From andre.albsmeier@mchp.siemens.de  Tue Aug 14 02:29:20 2001
Return-Path: <andre.albsmeier@mchp.siemens.de>
Received: from david.siemens.de (david.siemens.de [192.35.17.14])
	by hub.freebsd.org (Postfix) with ESMTP id D6B1937B40A
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 14 Aug 2001 02:29:19 -0700 (PDT)
	(envelope-from andre.albsmeier@mchp.siemens.de)
Received: from mail2.siemens.de (mail2.siemens.de [139.25.208.11])
	by david.siemens.de (8.11.0/8.11.0) with ESMTP id f7E9TIc15678
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 14 Aug 2001 11:29:18 +0200 (MET DST)
Received: from curry.mchp.siemens.de (curry.mchp.siemens.de [139.25.42.7])
	by mail2.siemens.de (8.11.4/8.11.4) with ESMTP id f7E9THn22192
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 14 Aug 2001 11:29:17 +0200 (MET DST)
Received: (from localhost)
	by curry.mchp.siemens.de (8.11.3/8.11.3) id f7E9THu84069
	for FreeBSD-gnats-submit@freebsd.org; Tue, 14 Aug 2001 11:29:17 +0200 (CEST)
Message-Id: <200108140929.f7E9THL61157@curry.mchp.siemens.de>
Date: Tue, 14 Aug 2001 11:29:17 +0200 (CEST)
From: Andre Albsmeier <andre.albsmeier@mchp.siemens.de>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: Setting NO_MAILWRAPPER results in a  system without working MTA
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         29699
>Category:       conf
>Synopsis:       Setting NO_MAILWRAPPER results in a  system without working MTA
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    ru
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Aug 14 02:30:01 PDT 2001
>Closed-Date:    Wed Apr 16 04:02:44 PDT 2003
>Last-Modified:  Wed Apr 16 04:02:44 PDT 2003
>Originator:     Andre Albsmeier
>Release:        FreeBSD 4.4-PRERELEASE i386
>Organization:
>Environment:

FreeBSD 4.4-PRERELEASE #18: Thu Aug 9 14:53:01 CEST 2001

>Description:

When setting NO_MAILWRAPPER to /etc/make.conf sendmail still gets installed
into /usr/libexec/sendmail/sendmail. In case mailwrapper has been used before,
an old /usr/sbin/mailwrapper is lying around and usually the link from
/usr/sbin/sendmail is set. When you remove mailwrapper from /usr/sbin
the link is stale and no /usr/sbin/sendmail is available anymore.


>How-To-Repeat:

Add NO_MAILWRAPPER to /etc/make.conf
rm /usr/sbin/sendmail /usr/sbin/mailwrapper
make world
ls -l /usr/sbin/sendmail

>Fix:

Maybe this way:

--- usr.sbin/sendmail/Makefile.ORI	Tue Aug 14 11:20:01 2001
+++ usr.sbin/sendmail/Makefile	Tue Aug 14 11:20:27 2001
@@ -7,7 +7,11 @@
 SMDIR=	${SENDMAIL_DIR}/src
 .PATH: ${SMDIR}
 
+.if defined(NO_MAILWRAPPER)
+BINDIR=	/usr/sbin
+.else
 BINDIR=	/usr/libexec/sendmail
+.endif
 
 PROG=	sendmail
 MAN=	mailq.1 newaliases.1 aliases.5 sendmail.8 
>Release-Note:
>Audit-Trail:

From: Ruslan Ermilov <ru@FreeBSD.ORG>
To: Andre Albsmeier <andre.albsmeier@mchp.siemens.de>
Cc: FreeBSD-gnats-submit@FreeBSD.ORG,
	Sheldon Hearn <sheldonh@FreeBSD.ORG>
Subject: Re: conf/29699: Setting NO_MAILWRAPPER results in a  system without working MTA
Date: Tue, 14 Aug 2001 13:19:41 +0300

 On Tue, Aug 14, 2001 at 11:29:17AM +0200, Andre Albsmeier wrote:
 > 
 > When setting NO_MAILWRAPPER to /etc/make.conf sendmail still gets installed
 > into /usr/libexec/sendmail/sendmail. In case mailwrapper has been used before,
 > an old /usr/sbin/mailwrapper is lying around and usually the link from
 > /usr/sbin/sendmail is set. When you remove mailwrapper from /usr/sbin
 > the link is stale and no /usr/sbin/sendmail is available anymore.
 > 
 [...]
 > Maybe this way:
 > 
 > --- usr.sbin/sendmail/Makefile.ORI	Tue Aug 14 11:20:01 2001
 > +++ usr.sbin/sendmail/Makefile	Tue Aug 14 11:20:27 2001
 > @@ -7,7 +7,11 @@
 >  SMDIR=	${SENDMAIL_DIR}/src
 >  .PATH: ${SMDIR}
 >  
 > +.if defined(NO_MAILWRAPPER)
 > +BINDIR=	/usr/sbin
 > +.else
 >  BINDIR=	/usr/libexec/sendmail
 > +.endif
 >  
 >  PROG=	sendmail
 >  MAN=	mailq.1 newaliases.1 aliases.5 sendmail.8 
 > 
 Or better yet, this one:
 
