resolve conflicts. (mainly due to $Id$ mistake in past import)

gnu/dist/sendmail/RELEASE_NOTES

@@ -1,11 +1,22 @@
 			SENDMAIL RELEASE NOTES
-      Id: RELEASE_NOTES,v 8.561 2000/04/06 23:51:49 gshapiro Exp
+      Id: RELEASE_NOTES,v 8.561.4.6 2000/06/07 07:39:53 gshapiro Exp
 
 
 This listing shows the version of the sendmail binary, the version
 of the sendmail configuration files, the date of release, and a
 summary of the changes in that release.
 
+8.10.2/8.10.2	2000/06/07
+	SECURITY: Work around broken Linux setuid() implementation.
+		On Linux, a normal user process has the ability to subvert
+		the setuid() call such that it is impossible for a root
+		process to drop its privileges.  Problem noted by Wojciech 
+		Purczynski of elzabsoft.pl.
+	SECURITY: Add more vigilance around set*uid(), setgid(), setgroups(),
+		initgroups(), and chroot() calls.
+	Added Files:
+		test/t_setuid.c
+
 8.10.1/8.10.1	2000/04/06
 	SECURITY: Limit the choice of outgoing (client-side) SMTP
 		Authentication mechanisms to those specified in

gnu/dist/sendmail/cf/cf/generic-bsd4.4.cf

@@ -16,8 +16,8 @@
 #####
 #####		SENDMAIL CONFIGURATION FILE
 #####
-##### built by gshapiro@horsey.gshapiro.net on Thu Apr 6 14:36:11 PDT 2000
+##### built by gshapiro@horsey.gshapiro.net on Wed Jun 7 10:00:54 PDT 2000
-##### in /usr/local/src/sendmail/devel/OpenSource/sendmail-8.10.1/cf/cf
+##### in /usr/local/src/sendmail/devel/8.10/OpenSource/sendmail-8.10.2/cf/cf
 ##### using ../ as configuration include directory
 #####
 ######################################################################
@@ -113,7 +113,7 @@ DnMAILER-DAEMON
 CPREDIRECT
 
 # Configuration version number
-DZ8.10.1
+DZ8.10.2
 
 
 ###############

gnu/dist/sendmail/cf/cf/generic-hpux10.cf

@@ -16,8 +16,8 @@
 #####
 #####		SENDMAIL CONFIGURATION FILE
 #####
-##### built by gshapiro@horsey.gshapiro.net on Thu Apr 6 14:36:13 PDT 2000
+##### built by gshapiro@horsey.gshapiro.net on Wed Jun 7 10:00:57 PDT 2000
-##### in /usr/local/src/sendmail/devel/OpenSource/sendmail-8.10.1/cf/cf
+##### in /usr/local/src/sendmail/devel/8.10/OpenSource/sendmail-8.10.2/cf/cf
 ##### using ../ as configuration include directory
 #####
 ######################################################################
@@ -114,7 +114,7 @@ DnMAILER-DAEMON
 CPREDIRECT
 
 # Configuration version number
-DZ8.10.1
+DZ8.10.2
 
 
 ###############

gnu/dist/sendmail/cf/cf/generic-hpux9.cf

@@ -16,8 +16,8 @@
 #####
 #####		SENDMAIL CONFIGURATION FILE
 #####
-##### built by gshapiro@horsey.gshapiro.net on Thu Apr 6 14:36:13 PDT 2000
+##### built by gshapiro@horsey.gshapiro.net on Wed Jun 7 10:00:57 PDT 2000
-##### in /usr/local/src/sendmail/devel/OpenSource/sendmail-8.10.1/cf/cf
+##### in /usr/local/src/sendmail/devel/8.10/OpenSource/sendmail-8.10.2/cf/cf
 ##### using ../ as configuration include directory
 #####
 ######################################################################
@@ -114,7 +114,7 @@ DnMAILER-DAEMON
 CPREDIRECT
 
