Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!caen!ox.com!math.fu-berlin.de!unidui!unido!mikros!shiva!stefan
From: stefan@shiva.systemware.de (Stefan Stapelberg)
Newsgroups: comp.unix.wizards
Subject: Re: DON'T USE 'FU/usr/lib/uucp/L.sys' in sendmail.cf
Message-ID: <1512@shiva.systemware.de>
Date: 17 Apr 91 09:44:34 GMT
References: <3449@unisoft.UUCP> <1991Mar27.204357.17066@mp.cs.niu.edu> <3250@charon.cwi.nl>
Reply-To: stefan@systemware.de (Stefan Stapelberg)
Organization: MIKROS Systemware, Lohr/Germany
Lines: 19

In article <3250@charon.cwi.nl> piet@cwi.nl (Piet Beertema) writes:
|
|	As stated earlier, it is potentially dangerous to use 'F' lines in
|	sendmail.cf to read sensitive files, such as /usr/lib/uucp/L.sys
|	(or whatever your UUCP systems file is called).
|Depends. If you're running 5.64 or older *and* if
|you do *not* have
|#define SCANF 	1
|in your conf.h, then indeed sensitive information
|can end up in your frozen config file.
|This is no longer the case in 5.65/IDA-1.4.2 and
|later, since SCANF is effectively always enabled.

A somewhat better solution is to use the 'uuname' command directly as in:
	FU|/usr/bin/uuname

This works at least since sendmail 5.57, possibly with older version also.

Regards, Stefan