 Index: usr.sbin/sendmail/Makefile
 ===================================================================
 RCS file: /home/ncvs/src/usr.sbin/sendmail/Makefile,v
 retrieving revision 1.34
 diff -u -r1.34 Makefile
 --- usr.sbin/sendmail/Makefile	2001/08/03 16:22:47	1.34
 +++ usr.sbin/sendmail/Makefile	2001/08/14 10:19:26
 @@ -7,7 +7,9 @@
  SMDIR=	${SENDMAIL_DIR}/src
  .PATH: ${SMDIR}
  
 +.if !defined(NO_MAILWRAPPER)
  BINDIR=	/usr/libexec/sendmail
 +.endif
  
  PROG=	sendmail
  MAN=	mailq.1 newaliases.1 aliases.5 sendmail.8 
 Index: share/man/man5/make.conf.5
 ===================================================================
 RCS file: /home/ncvs/src/share/man/man5/make.conf.5,v
 retrieving revision 1.25
 diff -u -r1.25 make.conf.5
 --- share/man/man5/make.conf.5	2001/08/07 13:26:57	1.25
 +++ share/man/man5/make.conf.5	2001/08/14 10:19:26
 @@ -370,6 +370,10 @@
  Set to not build the
  .Xr mailwrapper 8
  MTA selector.
 +If set,
 +.Xr sendmail 8
 +is installed as
 +.Pa /usr/sbin/sendmail .
  .It Va NO_MAKEDEV_INSTALL
  .Pq Vt bool
  Set to avoid installing
 
 
 Cheers,
 -- 
 Ruslan Ermilov		Oracle Developer/DBA,
 ru@sunbay.com		Sunbay Software AG,
 ru@FreeBSD.org		FreeBSD committer,
 +380.652.512.251	Simferopol, Ukraine
 
 http://www.FreeBSD.org	The Power To Serve
 http://www.oracle.com	Enabling The Information Age

From: Andre Albsmeier <andre.albsmeier@mchp.siemens.de>
To: Ruslan Ermilov <ru@FreeBSD.ORG>
Cc: Andre Albsmeier <andre.albsmeier@mchp.siemens.de>,
	FreeBSD-gnats-submit@FreeBSD.ORG,
	Sheldon Hearn <sheldonh@FreeBSD.ORG>
Subject: Re: conf/29699: Setting NO_MAILWRAPPER results in a  system without working MTA
Date: Tue, 14 Aug 2001 12:30:07 +0200

 On Tue, 14-Aug-2001 at 13:19:41 +0300, Ruslan Ermilov wrote:
 > On Tue, Aug 14, 2001 at 11:29:17AM +0200, Andre Albsmeier wrote:
 > > 
 > > When setting NO_MAILWRAPPER to /etc/make.conf sendmail still gets installed
 > > into /usr/libexec/sendmail/sendmail. In case mailwrapper has been used before,
 > > an old /usr/sbin/mailwrapper is lying around and usually the link from
 > > /usr/sbin/sendmail is set. When you remove mailwrapper from /usr/sbin
 > > the link is stale and no /usr/sbin/sendmail is available anymore.
 > > 
 > [...]
 > > Maybe this way:
 > > 
 > > --- usr.sbin/sendmail/Makefile.ORI	Tue Aug 14 11:20:01 2001
 > > +++ usr.sbin/sendmail/Makefile	Tue Aug 14 11:20:27 2001
 > > @@ -7,7 +7,11 @@
 > >  SMDIR=	${SENDMAIL_DIR}/src
 > >  .PATH: ${SMDIR}
 > >  
 > > +.if defined(NO_MAILWRAPPER)
 > > +BINDIR=	/usr/sbin
 > > +.else
 > >  BINDIR=	/usr/libexec/sendmail
 > > +.endif
 > >  
 > >  PROG=	sendmail
 > >  MAN=	mailq.1 newaliases.1 aliases.5 sendmail.8 
 > > 
 > Or better yet, this one:
 >
 > Index: usr.sbin/sendmail/Makefile
 > ===================================================================
 > RCS file: /home/ncvs/src/usr.sbin/sendmail/Makefile,v
 > retrieving revision 1.34
 > diff -u -r1.34 Makefile
 > --- usr.sbin/sendmail/Makefile	2001/08/03 16:22:47	1.34
 > +++ usr.sbin/sendmail/Makefile	2001/08/14 10:19:26
 > @@ -7,7 +7,9 @@
 >  SMDIR=	${SENDMAIL_DIR}/src
 >  .PATH: ${SMDIR}
 >  
 > +.if !defined(NO_MAILWRAPPER)
 >  BINDIR=	/usr/libexec/sendmail
 > +.endif
 >  
 >  PROG=	sendmail
 >  MAN=	mailq.1 newaliases.1 aliases.5 sendmail.8 
 
 
 Ah, yes, this is better. I didn't tweak lots of Makefiles in
 /usr/src before so I forgot about the default :-)
 
 And here is one more to add (hope it is right this way):
 
