Patch-ID# 100108-01
Keywords: sendmail security groupid
Synopsis: 386i sendmail fixing security hole
Date: 22-Aug-90

SunOS release: 4.0.2i

Unbundled Product: 

Unbundled Release:
 
Topic: 

BugId's fixed with this patch: 1020050 1028173

Architectures for which this patch is available: sun386i

Obsoleted by: 4.0.3i

Problem Description:

It has been discovered that "sendmail" in SunOS 4.0.2i can be coaxed into
writing a file not owned by the sender. If this file was, for instance,
"rhosts", one could login into an unsuspecting users machine.  This is 
bugid #1028173.  The sendmail program in this patch has this problem
properly fixed.  

This patch also fixes bug #1020050, a lesser problem of a 29 character
host limit.  The hostname limit has been expanded to 65 characters.

This patch should contain the following files:
	README
	sun386/sendmail
	sun386/sendmail.mx

To install:

	As root, perform the followin commands:

	# mv /usr/lib/sendmail /usr/lib/sendmail.orig
	# mv /usr/lib/sendmail.mx /usr/lib/sendmail.mx.orig
	# cp sun386/sendmail /usr/lib/sendmail
	# cp sun386/sendmail.mx /usr/lib/sendmail.mx
	# cd /usr/lib
	# chown root sendmail sendmail.mx
	# chmod 4555 sendmail sendmail.mx
	# chmod 100 sendmail.orig sendmail.mx.orig