 # Configuration version number
-DZ8.10.1
+DZ8.10.2
 
 
 ###############

gnu/dist/sendmail/cf/cf/generic-linux.cf

@@ -16,8 +16,8 @@
 #####
 #####		SENDMAIL CONFIGURATION FILE
 #####
-##### built by gshapiro@horsey.gshapiro.net on Thu Apr 6 14:36:13 PDT 2000
+##### built by gshapiro@horsey.gshapiro.net on Wed Jun 7 10:00:58 PDT 2000
-##### in /usr/local/src/sendmail/devel/OpenSource/sendmail-8.10.1/cf/cf
+##### in /usr/local/src/sendmail/devel/8.10/OpenSource/sendmail-8.10.2/cf/cf
 ##### using ../ as configuration include directory
 #####
 ######################################################################
@@ -117,7 +117,7 @@ DnMAILER-DAEMON
 CPREDIRECT
 
 # Configuration version number
-DZ8.10.1
+DZ8.10.2
 
 
 ###############

gnu/dist/sendmail/cf/cf/generic-osf1.cf

@@ -16,8 +16,8 @@
 #####
 #####		SENDMAIL CONFIGURATION FILE
 #####
-##### built by gshapiro@horsey.gshapiro.net on Thu Apr 6 14:36:14 PDT 2000
+##### built by gshapiro@horsey.gshapiro.net on Wed Jun 7 10:00:58 PDT 2000
-##### in /usr/local/src/sendmail/devel/OpenSource/sendmail-8.10.1/cf/cf
+##### in /usr/local/src/sendmail/devel/8.10/OpenSource/sendmail-8.10.2/cf/cf
 ##### using ../ as configuration include directory
 #####
 ######################################################################
@@ -114,7 +114,7 @@ DnMAILER-DAEMON
 CPREDIRECT
 
 # Configuration version number
-DZ8.10.1
+DZ8.10.2
 
 
 ###############

gnu/dist/sendmail/cf/cf/generic-solaris2.cf

@@ -16,8 +16,8 @@
 #####
 #####		SENDMAIL CONFIGURATION FILE
 #####
-##### built by gshapiro@horsey.gshapiro.net on Thu Apr 6 14:36:14 PDT 2000
+##### built by gshapiro@horsey.gshapiro.net on Wed Jun 7 10:00:58 PDT 2000
-##### in /usr/local/src/sendmail/devel/OpenSource/sendmail-8.10.1/cf/cf
+##### in /usr/local/src/sendmail/devel/8.10/OpenSource/sendmail-8.10.2/cf/cf
 ##### using ../ as configuration include directory
 #####
 ######################################################################
@@ -113,7 +113,7 @@ DnMAILER-DAEMON
 CPREDIRECT
 
 # Configuration version number
-DZ8.10.1
+DZ8.10.2
 
 
 ###############

gnu/dist/sendmail/cf/cf/generic-sunos4.1.cf

@@ -16,8 +16,8 @@
 #####
 #####		SENDMAIL CONFIGURATION FILE
 #####
-##### built by gshapiro@horsey.gshapiro.net on Thu Apr 6 14:36:14 PDT 2000
+##### built by gshapiro@horsey.gshapiro.net on Wed Jun 7 10:00:59 PDT 2000
-##### in /usr/local/src/sendmail/devel/OpenSource/sendmail-8.10.1/cf/cf
+##### in /usr/local/src/sendmail/devel/8.10/OpenSource/sendmail-8.10.2/cf/cf
 ##### using ../ as configuration include directory
 #####
 ######################################################################
@@ -114,7 +114,7 @@ DnMAILER-DAEMON
 CPREDIRECT
 