 --- etc/Makefile.ORI	Tue Aug 14 12:23:19 2001
 +++ etc/Makefile	Tue Aug 14 12:25:21 2001
 @@ -45,8 +45,11 @@
  NAMEDB= PROTO.localhost.rev named.conf named.root make-localhost
  PPPCNF= ppp.deny ppp.shells.sample
  PPPCF2= ppp.conf
 -ETCMAIL=Makefile README mailer.conf access.sample virtusertable.sample \
 +ETCMAIL=Makefile README access.sample virtusertable.sample \
  	mailertable.sample aliases
 +.if !defined(NO_MAILWRAPPER)
 +ETCMAIL+=mailer.conf
 +.endif
  
  
  # Special top level files for FreeBSD

From: Andre Albsmeier <andre.albsmeier@mchp.siemens.de>
To: freebsd-gnats-submit@FreeBSD.org
Cc:  
Subject: Re: conf/29699: Setting NO_MAILWRAPPER results in a  system without working MTA
Date: Tue, 14 Aug 2001 20:42:44 +0200

 One more thing I noticed here: When using the above Makefile and
 NO_MAILWRAPPER is set and the link /usr/sbin/sendmail ->
 /usr/sbin/mailwrapper exists, sendmail gets installed as
 /usr/sbin/mailwrapper:
 
 andre@voyager:/usr/sbin>ll sendmail mailwrapper      
 -r-sr-xr-x  1 root  wheel  - 371756 Aug 14 20:35 mailwrapper*
 lrwxr-xr-x  1 root  wheel  -     21 Aug 14 20:34 sendmail@ -> /usr/sbin/mailwrapper
 
 I don't understand this since man install says:
 
 -S      Safe copy.  Normally, install unlinks an existing target before
         installing the new file.  With the -S flag a temporary file is
         used and then renamed to be the target.  The reason this is safer
         is that if the copy or rename fails, the existing target is left
         untouched.
 
 The -S option is not used during the install, so the file should get
 unlinked before but this is obviously not the case. I have helped myself
 with the following, additional path to usr.sbin/sendmail/Makefile:
 
 --- Makefile.ORI	Sat Aug  4 09:07:27 2001
 +++ Makefile	Tue Aug 14 20:40:36 2001
 @@ -58,6 +60,11 @@
  LDADD+=${SENDMAIL_LDADD}
  LDFLAGS+=${SENDMAIL_LDFLAGS}
  
 +.if defined(NO_MAILWRAPPER) && exists(/usr/sbin/sendmail)
 +beforeinstall:
 +	@rm /usr/sbin/sendmail
 +.endif
 +	
  afterinstall:
  	@if [ -d ${DESTDIR}/etc/mail -a -f ${DESTDIR}/etc/sendmail.cf -a \
  	      ! -f ${DESTDIR}/etc/mail/sendmail.cf ]; then \
 
 
 I assume there are better ways of doing this -- or install is broken.

From: Peter Wemm <peter@wemm.org>
To: Andre Albsmeier <andre.albsmeier@mchp.siemens.de>
Cc: FreeBSD-gnats-submit@FreeBSD.ORG
Subject: Re: conf/29699: Setting NO_MAILWRAPPER results in a system without working MTA 
Date: Tue, 14 Aug 2001 12:54:21 -0700

 Andre Albsmeier wrote:
 
 > >Synopsis:       Setting NO_MAILWRAPPER results in a  system without working 
     MTA
 > >Confidential:   no
 > >Severity:       critical
 > >Priority:       high
 > >Responsible:    freebsd-bugs
 > >State:          open
 
 > >Description:
 > 
 > When setting NO_MAILWRAPPER to /etc/make.conf sendmail still gets installed
 > into /usr/libexec/sendmail/sendmail. In case mailwrapper has been used before
     ,
 > an old /usr/sbin/mailwrapper is lying around and usually the link from
 > /usr/sbin/sendmail is set. When you remove mailwrapper from /usr/sbin
 > the link is stale and no /usr/sbin/sendmail is available anymore.
 
 This was intentional.  NO_MAILWRAPPER was added specifically to leave
 /usr/sbin/sendmail *alone* so that people that clobbered it to install
 their own MTA rather than using mailer.conf didn't get it overwritten.
 
 The problem with the attached patches (and the followups) is that they leave
 /usr/libexec/sendmail/sendmail behind.  If somebody really wants to change
 this, then set a symlink from /usr/sbin/sendmail ->
 /usr/libexec/sendmail/sendmail so that we dont have (potentially dangerous)
 old setuid binaries left behind that are no longer getting updated.
 
