*** RELEASE_NOTES.OLD Mon Mar 21 23:34:38 1994 --- RELEASE_NOTES Mon Mar 21 23:31:59 1994 *************** *** 1,9 **** SENDMAIL RELEASE NOTES ! @(#)RELEASE_NOTES 8.6.7.1 (Berkeley) 3/14/94 This listing shows the version of the sendmail binary, the version of the sendmail configuration files, the date of release, and a summary of the changes in that release. 8.6.7/8.6.6 94/03/14 SECURITY: it was possible to get root access by using wierd --- 1,14 ---- SENDMAIL RELEASE NOTES ! @(#)RELEASE_NOTES 8.6.8.1 (Berkeley) 3/21/94 This listing shows the version of the sendmail binary, the version of the sendmail configuration files, the date of release, and a summary of the changes in that release. + + 8.6.8/8.6.6 94/03/21 + SECURITY: it was possible to read any file as root using the + E (error message) option. Reported by Richard Jones; + fixed by Michael Corrigan and Christophe Wolfhugel. 8.6.7/8.6.6 94/03/14 SECURITY: it was possible to get root access by using wierd *** doc/op/op.me.OLD Mon Mar 21 23:33:11 1994 --- doc/op/op.me Mon Mar 21 23:34:05 1994 *************** *** 30,36 **** .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" ! .\" @(#)op.me 8.34 (Berkeley) 3/3/94 .\" .\" eqn op.me | pic | troff -me .eh 'SMM:08-%''Sendmail Installation and Operation Guide' --- 30,36 ---- .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" ! .\" @(#)op.me 8.35 (Berkeley) 3/21/94 .\" .\" eqn op.me | pic | troff -me .eh 'SMM:08-%''Sendmail Installation and Operation Guide' *************** *** 69,75 **** Mammoth Project eric@CS.Berkeley.EDU .sp ! Version 8.34 .sp For Sendmail Version 8.6 .)l --- 69,75 ---- Mammoth Project eric@CS.Berkeley.EDU .sp ! Version 8.35 .sp For Sendmail Version 8.6 .)l *************** *** 4103,4109 **** .i sendmail to relinquish its setuid permissions. The options that will not cause this are ! b, d, e, E, i, L, m, o, p, r, s, v, C, and 7. Also, M (define macro) when defining the r or s macros is also considered .q safe . --- 4103,4109 ---- .i sendmail to relinquish its setuid permissions. The options that will not cause this are ! b, d, e, i, L, m, o, p, r, s, v, C, and 7. Also, M (define macro) when defining the r or s macros is also considered .q safe . *************** *** 6887,6893 **** .\"Eric Allman .\"Britton-Lee, Inc. .\".sp ! .\"Version 8.34 .\".ce 0 .bp 2 .rs --- 6887,6893 ---- .\"Eric Allman .\"Britton-Lee, Inc. .\".sp ! .\"Version 8.35 .\".ce 0 .bp 2 .rs *** src/readcf.c.OLD Mon Mar 21 23:37:13 1994 --- src/readcf.c Mon Mar 21 13:05:17 1994 *************** *** 33,39 **** */ #ifndef lint ! static char sccsid[] = "@(#)readcf.c 8.22 (Berkeley) 3/11/94"; #endif /* not lint */ # include "sendmail.h" --- 33,39 ---- */ #ifndef lint ! static char sccsid[] = "@(#)readcf.c 8.23 (Berkeley) 3/18/94"; #endif /* not lint */ # include "sendmail.h" *************** *** 1075,1081 **** if (!safe && RealUid == 0) safe = TRUE; ! if (!safe && strchr("bCdeEijLmoprsvw7", opt) == NULL) { if (opt != 'M' || (val[0] != 'r' && val[0] != 's')) { --- 1075,1081 ---- if (!safe && RealUid == 0) safe = TRUE; ! if (!safe && strchr("bCdeijLmoprsvw7", opt) == NULL) { if (opt != 'M' || (val[0] != 'r' && val[0] != 's')) { *** src/version.c.OLD Mon Mar 21 23:36:17 1994 --- src/version.c Fri Mar 18 15:36:49 1994 *************** *** 33,39 **** */ #ifndef lint ! static char sccsid[] = "@(#)version.c 8.6.7.1 (Berkeley) 3/14/94"; #endif /* not lint */ ! char Version[] = "8.6.7"; --- 33,39 ---- */ #ifndef lint ! static char sccsid[] = "@(#)version.c 8.6.8.1 (Berkeley) 3/18/94"; #endif /* not lint */ ! char Version[] = "8.6.8.1";