 # Configuration version number
-DZ8.10.1
+DZ8.10.2
 
 
 ###############

gnu/dist/sendmail/cf/cf/generic-ultrix4.cf

@@ -16,8 +16,8 @@
 #####
 #####		SENDMAIL CONFIGURATION FILE
 #####
-##### built by gshapiro@horsey.gshapiro.net on Thu Apr 6 14:36:14 PDT 2000
+##### built by gshapiro@horsey.gshapiro.net on Wed Jun 7 10:01:00 PDT 2000
-##### in /usr/local/src/sendmail/devel/OpenSource/sendmail-8.10.1/cf/cf
+##### in /usr/local/src/sendmail/devel/8.10/OpenSource/sendmail-8.10.2/cf/cf
 ##### using ../ as configuration include directory
 #####
 ######################################################################
@@ -114,7 +114,7 @@ DnMAILER-DAEMON
 CPREDIRECT
 
 # Configuration version number
-DZ8.10.1
+DZ8.10.2
 
 
 ###############

gnu/dist/sendmail/cf/m4/version.m4

@@ -11,8 +11,8 @@ divert(-1)
 # the sendmail distribution.
 #
 #
-VERSIONID(`Id: version.m4,v 8.39 2000/04/06 20:30:53 gshapiro Exp')
+VERSIONID(`Id: version.m4,v 8.39.6.2 2000/06/07 07:39:55 gshapiro Exp')
 #
 divert(0)
 # Configuration version number
-DZ8.10.1`'ifdef(`confCF_VERSION', `/confCF_VERSION')
+DZ8.10.2`'ifdef(`confCF_VERSION', `/confCF_VERSION')

gnu/dist/sendmail/cf/ostype/solaris2.pre5.m4

@@ -17,7 +17,7 @@ divert(-1)
 
 
 divert(0)
-VERSIONID(`Id: solaris2.pre5.m4,v 1.1 1999/09/25 01:17:44 ca Exp')
+VERSIONID(`Id: solaris2.pre5.m4,v 8.1 1999/09/25 08:17:44 ca Exp')
 divert(-1)
 
 _DEFIFNOT(`LOCAL_MAILER_FLAGS', `SnE9')

gnu/dist/sendmail/devtools/OS/OSF1.V5.0

@@ -1,4 +1,4 @@
-#	Id: OSF1.V5.0,v 1.1 2000/03/23 00:14:01 gshapiro Exp
+#	Id: OSF1.V5.0,v 8.1 2000/03/23 00:14:01 gshapiro Exp
 define(`confCC', `cc -std1 -Olimit 1000')
 define(`confMAPDEF', `-DNDBM -DNIS -DMAP_REGEX')
 define(`confENVDEF', `-DHASSNPRINTF=1')

gnu/dist/sendmail/libmilter/Makefile

@@ -1,4 +1,4 @@
-#       Id: Makefile,v 1.1 1999/11/04 00:03:40 ca Exp
+#       Id: Makefile,v 8.1 1999/11/04 00:03:40 ca Exp
 
 SHELL= /bin/sh
 BUILD=   ./Build

gnu/dist/sendmail/libsmdb/Makefile

@@ -1,4 +1,4 @@
-#       Id: Makefile,v 1.2 1999/09/23 22:36:29 ca Exp
+#       Id: Makefile,v 8.2 1999/09/23 22:36:29 ca Exp
 
 SHELL= /bin/sh
 BUILD=   ./Build

gnu/dist/sendmail/libsmutil/Makefile

@@ -1,4 +1,4 @@
-#       Id: Makefile,v 1.2 1999/09/23 22:36:32 ca Exp
+#       Id: Makefile,v 8.2 1999/09/23 22:36:32 ca Exp
 
 SHELL= /bin/sh
 BUILD=   ./Build

gnu/dist/sendmail/sendmail/deliver.c

@@ -12,7 +12,7 @@
  */
 
 #ifndef lint
-static char id[] = "@(#)Id: deliver.c,v 8.600 2000/04/06 00:50:14 gshapiro Exp";
+static char id[] = "@(#)Id: deliver.c,v 8.600.4.3 2000/05/28 17:47:08 gshapiro Exp";
 #endif /* ! lint */
 