 Cheers,
 -Peter
 --
 Peter Wemm - peter@FreeBSD.org; peter@yahoo-inc.com; peter@netplex.com.au
 "All of this is for nothing if we don't go to the stars" - JMS/B5
 

From: Andre Albsmeier <andre.albsmeier@mchp.siemens.de>
To: Peter Wemm <peter@wemm.org>
Cc: Andre Albsmeier <andre.albsmeier@mchp.siemens.de>,
	FreeBSD-gnats-submit@FreeBSD.ORG
Subject: Re: conf/29699: Setting NO_MAILWRAPPER results in a system without working MTA
Date: Tue, 14 Aug 2001 22:12:58 +0200

 On Tue, 14-Aug-2001 at 12:54:21 -0700, Peter Wemm wrote:
 > Andre Albsmeier wrote:
 > 
 > > >Synopsis:       Setting NO_MAILWRAPPER results in a  system without working 
 >     MTA
 > > >Confidential:   no
 > > >Severity:       critical
 > > >Priority:       high
 > > >Responsible:    freebsd-bugs
 > > >State:          open
 > 
 > > >Description:
 > > 
 > > When setting NO_MAILWRAPPER to /etc/make.conf sendmail still gets installed
 > > into /usr/libexec/sendmail/sendmail. In case mailwrapper has been used before
 >     ,
 > > an old /usr/sbin/mailwrapper is lying around and usually the link from
 > > /usr/sbin/sendmail is set. When you remove mailwrapper from /usr/sbin
 > > the link is stale and no /usr/sbin/sendmail is available anymore.
 > 
 > This was intentional.  NO_MAILWRAPPER was added specifically to leave
 > /usr/sbin/sendmail *alone* so that people that clobbered it to install
 > their own MTA rather than using mailer.conf didn't get it overwritten.
 > 
 > The problem with the attached patches (and the followups) is that they leave
 > /usr/libexec/sendmail/sendmail behind.  If somebody really wants to change
 
 Well, I think there _is_ need for changing something because otherwise
 /usr/sbin/sendmail points to a not existing/stale /usr/sbin/mailwrapper
 in case NO_MAILWRAPPER is used.
 
 > this, then set a symlink from /usr/sbin/sendmail ->
 > /usr/libexec/sendmail/sendmail so that we dont have (potentially dangerous)
 > old setuid binaries left behind that are no longer getting updated.
 
 So you suggest that if NO_MAILWRAPPER is specified, the
 usr.sbin/sendmail/Makefile should set a symlink from /usr/sbin/sendmail
 pointing to /usr/libexec/sendmail/sendmail?
 
 How about the etc/Makefile? Is the modification okay so there is no
 unneeded mailer.conf hanging around if NO_MAILWRAPPER is specified?
 
 	-Andre

From: Ruslan Ermilov <ru@FreeBSD.org>
To: Andre Albsmeier <andre.albsmeier@mchp.siemens.de>
Cc: bug-followup@FreeBSD.org
Subject: Re: conf/29699: Setting NO_MAILWRAPPER results in a system without working MTA
Date: Wed, 15 Aug 2001 15:08:18 +0300

 On Tue, Aug 14, 2001 at 11:50:01AM -0700, Andre Albsmeier wrote:
 > The following reply was made to PR conf/29699; it has been noted by GNATS.
 > 
 > From: Andre Albsmeier <andre.albsmeier@mchp.siemens.de>
 > To: freebsd-gnats-submit@FreeBSD.org
 > Cc:  
 > Subject: Re: conf/29699: Setting NO_MAILWRAPPER results in a  system without working MTA
 > Date: Tue, 14 Aug 2001 20:42:44 +0200
 > 
 >  One more thing I noticed here: When using the above Makefile and
 >  NO_MAILWRAPPER is set and the link /usr/sbin/sendmail ->
 >  /usr/sbin/mailwrapper exists, sendmail gets installed as
 >  /usr/sbin/mailwrapper:
 >  
 >  andre@voyager:/usr/sbin>ll sendmail mailwrapper      
 >  -r-sr-xr-x  1 root  wheel  - 371756 Aug 14 20:35 mailwrapper*
 >  lrwxr-xr-x  1 root  wheel  -     21 Aug 14 20:34 sendmail@ -> /usr/sbin/mailwrapper
 >  
 Hmm, I can't reproduce it here.  Make sure you haven't mistyped -DNO_MAILWRAPPER.
 
 >  I don't understand this since man install says:
 >  
 >  -S      Safe copy.  Normally, install unlinks an existing target before
 >          installing the new file.  With the -S flag a temporary file is
 >          used and then renamed to be the target.  The reason this is safer
 >          is that if the copy or rename fails, the existing target is left
 >          untouched.
 >  
 >  The -S option is not used during the install, so the file should get
 >  unlinked before but this is obviously not the case. I have helped myself
 >  with the following, additional path to usr.sbin/sendmail/Makefile:
 >  
 Even with -S, symlink gets deleted before the new one is installed.
 
 I have even checked with pre -S version of install(1), just to make
 sure.  Everything works as expected, symlink gets deleted first.
 
