Patch-ID#  100224-02
Keywords: mail, delivery, /bin/mail, 4.1, sendmail
Synopsis: program "mail" "rmail" problem in delivering mail + security enhancement
Date: 15 Jan 1990
 
SunOS release: 4.0.3 4.1 4.1.1

Topic:  /bin/mail delivering fix
 
BugId's fixed with this patch: 1045636 1047340

Architectures for which this patch is available: sun3, sun3x, sun4, sun4c, sun4/490_4.1_PSR_A

Obsoleted by: SysV Release 4

Problem Description:

Bug ID: 1045636

 /bin/mail is the local delivery agent for sendmail.  In
some particular instance, /bin/mail parse its argument incorrectly
and therefore, mail are being drop into the bit bucket...

If you have users that has "f" has the second character, you might want
to try the following: (substitute "af" with anyuser with "f" as second
character)

>From any machine except mailhost:

/bin/lib/sendmail -t -v <<END
From: anyuser
to: anyuser
Subject: test
Cc: af          <-- substitute any username with second character as "f"
test

END

When the mail arrived on mailhost, sendmail process will invoke
/bin/mail with the following argument "/bin/mail -r anyuser -d af
anyuser".  Now you are in trouble.  The following are different
scenarios for /bin/mail.

1) /bin/mail -r anyuser -d af  <mailmessages            worked fine
2) /bin/mail -r anyuser -d anyone af ... <mailmessages  worked fine
3) /bin/mail -r anyuser -d af anyone ... <mailmessages  !!error!!

    in case (3), /bin/mail thinks that you want to read mail instead of
    delivering mail.  Therefore, mail messages is lost.

 
BugID: 1047340

/bin/mail /bin/rmail can be caused to invoke a root shell if given the
        (im)proper arguments.  
/bin/rmail can be caused to dump core and produce a uucp shell.

INSTALL:

AS ROOT:
 
# mv /bin/mail to /bin/mail.old
# mv /bin/rmail to /bin/rmail.old
# cp $arch/$os/mail to /bin/mail
# cp $arch/$os/rmail to /bin/rmail
 (where $arch is either sun3 sun4 sun4c or sun3x)
 (and where $os is either 4.0.3 4.1 or 4.1.1)
 ( change the premissions for the newly installed mail)
# chmod 4111 /bin/mail
# chmod 111 /bin/rmail
# chmod 100 /bin/mail.old
# chmod 100 /bin/rmail.old

