Path: utzoo!utgpu!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!unmvax!pprg.unm.edu!hc!ames!amdcad!weitek!pyramid!romain From: romain@pyramid.pyramid.com (Romain Kang) Newsgroups: comp.sys.pyramid Subject: Re: Pyramid's sendmail Message-ID: <48619@pyramid.pyramid.com> Date: 26 Nov 88 06:40:22 GMT References: <424@merkin.cactus.org> <46784@pyramid.pyramid.com> <788@tness1.UUCP> Reply-To: romain@pyramid.UUCP (Romain Kang) Organization: Pyramid Technology Corp., Mountain View, CA Lines: 90 In article <788@tness1.UUCP> Greg Hackney writes: | Meanwhile, the adb fix does not work on my OSx4.1 system, but I was | able to edit the binary with GNU Emacs, and changed the characters | "debug" and "wiz" to nulls. This closed the hole with no problems | noticed. Using nulls seem to make a plain carriage return turn on debug. Here's a shell script that uses adb to partly overwrite "debug" with 0xff, which should be safe, since sendmail strips the high bits before decoding SMTP commands. It has been tested under OSx 4.4b, and successfully modifies an OSx 4.1 sendmail binary. #! /bin/ucb /bin/sh PATH=/usr/ucb:/bin:/usr/bin echo "Looking for sendmail \"debug\" command..." DEBUG=`strings - -o /usr/lib/sendmail | grep debug` if [ $? -ne 0 ]; then echo "Your sendmail is safe from the Worm." exit 0 fi set $DEBUG echo "Patching sendmail at location $1"... cp /usr/lib/sendmail sendmail.new adb -w sendmail.new << EoF ?m 0 0xffffffff 0 ?n"Before:" 0t$1?s 0t$1?5b ?n"Patching..." "?w 0xffff 0 ?n"After:" "?5b \$q EoF echo "" echo -n "Do you want to install the fixed binary? (Y|N) [default: N] " read yorn case "$yorn" in Y*|y*) ;; *) echo "OK, we'll leave it alone for now..." exit 0 esac if [ "`whoami`" != "root" ]; then echo "Please run this again as \"root\"." exit 1 fi echo "Looking for sendmail daemon..." daemon=`ps ax | awk '$5 == "/usr/lib/sendmail" && $6 == "-bd" { print }'` if [ ! -n "$daemon" ]; then echo "Can't find a running sendmail daemon, continuing..." set -x else set $daemon echo "This looks like the daemon:" ps u$1 echo "Last chance to interrupt before killing sendmail..." set -x sleep 10 kill $1 fi : : Save old binary mv /usr/lib/sendmail /usr/lib/sendmail.bak chmod 0 /usr/lib/sendmail.bak : : Installing new mv sendmail.new /usr/lib/sendmail chmod 4755 /usr/lib/sendmail : : Re-freeze sendmail configuration /usr/lib/sendmail -bz : : Re-start daemon if needed case "$daemon" in "") : daemon was not running, we are done exit 0 ;; *) set $daemon $5 $6 $7 $8 $9 exit 0 ;; esac