 
 Cheers,
 -- 
 Ruslan Ermilov		Oracle Developer/DBA,
 ru@sunbay.com		Sunbay Software AG,
 ru@FreeBSD.org		FreeBSD committer,
 +380.652.512.251	Simferopol, Ukraine
 
 http://www.FreeBSD.org	The Power To Serve
 http://www.oracle.com	Enabling The Information Age

From: Andre Albsmeier <andre.albsmeier@mchp.siemens.de>
To: Ruslan Ermilov <ru@FreeBSD.org>
Cc: Andre Albsmeier <andre.albsmeier@mchp.siemens.de>,
	bug-followup@FreeBSD.org
Subject: Re: conf/29699: Setting NO_MAILWRAPPER results in a system without working MTA
Date: Wed, 15 Aug 2001 14:38:35 +0200

 On Wed, 15-Aug-2001 at 15:08:18 +0300, Ruslan Ermilov wrote:
 > On Tue, Aug 14, 2001 at 11:50:01AM -0700, Andre Albsmeier wrote:
 > > The following reply was made to PR conf/29699; it has been noted by GNATS.
 > > 
 > > From: Andre Albsmeier <andre.albsmeier@mchp.siemens.de>
 > > To: freebsd-gnats-submit@FreeBSD.org
 > > Cc:  
 > > Subject: Re: conf/29699: Setting NO_MAILWRAPPER results in a  system without working MTA
 > > Date: Tue, 14 Aug 2001 20:42:44 +0200
 > > 
 > >  One more thing I noticed here: When using the above Makefile and
 > >  NO_MAILWRAPPER is set and the link /usr/sbin/sendmail ->
 > >  /usr/sbin/mailwrapper exists, sendmail gets installed as
 > >  /usr/sbin/mailwrapper:
 > >  
 > >  andre@voyager:/usr/sbin>ll sendmail mailwrapper      
 > >  -r-sr-xr-x  1 root  wheel  - 371756 Aug 14 20:35 mailwrapper*
 > >  lrwxr-xr-x  1 root  wheel  -     21 Aug 14 20:34 sendmail@ -> /usr/sbin/mailwrapper
 > >  
 > Hmm, I can't reproduce it here.  Make sure you haven't mistyped -DNO_MAILWRAPPER.
 > 
 > >  I don't understand this since man install says:
 > >  
 > >  -S      Safe copy.  Normally, install unlinks an existing target before
 > >          installing the new file.  With the -S flag a temporary file is
 > >          used and then renamed to be the target.  The reason this is safer
 > >          is that if the copy or rename fails, the existing target is left
 > >          untouched.
 > >  
 > >  The -S option is not used during the install, so the file should get
 > >  unlinked before but this is obviously not the case. I have helped myself
 > >  with the following, additional path to usr.sbin/sendmail/Makefile:
 > >  
 > Even with -S, symlink gets deleted before the new one is installed.
 > 
 > I have even checked with pre -S version of install(1), just to make
 > sure.  Everything works as expected, symlink gets deleted first.
 
 It is curious: At home I am running a very recent FreeBSD 4.4-PRERELEASE:
 
 root@voyager:/usr/src/usr.sbin/sendmail>ll /usr/sbin/sendmail /usr/sbin/mailwrapper
 ls: /usr/sbin/mailwrapper: No such file or directory
 lrwxr-xr-x  1 root  wheel  - 21 Aug 15 14:22 /usr/sbin/sendmail@ -> /usr/sbin/mailwrapper
 root@voyager:/usr/src/usr.sbin/sendmail>make install
 install -c -s -o root -g wheel -m 4555   sendmail /usr/sbin
 install -c -o root -g wheel -m 444 mailq.1.gz  /usr/share/man/man1
 install -c -o root -g wheel -m 444 newaliases.1.gz  /usr/share/man/man1
 install -c -o root -g wheel -m 444 aliases.5.gz  /usr/share/man/man5
 install -c -o root -g wheel -m 444 sendmail.8.gz  /usr/share/man/man8
 root@voyager:/usr/src/usr.sbin/sendmail>ll /usr/sbin/sendmail /usr/sbin/mailwrapper
 -r-sr-xr-x  1 root  wheel  - 371756 Aug 15 14:23 /usr/sbin/mailwrapper*
 lrwxr-xr-x  1 root  wheel  -     21 Aug 15 14:22 /usr/sbin/sendmail@ -> /usr/sbin/mailwrapper
 
 
 Maybe you can reproduce the following on a recent FreeBSD 4.4-PRERELEASE:
 
 andre@voyager:~>which install
 /usr/bin/install
 andre@voyager:~>mkdir /tmp/try
 andre@voyager:~>cd /tmp/try 
 andre@voyager:/tmp/try>ln -s somefile ls
 andre@voyager:/tmp/try>ls -l
 total 0
 lrwxrwx---  1 andre  wheel  8 Aug 15 14:36 ls -> somefile
 andre@voyager:/tmp/try>cd /bin
 andre@voyager:/bin>install -c -s ls /tmp/try
 andre@voyager:/bin>cd /tmp/try 
 andre@voyager:/tmp/try>ls -l
 total 288
 lrwxrwx---  1 andre  wheel       8 Aug 15 14:36 ls -> somefile
 -rwxr-xr-x  1 andre  wheel  284020 Aug 15 14:36 somefile
 andre@voyager:/tmp/try>
 
 
 	-Andre

From: Ruslan Ermilov <ru@FreeBSD.org>
To: Peter Wemm <peter@wemm.org>
Cc: bug-followup@FreeBSD.org
Subject: Re: conf/29699: Setting NO_MAILWRAPPER results in a system without working MTA
Date: Wed, 15 Aug 2001 16:11:00 +0300

 --82I3+IH0IqGh5yIs
 Content-Type: text/plain; charset=us-ascii
 Content-Disposition: inline
 
