$Name: release2_0-12 $
$Id: EMAIL_NOTIFICATION,v 1.3 2001/06/19 18:22:10 ttsai Exp $

Libsafe-1.3 contained a facility for sending email whenever it detected a
buffer overflow violation.  Several people expressed concerns about the
implementation of the email code, especially since it relied on an external
mail program to send the email.  The overriding concern was that software that
is intended to increase security (such as libsafe) should not present
additional vulnerabilities.

For libsafe-2.0, we considered deleting the email code.  However, we feel that
a notification capability is quite valuable.  After all, most people do not
constantly check their log files.  As a compromise, we have overhauled the
email code and kept the Makefile default of omitting the email code.

The new code tries to establish a direct connection to the SMTP port.
Obviously, some sort of mail agent has to be listening on the SMTP port for
that machine.  No forks, execs, or temporary files are used.  

To use email notification, you have to add -DNOTIFY_WITH_EMAIL to CCFLAGS.
I.e., make line 35 of libsafe/src/Makefile look like

    CCFLAGS		= -O2 -Wall -DNDEBUG -fPIC -DNOTIFY_WITH_EMAIL

Then do a "make" followed by a "make install".  The recipient of the email is
determined based on the following conditions:

    1.	If the file /etc/libsafe.notify exists, then mail is sent to the
	recipients listed in that file.  Each recipient must be listed on a
	separate line.
    2.	Otherwise, mail is sent to root@localhost.

Note that the mail transfer agent for the local machine must be configured
properly.  In particular, if any of the recipients are on a different machine
than the local machine, the mail agent must be capable of relaying mail to the
remote machines.
