TECHNICAL INFORMATION DOCUMENT TITLE: TF2100 - smtp and popper e-mail fixes DATE: 01DEC95 README FOR: TF2100 PRODUCT and VERSION: UnixWare 2.01 Installation Instructions: DATATYPE: datastream 1. Download the tf2100.Z and tf2100.txt files to the /tmp directory on your machine. 2. Read the release notes contained in this file and follow the instuctions to add the package to your system. 3. Now become root, uncompress the file and add the package to your system using the following commands: $ su # uncompress /tmp/tf2100.Z # pkgadd -d /tmp/tf2100 ENGINEERING RELEASE NOTES ------------------------- Title ----- PTF2100 - smtp and popper e-mail fixes Product And Version ------------------- UnixWare 2.01, UnixWare 2.02, UnixWare 2.03 Abstract -------- This ptf fixes smtp problems faced on unixware2.01 or unixware2.02 or UnixWare 2.03 systems. This also fixes a problem with popper daemon. Symptom -------- smtp core dumps and times out connections. security hole: pchown lets any user to become root. RCPT TO: line is not fully qualified - Not compatible with MS mail. smtp.pid does not get reset properly on system reboot. smtpd dies without notice or gets into a tight loop. Popper does not send body of mail to pop3 clients. SOLUTION SPECIFICS ------------------ General Description Smtp core dumps or times out connections: A memory allocation error was found and fixed. Also, the outgoing queue was modified to give priority to connections ready for more data. Security hole in pchown: pchown was modified to disallow the use of relative paths (i.e. ../../xxx/yyy). All paths must now be absolute. Paths are checked to be certain that they lie within certain valid directories. RCPT TO: line is not fully qualified: The smtp client has be modified to send fully RFC-822 compliant addresses for recipients. All addresses now are of the form [[@host1,] @host2:]user@host3.domain smtp.pid does not get reset properly on system reboot. The smtp.pid file is used to check for an active smtp process. Each time smtp is exec'ed by smtpqer, it looks for another smtp process, and, if none exists, sets smtp.pid with its pid. This ensures that at most one smtp process will be actively processing outgoing mail. When the operating system goes to run level 2, the smtp.pid file is checked against any running smtp processes. If no smtp process has th contained in smtp.pid, then the smtp.pid file is removed to ensure that one smtp process will be able to start. smtpd dies without notice or gets into a tight loop. A memory allocation error was found and fixed. Also some modifications were made to the networking code to prevent smtpd from getting into an loop with a deadlock condition. Popper does not send body of mail to pop3 clients. Message end pointer was treated as the beginning of the next message. For the last message as there is no next message this way of computation used to fail. The code is changed to compute the end as addition of message beginning and message length. New Features. ------------ A new configuration file /etc/mail/smtpcnfg is added. Software Notes and Recommendations. ---------------------------------- After installing this ptf the system has to be RE-BOOTED. This PTF can be installed on UnixWare201 or UnixWare202 systems. If UnixWare202 is installed after applying this ptf, the ptf has to be re-installed again. The files that are being replaced are backed up in the directory /var/sadm/pkg/ptf2100/save/oldfiles. They can be accessed to view the previous content of the file, if it is a text file. Testing of the modified software contained in this package has been conducted only to the extent necessary to confirm that it resolves the problem(s) stated above ("Symptom"). Such testing consists of recreating the problem conditions and verifying that the problem no longer occurs. No other testing of this software has been done. Hardware Notes and Recommendations. ---------------------------------- This PTF is targeted for the i386, i486 and Pentium CPU's.