 On Tue, Aug 14, 2001 at 01:00:03PM -0700, Peter Wemm wrote:
 > Andre Albsmeier wrote:
 > > When setting NO_MAILWRAPPER to /etc/make.conf sendmail still gets installed
 > > into /usr/libexec/sendmail/sendmail. In case mailwrapper has been used before,
 > > an old /usr/sbin/mailwrapper is lying around and usually the link from
 > > /usr/sbin/sendmail is set. When you remove mailwrapper from /usr/sbin
 > > the link is stale and no /usr/sbin/sendmail is available anymore.
 > 
 > This was intentional.  NO_MAILWRAPPER was added specifically to leave
 > /usr/sbin/sendmail *alone* so that people that clobbered it to install
 > their own MTA rather than using mailer.conf didn't get it overwritten.
 >  
 > The problem with the attached patches (and the followups) is that they leave
 > /usr/libexec/sendmail/sendmail behind.  If somebody really wants to change
 > this, then set a symlink from /usr/sbin/sendmail ->
 > /usr/libexec/sendmail/sendmail so that we dont have (potentially dangerous)
 > old setuid binaries left behind that are no longer getting updated.
 >  
 They are broken even more, because /usr/bin/newaliases and /usr/bin/mailq
 do not get updated in the -DNO_MAILWRAPPER case.  This is because the
 creation of these (sym)links belongs to sendmail/Makefile rather than to
 mailwrapper/Makefile, as it is now.
 
 The attached patch fixes this and the "old (potentially dangerous) setuid
 binary" problem, but in a different way.  With NO_MAILWRAPPER, we should
 install sendmail(8) and friends into its canonical paths.
 
 Also, Peter, why did you drop the support for /usr/bin/hoststat and
 /usr/sbin/purgestat in sendmail/Makefile 1.14 -> mailwrapper/Makefile 1.1
 change?
 
 
 Cheers,
 -- 
 Ruslan Ermilov		Oracle Developer/DBA,
 ru@sunbay.com		Sunbay Software AG,
 ru@FreeBSD.org		FreeBSD committer,
 +380.652.512.251	Simferopol, Ukraine
 
 http://www.FreeBSD.org	The Power To Serve
 http://www.oracle.com	Enabling The Information Age
 
 --82I3+IH0IqGh5yIs
 Content-Type: text/plain; charset=us-ascii
 Content-Disposition: attachment; filename=p
 
 Index: usr.sbin/mailwrapper/Makefile
 ===================================================================
 RCS file: /home/ncvs/src/usr.sbin/mailwrapper/Makefile,v
 retrieving revision 1.8
 diff -u -r1.8 Makefile
 --- usr.sbin/mailwrapper/Makefile	2001/07/20 06:19:59	1.8
 +++ usr.sbin/mailwrapper/Makefile	2001/08/15 13:08:16
 @@ -6,10 +6,6 @@
  DPADD=	${LIBUTIL}
  LDADD=	-lutil
  
 -SYMLINKS= 	${BINDIR}/mailwrapper /usr/sbin/sendmail  \
 -		${BINDIR}/mailwrapper /usr/bin/newaliases \
 -		${BINDIR}/mailwrapper /usr/bin/mailq
 -
  afterinstall:
  .if !exists(${DESTDIR}/etc/mail/mailer.conf)
  	${INSTALL} ${COPY} -o ${BINOWN} -g ${BINGRP} -m 644 \
 Index: usr.sbin/sendmail/Makefile
 ===================================================================
 RCS file: /home/ncvs/src/usr.sbin/sendmail/Makefile,v
 retrieving revision 1.34
 diff -u -r1.34 Makefile
 --- usr.sbin/sendmail/Makefile	2001/08/03 16:22:47	1.34
 +++ usr.sbin/sendmail/Makefile	2001/08/15 13:08:16
 @@ -7,8 +7,19 @@
  SMDIR=	${SENDMAIL_DIR}/src
  .PATH: ${SMDIR}
  
 -BINDIR=	/usr/libexec/sendmail
 +WRAPPED_BINDIR=/usr/libexec/sendmail
  
 +.if !defined(NO_MAILWRAPPER)
 +BINDIR=	${WRAPPED_BINDIR}
 +
 +SYMLINKS= /usr/sbin/mailwrapper /usr/sbin/sendmail \
 +	/usr/sbin/mailwrapper /usr/bin/newaliases \
 +	/usr/sbin/mailwrapper /usr/bin/mailq
 +.else
 +LINKS= 	${BINDIR}/sendmail /usr/bin/newaliases \
 +	${BINDIR}/sendmail /usr/bin/mailq
 +.endif
 +
  PROG=	sendmail
  MAN=	mailq.1 newaliases.1 aliases.5 sendmail.8 
  SRCS=	alias.c arpadate.c bf_torek.c clock.c collect.c conf.c control.c \
 @@ -65,5 +76,8 @@
  		mv -f ${DESTDIR}/etc/sendmail.cf \
  		    ${DESTDIR}/etc/mail/sendmail.cf; \
  	fi
 +.if defined(NO_MAILWRAPPER)
 +	rm -f ${DESTDIR}${WRAPPED_BINDIR}/${PROG}
 +.endif
  
