DON'T USE 'FU/usr/lib/uucp/L.sys' in sendmail.cf
Stefan Stapelberg
stefan at shiva.systemware.de
Wed Apr 17 19:44:34 AEST 1991
In article <3250 at charon.cwi.nl> piet at cwi.nl (Piet Beertema) writes:
|
| As stated earlier, it is potentially dangerous to use 'F' lines in
| sendmail.cf to read sensitive files, such as /usr/lib/uucp/L.sys
| (or whatever your UUCP systems file is called).
|Depends. If you're running 5.64 or older *and* if
|you do *not* have
|#define SCANF 1
|in your conf.h, then indeed sensitive information
|can end up in your frozen config file.
|This is no longer the case in 5.65/IDA-1.4.2 and
|later, since SCANF is effectively always enabled.
A somewhat better solution is to use the 'uuname' command directly as in:
FU|/usr/bin/uuname
This works at least since sendmail 5.57, possibly with older version also.
Regards, Stefan
More information about the Comp.unix.wizards
mailing list