 #include <sendmail.h>
@@ -1860,8 +1860,11 @@ tryhost:
 						u = ctladdr->q_user;
 
 					if (initgroups(u, ctladdr->q_gid) == -1 && suidwarn)
+					{
 						syserr("openmailer: initgroups(%s, %d) failed",
 							u, ctladdr->q_gid);
+						exit(EX_TEMPFAIL);
+					}
 				}
 				else
 				{
@@ -1869,7 +1872,10 @@ tryhost:
 
 					gidset[0] = ctladdr->q_gid;
 					if (setgroups(1, gidset) == -1 && suidwarn)
+					{
 						syserr("openmailer: setgroups() failed");
+						exit(EX_TEMPFAIL);
+					}
 				}
 				new_gid = ctladdr->q_gid;
 			}
@@ -1878,8 +1884,11 @@ tryhost:
 				if (!DontInitGroups)
 				{
 					if (initgroups(DefUser, DefGid) == -1 && suidwarn)
+					{
 						syserr("openmailer: initgroups(%s, %d) failed",
 							DefUser, DefGid);
+						exit(EX_TEMPFAIL);
+					}
 				}
 				else
 				{
@@ -1887,16 +1896,34 @@ tryhost:
 
 					gidset[0] = DefGid;
 					if (setgroups(1, gidset) == -1 && suidwarn)
+					{
 						syserr("openmailer: setgroups() failed");
+						exit(EX_TEMPFAIL);
+					}
 				}
 				if (m->m_gid == 0)
 					new_gid = DefGid;
 				else
 					new_gid = m->m_gid;
 			}
-			if (new_gid != NO_GID && setgid(new_gid) < 0 && suidwarn)
+			if (new_gid != NO_GID)
+			{
+				if (RunAsUid != 0 &&
+				    (RealGid != getgid() ||
+				     RealGid != getegid()))
+				{
+					/* Only root can change the gid */
+					syserr("openmailer: insufficient privileges to change gid");
+					exit(EX_TEMPFAIL);
+				}
+
+				if (setgid(new_gid) < 0 && suidwarn)
+				{
 					syserr("openmailer: setgid(%ld) failed",
 					       (long) new_gid);
+					exit(EX_TEMPFAIL);
+				}
+			}
 
 			/* change root to some "safe" directory */
 			if (m->m_rootdir != NULL)
@@ -1906,10 +1933,16 @@ tryhost:
 					dprintf("openmailer: chroot %s\n",
 						buf);
 				if (chroot(buf) < 0)
+				{
 					syserr("openmailer: Cannot chroot(%s)",
 					       buf);
+					exit(EX_TEMPFAIL);
+				}
 				if (chdir("/") < 0)
+				{
 					syserr("openmailer: cannot chdir(/)");
+					exit(EX_TEMPFAIL);
+				}
 			}
 