  .include <bsd.prog.mk>
 
 --82I3+IH0IqGh5yIs--

From: Andre Albsmeier <andre.albsmeier@mchp.siemens.de>
To: freebsd-gnats-submit@FreeBSD.org
Cc: Andre.Albsmeier@mchp.siemens.de
Subject: Re: conf/29699: Setting NO_MAILWRAPPER results in a  system without working MTA
Date: Wed, 15 Aug 2001 15:44:21 +0200

 As pointed out by Peter Wemm (and Sheldon Hearn in private mail)
 it is better to keep the sendmail binary installed in 
 /usr/libexec/sendmail/sendmail even when NO_MAILWRAPPER is defined.
 In this case we should make symlinks for sendmail, mailq and newaliases:
 
 --- usr.sbin/sendmail/Makefile.ORI	Sat Aug  4 09:07:27 2001
 +++ usr.sbin/sendmail/Makefile	Wed Aug 15 15:16:33 2001
 @@ -19,6 +19,12 @@
  	version.c
  BINMODE=4555
  
 +.if defined(NO_MAILWRAPPER)
 +SYMLINKS=	${BINDIR}/sendmail /usr/sbin/sendmail	\
 +		${BINDIR}/sendmail /usr/bin/newaliases	\
 +		${BINDIR}/sendmail /usr/bin/mailq
 +.endif
 +
  # Define the database format to use for aliases et al.
  DBMDEF=	-DNEWDB
  # If you don't want NIS alias/map support, comment out this line
 
 
 If neither NO_SENDMAIL nor NO_MAILWRAPPER are set everything
 stays as is (as it was before).
 
 If only NO_MAILWRAPPER is defined the system won't be without a working
 /usr/sbin/sendmail due to the link to /usr/libexec/sendmail
 
 If only NO_SENDMAIL is defined it's up to the user to modify
 mailer.conf to invoke his sendmail properly (as it was before).
 
 If both are defined nothing gets installed (as it was before).
 
 The etc/Makefile diff (see above) is still ok, I think.

From: Peter Wemm <peter@wemm.org>
To: Ruslan Ermilov <ru@FreeBSD.org>
Cc: freebsd-gnats-submit@FreeBSD.org
Subject: Re: conf/29699: Setting NO_MAILWRAPPER results in a system without working MTA 
Date: Wed, 15 Aug 2001 16:46:52 -0700

 Ruslan Ermilov wrote:
 
 > On Tue, Aug 14, 2001 at 01:00:03PM -0700, Peter Wemm wrote:
 > > Andre Albsmeier wrote:
 > > > When setting NO_MAILWRAPPER to /etc/make.conf sendmail still gets install
     ed
 > > > into /usr/libexec/sendmail/sendmail. In case mailwrapper has been used be
     fore,
 > > > an old /usr/sbin/mailwrapper is lying around and usually the link from
 > > > /usr/sbin/sendmail is set. When you remove mailwrapper from /usr/sbin
 > > > the link is stale and no /usr/sbin/sendmail is available anymore.
 > > 
 > > This was intentional.  NO_MAILWRAPPER was added specifically to leave
 > > /usr/sbin/sendmail *alone* so that people that clobbered it to install
 > > their own MTA rather than using mailer.conf didn't get it overwritten.
 > >  
 > > The problem with the attached patches (and the followups) is that they leav
     e
 > > /usr/libexec/sendmail/sendmail behind.  If somebody really wants to change
 > > this, then set a symlink from /usr/sbin/sendmail ->
 > > /usr/libexec/sendmail/sendmail so that we dont have (potentially dangerous)
 > > old setuid binaries left behind that are no longer getting updated.
 > >  
 > They are broken even more, because /usr/bin/newaliases and /usr/bin/mailq
 > do not get updated in the -DNO_MAILWRAPPER case.  This is because the
 > creation of these (sym)links belongs to sendmail/Makefile rather than to
 > mailwrapper/Makefile, as it is now.
 
 No, newaliases, mailq etc belong to mailwrapper, otherwise how is it
 going to "wrap" them?
 
 > The attached patch fixes this and the "old (potentially dangerous) setuid
 > binary" problem, but in a different way.  With NO_MAILWRAPPER, we should
 > install sendmail(8) and friends into its canonical paths.
 
 This is even worse.  If you have NO_SENDMAIL, then /usr/bin/newalises
 is not installed at all.
 
 If you are going to persist in this line, then you can allow the sendmail
 makefile to *also* install symlinks if NO_MAILWRAPPER is set.
 
 usr.sbin/sendmail/Makefile belongs to gshapiro now anyway.
 
 > Also, Peter, why did you drop the support for /usr/bin/hoststat and
 > /usr/sbin/purgestat in sendmail/Makefile 1.14 -> mailwrapper/Makefile 1.1
 > change?
 
 Because they weren't generally useful and we dont install .cf files with it
 active.   Dont forget, purgestat and hoststat are aliases for
 sendmail -bh (hoststat) and  sendmail -bH (purgestat).
 
