-- Increased some static buffer sizes.

-- Added security features to "-u" option -- it now implies -r.
-- Remind refuses to run if installed set-uid or set-gid.

WHATSNEW.30

@@ -16,7 +16,12 @@ CHANGES TO REMIND
 + BUG FIXES
 
 - Increased sizes of some statically-allocated buffers.  This doesn't
-  really fix the problem, but makes it more manageable.
+  really fix the problem, but makes it more manageable.  Because of
+  the risk of statically-allocated buffers, REMIND now refuses to
+  run if it is installed set-uid or set-gid.
+
+- Using the "-u" option now implies the "-r" option.  This is a
+  security feature.
 
 - Added romanian.h to the manifest.  Sorry.
 

init.c

@@ -12,7 +12,7 @@
 /***************************************************************/
 
 #include "config.h"
-static char const RCSID[] = "$Id: init.c,v 1.5 1997-03-30 19:07:40 dfs Exp $";
+static char const RCSID[] = "$Id: init.c,v 1.6 1997-07-30 01:30:56 dfs Exp $";
 
 #define L_IN_INIT 1
 #include <stdio.h>
@@ -112,6 +112,15 @@ char *argv[];
     int y, m, d, rep;
     Token tok;
 
+    /* Make sure remind is not installed set-uid or set-gid */
+#ifdef UNIX
+    if (getgid() != getegid() ||
+	getuid() != geteuid()) {
+	fprintf(ErrFp, "\nRemind should not be installed set-uid or set-gid.\nCHECK YOUR SYSTEM SECURITY.\n");
+	exit(1);
+    }
+#endif
+
     y = NO_YR;
     m = NO_MON;
     d = NO_DAY;
@@ -225,6 +234,7 @@ char *argv[];
 	    case 'u':
 	    case 'U':
 		ChgUser(arg);
+		RunDisabled = 1;
 		while (*arg) arg++;
 		break;
 #endif	       

remind.1

@@ -1,5 +1,5 @@
-.\" $Id: remind.1,v 1.7 1996-12-18 00:20:47 dfs Exp $
-.TH REMIND 1 "27 April 1996"
+.\" $Id: remind.1,v 1.8 1997-07-30 01:30:57 dfs Exp $
+.TH REMIND 1 "29 July 1997"
 .UC 4
 .SH NAME
 remind \- a sophisticated reminder service
@@ -15,6 +15,8 @@ If \fIfilename\fR is specified as a single dash '-', then \fBRemind\fR
 takes its input from standard input.  This also implicitly enables
 the \fB\-o\fR option, described below.
 .SH OPTIONS
+\fBRemind\fR has a slew of options.  If you're new to the program,
+ignore them for now and skip to the section "Reminder Files".
 .TP
 .B \-n
 The \fB\-n\fR option causes \fBRemind\fR to print the \fBnext\fR occurrence
@@ -179,7 +181,9 @@ The option changes the uid and gid as described, and sets the
 environment variables HOME, SHELL and USER to the home directory, shell,
 and user name, respectively, of the specified user.  LOGNAME is also
 set to the specified user name.  This option is meant for
-use in shell scripts which mail reminders to all users.
+use in shell scripts which mail reminders to all users.  Note that
+as of Remind 3.0.17, using \fB\-u\fR implies \fB\-r\fR -- the RUN
+directive and shell() functions are disabled.
 .PP
 .RS
 Non-root users can also use the \fB\-u\fR option.  However, in this