 			/* reset user id */
@@ -1926,29 +1959,48 @@ tryhost:
 				new_ruid = DefUid;
 			if (new_euid != NO_UID)
 			{
+				if (RunAsUid != 0 && new_euid != RunAsUid)
+				{
+					/* Only root can change the uid */
+					syserr("openmailer: insufficient privileges to change uid");
+					exit(EX_TEMPFAIL);
+				}
+
 				vendor_set_uid(new_euid);
 #if MAILER_SETUID_METHOD == USE_SETEUID
 				if (seteuid(new_euid) < 0 && suidwarn)
+				{
 					syserr("openmailer: seteuid(%ld) failed",
 						(long) new_euid);
+					exit(EX_TEMPFAIL);
+				}
 #endif /* MAILER_SETUID_METHOD == USE_SETEUID */
 #if MAILER_SETUID_METHOD == USE_SETREUID
 				if (setreuid(new_ruid, new_euid) < 0 && suidwarn)
+				{
 					syserr("openmailer: setreuid(%ld, %ld) failed",
 						(long) new_ruid, (long) new_euid);
+					exit(EX_TEMPFAIL);
+				}
 #endif /* MAILER_SETUID_METHOD == USE_SETREUID */
 #if MAILER_SETUID_METHOD == USE_SETUID
 				if (new_euid != geteuid() && setuid(new_euid) < 0 && suidwarn)
+				{
 					syserr("openmailer: setuid(%ld) failed",
 						(long) new_euid);
+					exit(EX_TEMPFAIL);
+				}
 #endif /* MAILER_SETUID_METHOD == USE_SETUID */
 			}
 			else if (new_ruid != NO_UID)
 			{
 				vendor_set_uid(new_ruid);
 				if (setuid(new_ruid) < 0 && suidwarn)
+				{
 					syserr("openmailer: setuid(%ld) failed",
 						(long) new_ruid);
+					exit(EX_TEMPFAIL);
+				}
 			}
 
 			if (tTd(11, 2))
@@ -3884,6 +3936,12 @@ mailfile(filename, mailer, ctladdr, sfflags, e)
 			{
 				RealUserName = NULL;
 				RealUid = mailer->m_uid;
+				if (RunAsUid != 0 && RealUid != RunAsUid)
+				{
+					/* Only root can change the uid */
+					syserr("mailfile: insufficient privileges to change uid");
+					exit(EX_TEMPFAIL);
+				}
 			}
 			else if (bitset(S_ISUID, mode))
 			{
@@ -3911,7 +3969,17 @@ mailfile(filename, mailer, ctladdr, sfflags, e)
 
 			/* select a new group to run as */
 			if (bitnset(M_SPECIFIC_UID, mailer->m_flags))
+			{
 				RealGid = mailer->m_gid;
+				if (RunAsUid != 0 &&
+				    (RealGid != getgid() ||
+				     RealGid != getegid()))
+				{
+					/* Only root can change the gid */
+					syserr("mailfile: insufficient privileges to change gid");
+					exit(EX_TEMPFAIL);
+				}
+			}
 			else if (bitset(S_ISGID, mode))
 				RealGid = stb.st_gid;
 			else if (ctladdr != NULL && ctladdr->q_uid != 0)
@@ -3939,8 +4007,11 @@ mailfile(filename, mailer, ctladdr, sfflags, e)
 		if (RealUserName != NULL && !DontInitGroups)
 		{
 			if (initgroups(RealUserName, RealGid) == -1 && suidwarn)
+			{
 				syserr("mailfile: initgroups(%s, %d) failed",
 					RealUserName, RealGid);
+				exit(EX_TEMPFAIL);
+			}
 		}
 		else
 		{
@@ -3948,7 +4019,10 @@ mailfile(filename, mailer, ctladdr, sfflags, e)
 
 			gidset[0] = RealGid;
 			if (setgroups(1, gidset) == -1 && suidwarn)
+			{
 				syserr("mailfile: setgroups() failed");
+				exit(EX_TEMPFAIL);
+			}
 		}
 
 		/*
@@ -3973,15 +4047,24 @@ mailfile(filename, mailer, ctladdr, sfflags, e)
 			dprintf("mailfile: deliver to %s\n", realfile);
 
 		if (chdir("/") < 0)
+		{
 			syserr("mailfile: cannot chdir(/)");
+			exit(EX_CANTCREAT);
+		}
 