 Anyway, I'd prefer something like this:
 
 Index: Makefile
 ===================================================================
 RCS file: /home/ncvs/src/usr.sbin/mailwrapper/Makefile,v
 retrieving revision 1.8
 diff -u -r1.8 Makefile
 --- Makefile	2001/07/20 06:19:59	1.8
 +++ Makefile	2001/08/15 23:43:50
 @@ -1,19 +1,27 @@
  # $FreeBSD: src/usr.sbin/mailwrapper/Makefile,v 1.8 2001/07/20 06:19:59 obrien Exp $
  
 +.if !defined(NO_MAILWRAPPER)
  PROG=	mailwrapper
  MAN=	mailwrapper.8
  
  DPADD=	${LIBUTIL}
  LDADD=	-lutil
 +.endif
  
  SYMLINKS= 	${BINDIR}/mailwrapper /usr/sbin/sendmail  \
  		${BINDIR}/mailwrapper /usr/bin/newaliases \
  		${BINDIR}/mailwrapper /usr/bin/mailq
  
 +.if defined(NO_MAILWRAPPER) && !defined(NO_SENDMAIL)
 +SYMLINKS+=	/usr/libexec/sendmail/sendmail ${BINDIR}/mailwrapper
 +.endif
 +
  afterinstall:
 +.if !defined(NO_MAILWRAPPER)
  .if !exists(${DESTDIR}/etc/mail/mailer.conf)
  	${INSTALL} ${COPY} -o ${BINOWN} -g ${BINGRP} -m 644 \
  	    ${.CURDIR}/../../etc/mail/mailer.conf ${DESTDIR}/etc/mail
 +.endif
  .endif
  
  .include <bsd.prog.mk>
 
 peter@daintree[4:43pm]~src/usr.sbin/mailwrapper-145> make -i install NO_MAILWRAPPER=yes
 /usr/sbin/sendmail -> /usr/sbin/mailwrapper
 /usr/bin/newaliases -> /usr/sbin/mailwrapper
 /usr/bin/mailq -> /usr/sbin/mailwrapper
 /usr/sbin/mailwrapper -> /usr/libexec/sendmail/sendmail
 
 And of course the corresponding change to usr.sbin/Makefile.
 
 Cheers,
 -Peter
 --
 Peter Wemm - peter@FreeBSD.org; peter@yahoo-inc.com; peter@netplex.com.au
 "All of this is for nothing if we don't go to the stars" - JMS/B5
 
Responsible-Changed-From-To: freebsd-bugs->gshapiro 
Responsible-Changed-By: dougb 
Responsible-Changed-When: Thu Jan 23 02:23:57 PST 2003 
Responsible-Changed-Why:  

I think that gshapiro has already fixed this, but he's the authority. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=29699 

From: Ruslan Ermilov <ru@freebsd.org>
To: Andre Albsmeier <andre.albsmeier@siemens.com>
Cc: Doug Barton <dougb@freebsd.org>,
	Gregory Neil Shapiro <gshapiro@freebsd.org>, bug-followup@freebsd.org
Subject: Re: conf/29699: Setting NO_MAILWRAPPER results in a  system without working MTA
Date: Fri, 24 Jan 2003 11:00:12 +0200

 On Fri, Jan 24, 2003 at 08:12:13AM +0100, Andre Albsmeier wrote:
 > On Thu, 23-Jan-2003 at 02:24:28 -0800, Doug Barton wrote:
 > > Synopsis: Setting NO_MAILWRAPPER results in a  system without working MTA
 > > 
 > > Responsible-Changed-From-To: freebsd-bugs->gshapiro
 > > Responsible-Changed-By: dougb
 > > Responsible-Changed-When: Thu Jan 23 02:23:57 PST 2003
 > > Responsible-Changed-Why: 
 > > 
 > > I think that gshapiro has already fixed this, but he's the authority.
 > > 
 > > http://www.freebsd.org/cgi/query-pr.cgi?pr=29699
 > 
 > Hmm, it seems the problem persists... At least in 4-STABLE.
 > 
 IIRC, this has something to do with the way install(1) works
 with symlinks, and the problem is still not addressed.
 
 Gregory, if that turns out to be the case, feel free to
 re-assign this PR to me -- this way I will start dealing
 with it faster.  :-)
 
 
 Cheers,
 -- 
 Ruslan Ermilov		Sysadmin and DBA,
 ru@sunbay.com		Sunbay Software AG,
 ru@FreeBSD.org		FreeBSD committer,
 +380.652.512.251	Simferopol, Ukraine
 
 http://www.FreeBSD.org	The Power To Serve
 http://www.oracle.com	Enabling The Information Age
Responsible-Changed-From-To: gshapiro->ru 
Responsible-Changed-By: gshapiro 
Responsible-Changed-When: Thu Jan 30 15:00:33 PST 2003 
Responsible-Changed-Why:  
Ruslan has graciously volunteered to tackle this and can probably do it 
faster than I would have time to do. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=29699 
State-Changed-From-To: open->closed 
State-Changed-By: ru 
State-Changed-When: Wed Apr 16 04:02:14 PDT 2003 
State-Changed-Why:  
Fixed. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=29699 
>Unformatted:
