Xref: utzoo comp.unix.wizards:24655 comp.unix.ultrix:6746 comp.mail.sendmail:2962
Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!usc!rpi!zaphod.mps.ohio-state.edu!think.com!snorkelwacker.mit.edu!bloom-beacon!eru!hagbard!sunic!mcsun!hp4nl!charon!piet
From: piet@cwi.nl (Piet Beertema)
Newsgroups: comp.unix.wizards,comp.unix.ultrix,comp.mail.sendmail
Subject: Re: DON'T USE 'FU/usr/lib/uucp/L.sys' in sendmail.cf
Message-ID: <3250@charon.cwi.nl>
Date: 2 Apr 91 19:30:22 GMT
References: <1991Mar12.171523.30268@mp.cs.niu.edu> <3449@unisoft.UUCP> <1991Mar27.204357.17066@mp.cs.niu.edu>
Sender: news@cwi.nl
Followup-To: comp.unix.wizards
Organization: CWI, Amsterdam
Lines: 14


	As stated earlier, it is potentially dangerous to use 'F' lines in
	sendmail.cf to read sensitive files, such as /usr/lib/uucp/L.sys
	(or whatever your UUCP systems file is called).
Depends. If you're running 5.64 or older *and* if
you do *not* have
#define SCANF 	1
in your conf.h, then indeed sensitive information
can end up in your frozen config file.
This is no longer the case in 5.65/IDA-1.4.2 and
later, since SCANF is effectively always enabled.

-- 
	Piet Beertema, CWI, Amsterdam	(piet@cwi.nl)