Well, that was fast! A number of replies have arrived already. The first,
and (thus far) most helpful came from Debra Alpert <alpert_at_fas.harvard.edu>,
who writes ...
>> We've seen precisely the same problem at our site, where we're running
>> Digital Unix 4.0B. Our loghost is an alphastation 255/300, and we're
>> running sendmail 8.8.8. We also noticed, however, that on the loghost, the
>> random placement of messages can occur for any facility, not just mail. We
>> placed a call with DEC support, and they said that this is in fact a bug.
>> It is supposed to be fixed (for 4.0B) in patch_kits 5 and 6. We just
>> installed patch_kit 6 on some of our hosts yesterday, so I can't confirm
>> whether the patch resolves the problem or not.
... and ...
>> We installed the jumbo patch on only 6 of about 70 systems at our
>> site, but after we collect some data from those few machines, I'll email
>> you back with results. DEC claims the patch_kit is the cure. You should
>> probably go straight to patch_kit 6; patch_kit 5 opens a number of
>> security loopholes involving setuid functions and core files. I was able
>> to hack root using two of these exploits. These problems are addressed in
>> the later patch_kit.
So it looks as if this is the solution. One last question, if anyone knows:
Is this particular bugfix bundled into 4.0d, or if not, is there a patchkit
out for 4.0d which fixes the problem?
Mark Bartelt 416/978-5619
Canadian Institute for mark_at_cita.utoronto.ca
Theoretical Astrophysics
http://www.cita.utoronto.ca/~mark
"Sheep not busy being shorn are busy frying" -- Dylan, at a NZ lamb barbecue
[ singing "It's all right, ma (I'm only bleating)" ]
Received on Thu Feb 12 1998 - 17:33:12 NZDT