 		/* now reset the group and user ids */
 		endpwent();
 		if (setgid(RealGid) < 0 && suidwarn)
+		{
 			syserr("mailfile: setgid(%ld) failed", (long) RealGid);
+			exit(EX_TEMPFAIL);
+		}
 		vendor_set_uid(RealUid);
 		if (setuid(RealUid) < 0 && suidwarn)
+		{
 			syserr("mailfile: setuid(%ld) failed", (long) RealUid);
+			exit(EX_TEMPFAIL);
+		}
 
 		if (tTd(11, 2))
 			dprintf("mailfile: running as r/euid=%d/%d, r/egid=%d/%d\n",

gnu/dist/sendmail/sendmail/main.c

@@ -21,7 +21,7 @@ static char copyright[] =
 #endif /* ! lint */
 
 #ifndef lint
-static char id[] = "@(#)Id: main.c,v 8.485 2000/03/11 19:53:01 ca Exp";
+static char id[] = "@(#)Id: main.c,v 8.485.6.2 2000/05/28 18:00:12 gshapiro Exp";
 #endif /* ! lint */
 
 #define	_DEFINE
@@ -113,6 +113,7 @@ main(argc, argv, envp)
 	STAB *st;
 	register int i;
 	int j;
+	int dp;
 	bool safecf = TRUE;
 	BITMAP256 *p_flags = NULL;	/* daemon flags */
 	bool warn_C_flag = FALSE;
@@ -229,7 +230,8 @@ main(argc, argv, envp)
 #endif /* NGROUPS_MAX */
 
 	/* drop group id privileges (RunAsUser not yet set) */
-	(void) drop_privileges(FALSE);
+	dp = drop_privileges(FALSE);
+	setstat(dp);
 
 #ifdef SIGUSR1
 	/* arrange to dump state on user-1 signal */
@@ -687,7 +689,8 @@ main(argc, argv, envp)
 			if (RealUid != 0)
 				warn_C_flag = TRUE;
 			ConfFile = optarg;
-			(void) drop_privileges(TRUE);
+			dp = drop_privileges(TRUE);
+			setstat(dp);
 			safecf = FALSE;
 			break;
 
@@ -885,7 +888,8 @@ main(argc, argv, envp)
 			break;
 
 		  case 'X':	/* traffic log file */
-			(void) drop_privileges(TRUE);
+			dp = drop_privileges(TRUE);
+			setstat(dp);
 			if (stat(optarg, &traf_st) == 0 &&
 			    S_ISFIFO(traf_st.st_mode))
 				TrafficLogFile = fopen(optarg, "w");
@@ -1014,7 +1018,8 @@ main(argc, argv, envp)
 	if (OpMode != MD_DAEMON && OpMode != MD_FGDAEMON)
 	{
 		/* drop privileges -- daemon mode done after socket/bind */
-		(void) drop_privileges(FALSE);
+		dp = drop_privileges(FALSE);
+		setstat(dp);
 	}
 
 #if NAMED_BIND
@@ -2555,7 +2560,8 @@ drop_privileges(to_real_uid)
 
 	if (tTd(47, 1))
 		dprintf("drop_privileges(%d): Real[UG]id=%d:%d, RunAs[UG]id=%d:%d\n",
-			(int)to_real_uid, (int)RealUid, (int)RealGid, (int)RunAsUid, (int)RunAsGid);
+			(int)to_real_uid, (int)RealUid,
+			(int)RealGid, (int)RunAsUid, (int)RunAsGid);
 
 	if (to_real_uid)
 	{
@@ -2570,19 +2576,48 @@ drop_privileges(to_real_uid)
 	/* reset group permissions; these can be set later */
 	emptygidset[0] = (to_real_uid || RunAsGid != 0) ? RunAsGid : getegid();
 	if (setgroups(1, emptygidset) == -1 && geteuid() == 0)
+	{
+		syserr("drop_privileges: setgroups(1, %d) failed",
+		       (int)emptygidset[0]);
 		rval = EX_OSERR;
+	}
 
 	/* reset primary group and user id */
 	if ((to_real_uid || RunAsGid != 0) && setgid(RunAsGid) < 0)
+	{
+		syserr("drop_privileges: setgid(%d) failed", (int)RunAsGid);
 		rval = EX_OSERR;
-	if ((to_real_uid || RunAsUid != 0) && setuid(RunAsUid) < 0)
+	}
+	if (to_real_uid || RunAsUid != 0)
+	{
+		if (setuid(RunAsUid) < 0)
+		{
+			syserr("drop_privileges: setuid(%d) failed",
+			       (int)RunAsUid);
 			rval = EX_OSERR;
+		}
+		else if (RunAsUid != 0 && setuid(0) == 0)
+		{
+			/*
+			**  Believe it or not, the Linux capability model
+			**  allows a non-root process to override setuid()
+			**  on a process running as root and prevent that
+			**  process from dropping privileges.
+			*/
+
+			syserr("drop_privileges: setuid(0) succeeded (when it should not)");
+			rval = EX_OSERR;
+		}
+	}
 	if (tTd(47, 5))
 	{
 		dprintf("drop_privileges: e/ruid = %d/%d e/rgid = %d/%d\n",
-			(int)geteuid(), (int)getuid(), (int)getegid(), (int)getgid());
+			(int)geteuid(), (int)getuid(),
+			(int)getegid(), (int)getgid());
 		dprintf("drop_privileges: RunAsUser = %d:%d\n",
 			(int)RunAsUid, (int)RunAsGid);
+		if (tTd(47, 10))
+			dprintf("drop_privileges: rval = %d\n", rval);
 	}
 	return rval;
 }

gnu/dist/sendmail/sendmail/readcf.c

@@ -12,7 +12,7 @@
  */
 
 #ifndef lint
-static char id[] = "@(#)Id: readcf.c,v 8.382 2000/04/06 18:02:33 gshapiro Exp";
+static char id[] = "@(#)Id: readcf.c,v 8.382.6.1 2000/05/27 19:56:01 gshapiro Exp";
 #endif /* ! lint */
 
 #include <sendmail.h>
@@ -1915,9 +1915,12 @@ setoption(opt, val, safe, sticky, e)
 	{
 		if (opt != 'M' || (val[0] != 'r' && val[0] != 's'))
 		{
+			int dp;
+
 			if (tTd(37, 1))
 				dprintf(" (unsafe)");
-			(void) drop_privileges(TRUE);
+			dp = drop_privileges(TRUE);
+			setstat(dp);
 		}
 	}
 	if (tTd(37, 1))

gnu/dist/sendmail/sendmail/recipient.c

@@ -12,7 +12,7 @@
  */
 
 #ifndef lint
-static char id[] = "@(#)Id: recipient.c,v 8.231 2000/01/05 01:40:53 gshapiro Exp";
+static char id[] = "@(#)Id: recipient.c,v 8.231.16.1 2000/05/27 19:56:01 gshapiro Exp";
 #endif /* ! lint */
 
 #include <sendmail.h>
@@ -1158,8 +1158,12 @@ include(fname, forwarding, ctladdr, sendq, aliaslevel, e)
 		if (!DontInitGroups)
 		{
 			if (initgroups(user, gid) == -1)
+			{
+				rval = EAGAIN;
 				syserr("include: initgroups(%s, %d) failed",
 					user, gid);
+				goto resetuid;
+			}
 		}
 		else
 		{
@@ -1167,22 +1171,38 @@ include(fname, forwarding, ctladdr, sendq, aliaslevel, e)
 
 			gidset[0] = gid;
 			if (setgroups(1, gidset) == -1)
+			{
+				rval = EAGAIN;
 				syserr("include: setgroups() failed");
+				goto resetuid;
+			}
 		}
 
 		if (gid != 0 && setgid(gid) < -1)
+		{
+			rval = EAGAIN;
 			syserr("setgid(%d) failure", gid);
+			goto resetuid;
+		}
 		if (uid != 0)
 		{
 # if MAILER_SETUID_METHOD == USE_SETEUID
 			if (seteuid(uid) < 0)
+			{
+				rval = EAGAIN;
 				syserr("seteuid(%d) failure (real=%d, eff=%d)",
 					uid, getuid(), geteuid());
+				goto resetuid;
+			}
 # endif /* MAILER_SETUID_METHOD == USE_SETEUID */
 # if MAILER_SETUID_METHOD == USE_SETREUID
 			if (setreuid(0, uid) < 0)
+			{
+				rval = EAGAIN;
 				syserr("setreuid(0, %d) failure (real=%d, eff=%d)",
 					uid, getuid(), geteuid());
+				goto resetuid;
+			}
 # endif /* MAILER_SETUID_METHOD == USE_SETREUID */
 		}
 	}
@@ -1309,18 +1329,20 @@ resetuid:
 		{
 # if USESETEUID
 			if (seteuid(0) < 0)
-				syserr("seteuid(0) failure (real=%d, eff=%d)",
+				syserr("!seteuid(0) failure (real=%d, eff=%d)",
 					getuid(), geteuid());
 # else /* USESETEUID */
 			if (setreuid(-1, 0) < 0)
-				syserr("setreuid(-1, 0) failure (real=%d, eff=%d)",
+				syserr("!setreuid(-1, 0) failure (real=%d, eff=%d)",
 					getuid(), geteuid());
 			if (setreuid(RealUid, 0) < 0)
-				syserr("setreuid(%d, 0) failure (real=%d, eff=%d)",
+				syserr("!setreuid(%d, 0) failure (real=%d, eff=%d)",
 					RealUid, getuid(), geteuid());
 # endif /* USESETEUID */
 		}
-		(void) setgid(savedgid);
+		if (setgid(savedgid) < 0)
+			syserr("!setgid(%d) failure (real=%d eff=%d)",
+			       savedgid, getgid(), getegid());
 	}
 #endif /* HASSETREUID || USESETEUID */
 

gnu/dist/sendmail/sendmail/util.c

@@ -12,7 +12,7 @@
  */
 
 #ifndef lint
-static char id[] = "@(#)Id: util.c,v 8.225 2000/03/28 21:55:22 ca Exp";
+static char id[] = "@(#)Id: util.c,v 8.225.4.1 2000/05/27 19:56:01 gshapiro Exp";
 #endif /* ! lint */
 
 #include <sendmail.h>
@@ -1856,17 +1856,29 @@ prog_open(argv, pfd, e)
 	{
 		expand(ProgMailer->m_rootdir, buf, sizeof buf, e);
 		if (chroot(buf) < 0)
+		{
 			syserr("prog_open: cannot chroot(%s)", buf);
+			exit(EX_TEMPFAIL);
+		}
 		if (chdir("/") < 0)
+		{
 			syserr("prog_open: cannot chdir(/)");
+			exit(EX_TEMPFAIL);
+		}
 	}
 
 	/* run as default user */
 	endpwent();
 	if (setgid(DefGid) < 0 && geteuid() == 0)
+	{
 		syserr("prog_open: setgid(%ld) failed", (long) DefGid);
+		exit(EX_TEMPFAIL);
+	}
 	if (setuid(DefUid) < 0 && geteuid() == 0)
+	{
 		syserr("prog_open: setuid(%ld) failed", (long) DefUid);
+		exit(EX_TEMPFAIL);
+	}
 
 	/* run in some directory */
 	if (ProgMailer != NULL)

gnu/dist/sendmail/sendmail/version.c

@@ -12,7 +12,7 @@
  */
 
 #ifndef lint
-static char id[] = "@(#)Id: version.c,v 8.43 2000/04/06 20:30:54 gshapiro Exp";
+static char id[] = "@(#)Id: version.c,v 8.43.6.2 2000/06/07 07:39:56 gshapiro Exp";
 #endif /* ! lint */
 
-char	Version[] = "8.10.1";
+char	Version[] = "8.10.2";