) #0: Tue Apr 1 09:27:55 MST 2003 jim@roc:/wd1/var/tmp/compile/sys/arch/i386/compile/KNOX i386
Architecture: i386
Machine: i386
>Description:
	The sendmail package, in contrast to the in-tree version of
	sendmail, builds smrsh so that it looks in /usr/adm/sm.bin
	for the programs that are to be permitted in .forward files.
	When was the last time you saw a system with /usr/adm?
	The in-tree version uses /usr/libexec/sm.bin (set in
	.../src/gnu/usr.sbin/sendmail/smrsh/Makefile).

>How-To-Repeat:
	cd ...pkgsrc/mail/sendmail
	make
	strings work*/sendmail-8.12.9/obj.*/smrsh/smrsh | grep sm.bin

	And, for comparison:

	strings /usr/libexec/smrsh | grep sm.bin

>Fix:
	The file include/sm/conf.h contains some OS-specific customizations,
	including some for SMRSH_CMDDIR.  So that's a good place to add an
	appropriate definition for NetBSD.  This should really be fed back
	to sendmail.org, and it would make sense after they update the
	master version to remove the setting of CMDDIR in the in-tree
	version, as well as removing the patch from the package.  For now,
	the patch below will suffice.

	I've set the directory to /usr/libexec/sm.bin to match the in-tree
	version, rather than /usr/pkg/libexec/sm.bin.  There are several
	reasons for this choice:

	  * The pkg version of sendmail is supposed to replace the in-tree
	    version, so it should be as easy to drop into place as possible
	    (i.e., it shouldn't be necessary to set up an additional sm.bin
	    directory just to make it work like the in-tree version).

	  * Users shouldn't modify /usr/pkg/not_etc.  (I'm not crazy about
	    modifying /usr/libexec/... either, but at least it doesn't
	    break PLISTs, and the changes survive most upgrades.)

	  * The setup of sm.bin is logically a system-configuration issue,
	    not a package-configuration issue, and /usr/pkg might be
	    shared.  (Of course, so might /usr/libexec, so, maybe it should
	    really be in etc or var/something.)

	But I'm sure someone will disagree :-).

	BTW: One might argue that the man page should be modified as well.
	But: (a) it's not modified in the in-tree version, (b) it refers
	to /usr/adm/sm.bin as the _default_ location, thus warning the
	user that that might not be the actual one, and (c) the directory
	might be different for other OS's supported by pkgsrc, so it gets
	complicated to get them all right.

	And one last point: I didn't think it appropriate to make the
	location of the sm.bin directory depend on the version of the
	NetBSD.

	Well, and just one more: maybe some additional sm.bin settings
	for other OS's supported by pkgsrc might be appropriate.

--- include/sm/conf.h.orig	2003-03-06 11:38:06.000000000 -0700
+++ include/sm/conf.h	2003-04-04 14:31:36.000000000 -0700
@@ -888,10 +888,13 @@
 #   define SPT_TYPE	SPT_BUILTIN	/* setproctitle is in libc */
 #  endif /* defined(__NetBSD__) && (NetBSD > 199307 || NetBSD0_9 > 1) */
 #  if defined(__NetBSD__) && ((__NetBSD_Version__ > 102070000) || (NetBSD1_2 > 8) || defined(NetBSD1_4) || defined(NetBSD1_3))
 #   define HASURANDOMDEV	1	/* has /dev/urandom(4) */
 #  endif /* defined(__NetBSD__) && ((__NetBSD_Version__ > 102070000) || (NetBSD1_2 > 8) || defined(NetBSD1_4) || defined(NetBSD1_3)) */
+#  if defined(__NetBSD__)
+#   define SMRSH_CMDDIR	"/usr/libexec/sm.bin"
+#  endif /* defined(__NetBSD__) */
 #  if defined(__FreeBSD__)
 #   define HASSETLOGIN	1	/* has setlogin(2) */
 #   if __FreeBSD_version >= 227001
 #    define HASSRANDOMDEV	1	/* has srandomdev(3) */
 #    define HASURANDOMDEV	1	/* has /dev/urandom(4) */
>Release-Note:
>Audit-Trail:
>Unformatted: