6 files changed, 633 insertions, 0 deletions

diff --git a/smrsh/Makefile b/smrsh/Makefile
new file mode 100644
index 0000000..f2629a8
--- /dev/null
+++ b/smrsh/Makefile
@@ -0,0 +1,8 @@
+#	@(#)Makefile	8.1 (Berkeley) 7/2/95
+
+PROG=	smrsh
+MAN8=	smrsh.0
+CFLAGS+=-I${.CURDIR}/../src -DNDBM -DNEWDB
+
+.include "../../Makefile.inc"
+.include <bsd.prog.mk>
diff --git a/smrsh/Makefile.dist b/smrsh/Makefile.dist
new file mode 100644
index 0000000..52b4a20
--- /dev/null
+++ b/smrsh/Makefile.dist
@@ -0,0 +1,76 @@
+#
+#  This Makefile is designed to work on the old "make" program.  It does
+#  not use the obj subdirectory.  It also does not install documentation
+#  automatically -- think of it as a quick start for sites that have the
+#  old make program (I recommend that you get and port the new make if you
+#  are going to be doing any signficant work on sendmail).
+#
+#	@(#)Makefile.dist	8.2 (Berkeley) 9/25/96
+#
+
+# use O=-O (usual) or O=-g (debugging)
+O=	-O
+
+# location of sendmail source directory
+SRCDIR=	../src
+
+# environment definitions (e.g., -D_AIX3)
+ENVDEF=
+
+# include directories
+INCDIRS=-I${SRCDIR} -I/usr/sww/include
+
+# loader options
+LDOPTS=
+
+# library directories
+LIBDIRS=-L/usr/sww/lib
+
+# libraries required on your system
+LIBS=	
+
+# location of smrsh binary (usually /usr/libexec or /usr/etc)
+BINDIR=	${DESTDIR}/usr/libexec
+
+# additional .o files needed
+OBJADD=
+
+###################  end of user configuration flags  ######################
+
+CFLAGS=	-I. $O ${INCDIRS} ${ENVDEF}
+
+OBJS=	smrsh.o ${OBJADD}
+
+BINOWN=	bin
+BINGRP=	bin
+BINMODE=555
+
+ALL=	smrsh smrsh.0
+
+all: ${ALL}
+
+smrsh: ${BEFORE} ${OBJS}
+	${CC} -o smrsh ${LDOPTS} ${OBJS} ${LIBDIRS} ${LIBS}
+
+# Which *roff program has -mandoc support
+NROFF=	groff -Tascii
+#NROFF=	nroff -h
+MANDOC=	-mandoc
+
+smrsh.0: smrsh.8
+	${NROFF} ${MANDOC} smrsh.8 > smrsh.0
+
+install: install-smrsh install-docs
+
+install-smrsh: smrsh
+	install -o ${BINOWN} -g ${BINGRP} -m ${BINMODE} smrsh ${BINDIR}
+
+# doesn't actually install them -- you may want to install pre-nroff versions
+install-docs: smrsh.0
+
+clean:
+	rm -f ${OBJS} smrsh smrsh.0
+
+# dependencies
+#   gross overkill, and yet still not quite enough....
+${OBJS}: ${SRCDIR}/conf.h
diff --git a/smrsh/README b/smrsh/README
new file mode 100644
index 0000000..13f545c
--- /dev/null
+++ b/smrsh/README
@@ -0,0 +1,144 @@
+
+
+
+README  smrsh - sendmail restricted shell.
+
+	@(#)README	8.2	11/11/95
+
+
+This README file is provided as a courtesy of the CERT Coordination Center,
+Software Engineering Institute, Carnegie Mellon University.  This file is 
+intended as a supplement to the CERT advisory CA-93:16.sendmail.vulnerability,
+and to the software, smrsh.c, written by Eric Allman.
+
+
+
+The smrsh(8) program is intended as a replacement for /bin/sh in the
+program mailer definition of sendmail(8).  This README file describes
+the steps needed to compile and install smrsh.
+
+smrsh is a restricted shell utility that provides the ability to
+specify, through a configuration, an explicit list of executable
+programs.  When used in conjunction with sendmail, smrsh effectively
+limits sendmail's scope of program execution to only those programs
+specified in smrsh's configuration.
+
+smrsh has been written with portability in mind, and uses traditional 
+Unix library utilities.  As such, smrsh should compile on most
+Unix C compilers.
+
+
+
+To compile smrsh.c, use the following command:
+
+host.domain% cc -o smrsh smrsh.c
+
+For machines that provide dynamic linking, it is advisable to compile
+smrsh without dynamic linking.  As an example with the Sun Microsystems
+compiler, you should compile with the -Bstatic option.
+
+host.domain% cc -Bstatic -o smrsh smrsh.c
+
+
+Choose a directory that smrsh will reside in.  We will use the traditional 
+/usr/local/etc directory for the remainder of this document.
+
+As root, install smrsh in /usr/local/etc directory, with mode 511.
+
+host.domain# mv smrsh /usr/local/etc
+host.domain# chmod 511 /usr/local/etc/smrsh
+
+
+
+Next, determine the list of commands that smrsh should allow sendmail
+to run.  This list of allowable commands can be determined by:
+
+   1.  examining your /etc/aliases file, to indicate what commands 
+       are being used by the system. 
+
+   2.  surveying your host's .forward files, to determine what 
+       commands users have specified.  
+
+See the man page for aliases(5) if you are unfamiliar with the format of 
+these specifications. Additionally, you should include in the list, 
+popular commands such as /usr/ucb/vacation.
+
+You should NOT include interpreter programs such as sh(1), csh(1),
+perl(1), uudecode(1) or the stream editor sed(1) in your list of 
+acceptable commands.
+
+
+You will next need to create the directory /usr/adm/sm.bin and populate 
+it with the programs that your site feels are allowable for sendmail
+to execute.   This directory is explicitly specified in the source
+code for smrsh, so changing this directory must be accompanied with
+a change in smrsh.c.
+
+
+You will have to be root to make these modifications.
+
+After creating the /usr/adm/sm.bin directory, either copy the programs
+to the directory, or establish links to the allowable programs from
+/usr/adm/sm.bin.  Change the file permissions, so that these programs
+can not be modified by non-root users.  If you use links, you should
+ensure that the target programs are not modifiable.
+
+To allow the popular vacation(1) program by creating a link in the 
+/usr/adm/sm.bin directory, you should:
+
+host.domain# cd /usr/adm/sm.bin
+host.domain# ln -s /usr/ucb/vacation vacation
+
+
+
+
+After populating the /usr/adm/sm.bin directory, you can now configure
+sendmail to use the restricted shell.  Save the current sendmail.cf
+file prior to modifying it, as a prudent precaution.
+
+Typically, the program mailer is defined by a single line in the 
+sendmail configuration file, sendmail.cf.  This file is traditionally
+found in the /etc, /usr/lib or /etc/mail directories, depending on 
+the UNIX vendor.
+
+If you are unsure of the location of the actual sendmail configuration
+file, a search of the strings(1) output of the sendmail binary, will
+help to locate it.
+
+In order to configure sendmail to use smrsh, you must modify the Mprog 
+definition in the sendmail.cf file, by replacing the /bin/sh specification 
+with /usr/local/etc/smrsh.
+
+As an example:
+
+In most Sun Microsystems' sendmail.cf files, the line is:
+Mprog,	P=/bin/sh,   F=lsDFMeuP,  S=10, R=20, A=sh -c $u
+
+which should be changed to:
+Mprog,	P=/usr/local/etc/smrsh,   F=lsDFMeuP,  S=10, R=20, A=sh -c $u
+          ^^^^^^^^^^^^^^^^^^^^
+
+A more generic line may be:
+Mprog,		P=/bin/sh, F=lsDFM, A=sh -c $u
+
+and should be changed to;
+Mprog,		P=/usr/local/etc/smrsh, F=lsDFM, A=sh -c $u
+
+
+After modifying the Mprog definition in the sendmail.cf file, if a frozen 
+configuration file is being used, it is essential to create a new one.
+You can determine if you need a frozen configuration by discovering
+if a sendmail.fc file currently exists in either the /etc/, /usr/lib,
+or /etc/mail directories.  The specific location can be determined using
+a search of the strings(1) output of the sendmail binary.
+
+In order to create a new frozen configuration, if it is required:
+host.domain# /usr/lib/sendmail -bz
+
+Now re-start the sendmail process.  An example of how to do this on 
+a typical system follows:
+ 
+host.domain# /usr/bin/ps aux | /usr/bin/grep sendmail
+root 130  0.0  0.0  168    0 ?  IW   Oct  2  0:10 /usr/lib/sendmail -bd -q
+host.domain# /bin/kill -9 130
+host.domain# /usr/lib/sendmail -bd -q30m
diff --git a/smrsh/smrsh.0 b/smrsh/smrsh.0
new file mode 100644
index 0000000..95a3dbf
--- /dev/null
+++ b/smrsh/smrsh.0
@@ -0,0 +1,66 @@
+
+
+
+SMRSH(8)                                                 SMRSH(8)
+
+
+NNAAMMEE
+       smrsh - restricted shell for sendmail
+
+SSYYNNOOPPSSIISS
+       ssmmrrsshh --cc command
+
+DDEESSCCRRIIPPTTIIOONN
+       The  _s_m_r_s_h program is intended as a replacement for _s_h for
+       use in the ``prog'' mailer  in  _s_e_n_d_m_a_i_l(8)  configuration
+       files.   It  sharply  limits  the commands that can be run
+       using the ``|program'' syntax  of  _s_e_n_d_m_a_i_l  in  order  to
+       improve  the  over  all security of your system.  Briefly,
+       even if a ``bad guy'' can get sendmail to  run  a  program
+       without going through an alias or forward file, _s_m_r_s_h lim-
+       its the set of programs that he or she can execute.
+
+       Briefly, _s_m_r_s_h limits programs  to  be  in  the  directory
+       /usr/adm/sm.bin,  allowing  the  system  administrator  to
+       choose the set of acceptable commands.   It  also  rejects
+       any  commands with the characters ``', `<', `>', `|', `;',
+       `&', `$', `(', `)', `\r' (carriage return), or `\n'  (new-
+       line)  on the command line to prevent ``end run'' attacks.
+
+       Initial pathnames on programs are stripped, so  forwarding
+       to      ``/usr/ucb/vacation'',      ``/usr/bin/vacation'',
+       ``/home/server/mydir/bin/vacation'', and ``vacation''  all
+       actually forward to ``/usr/adm/sm.bin/vacation''.
+
+       System  administrators  should be conservative about popu-
+       lating /usr/adm/sm.bin.  Reasonable  additions  are  _v_a_c_a_-
+       _t_i_o_n(1),  _p_r_o_c_m_a_i_l(1),  and the like.  No matter how brow-
+       beaten you may be, never include any shell  or  shell-like
+       program  (such  as _p_e_r_l(1)) in the sm.bin directory.  Note
+       that this does not restrict  the  use  of  shell  or  perl
+       scripts in the sm.bin directory (using the ``#!'' syntax);
+       it simply disallows execution of arbitrary programs.
+
+CCOOMMPPIILLAATTIIOONN
+       Compilation should be trivial on most  systems.   You  may
+       need  to  use -DPATH=\"_p_a_t_h\" to adjust the default search
+       path  (defaults  to   ``/bin:/usr/bin:/usr/ucb'')   and/or
+       -DCMDBIN=\"_d_i_r\"  to  change the default program directory
+       (defaults to ``/usr/adm/sm.bin'').
+
+FFIILLEESS
+       /usr/adm/sm.bin - directory for restricted programs
+
+SSEEEE AALLSSOO
+       sendmail(8)
+
+
+
+
+
+
+
+
+                             11/02/93                           1
+
+
diff --git a/smrsh/smrsh.8 b/smrsh/smrsh.8
new file mode 100644
index 0000000..a28bd0a
--- /dev/null
+++ b/smrsh/smrsh.8
@@ -0,0 +1,105 @@
+.\" Copyright (c) 1993	Eric P. Allman
+.\" Copyright (c) 1993
+.\"     The Regents of the University of California.  All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. All advertising materials mentioning features or use of this software
+.\"    must display the following acknowledgement:
+.\"	This product includes software developed by the University of
+.\"	California, Berkeley and its contributors.
+.\" 4. Neither the name of the University nor the names of its contributors
+.\"    may be used to endorse or promote products derived from this software
+.\"    without specific prior written permission.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\"     @(#)smrsh.8	8.2 (Berkeley) 1/9/96
+.\"
+.TH SMRSH 8 11/02/93
+.SH NAME
+smrsh \- restricted shell for sendmail
+.SH SYNOPSIS
+.B smrsh
+.B \-c
+command
+.SH DESCRIPTION
+The
+.I smrsh
+program is intended as a replacement for
+.I sh
+for use in the ``prog'' mailer in
+.IR sendmail (8)
+configuration files.
+It sharply limits the commands that can be run using the
+``|program'' syntax of
+.I sendmail
+in order to improve the over all security of your system.
+Briefly, even if a ``bad guy'' can get sendmail to run a program
+without going through an alias or forward file,
+.I smrsh
+limits the set of programs that he or she can execute.
+.PP
+Briefly,
+.I smrsh
+limits programs to be in the directory
+/usr/adm/sm.bin,
+allowing the system administrator to choose the set of acceptable commands.
+It also rejects any commands with the characters
+`\`', `<', `>', `|', `;', `&', `$', `(', `)', `\er' (carriage return),
+or `\en' (newline)
+on the command line to prevent ``end run'' attacks.
+.PP
+Initial pathnames on programs are stripped,
+so forwarding to ``/usr/ucb/vacation'',
+``/usr/bin/vacation'',
+``/home/server/mydir/bin/vacation'',
+and
+``vacation''
+all actually forward to
+``/usr/adm/sm.bin/vacation''.
+.PP
+System administrators should be conservative about populating
+/usr/adm/sm.bin.
+Reasonable additions are
+.IR vacation (1),
+.IR procmail (1),
+and the like.
+No matter how brow-beaten you may be,
+never include any shell or shell-like program
+(such as
+.IR perl (1))
+in the
+sm.bin
+directory.
+Note that this does not restrict the use of shell or perl scripts
+in the sm.bin directory (using the ``#!'' syntax);
+it simply disallows execution of arbitrary programs.
+.SH COMPILATION
+Compilation should be trivial on most systems.
+You may need to use \-DPATH=\e"\fIpath\fP\e"
+to adjust the default search path
+(defaults to ``/bin:/usr/bin:/usr/ucb'')
+and/or \-DCMDBIN=\e"\fIdir\fP\e"
+to change the default program directory
+(defaults to ``/usr/adm/sm.bin'').
+.SH FILES
+/usr/adm/sm.bin \- directory for restricted programs
+.SH SEE ALSO
+sendmail(8)
diff --git a/smrsh/smrsh.c b/smrsh/smrsh.c
new file mode 100644
index 0000000..c3314e6
--- /dev/null
+++ b/smrsh/smrsh.c
@@ -0,0 +1,234 @@
+/*
+ * Copyright (c) 1993 Eric P. Allman
+ * Copyright (c) 1993
+ *	The Regents of the University of California.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *	This product includes software developed by the University of
+ *	California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef lint
+static char sccsid[] = "@(#)smrsh.c	8.5 (Berkeley) 10/19/97";
+#endif /* not lint */
+
+/*
+**  SMRSH -- sendmail restricted shell
+**
+**	This is a patch to get around the prog mailer bugs in most
+**	versions of sendmail.
+**
+**	Use this in place of /bin/sh in the "prog" mailer definition
+**	in your sendmail.cf file.  You then create CMDDIR (owned by
+**	root, mode 755) and put links to any programs you want
+**	available to prog mailers in that directory.  This should
+**	include things like "vacation" and "procmail", but not "sed"
+**	or "sh".
+**
+**	Leading pathnames are stripped from program names so that
+**	existing .forward files that reference things like
+**	"/usr/ucb/vacation" will continue to work.
+**
+**	The following characters are completely illegal:
+**		<  >  |  ^  ;  &  $  `  (  ) \n \r
+**	This is more restrictive than strictly necessary.
+**
+**	To use this, edit /etc/sendmail.cf, search for ^Mprog, and
+**	change P=/bin/sh to P=/usr/local/etc/smrsh, where this compiled
+**	binary is installed /usr/local/etc/smrsh.
+**
+**	This can be used on any version of sendmail.
+**
+**	In loving memory of RTM.  11/02/93.
+*/
+
+#include <unistd.h>
+#include <stdio.h>
+#include <sys/file.h>
+#include <string.h>
+#include <ctype.h>
+#ifdef EX_OK
+# undef EX_OK
+#endif
+#include <sysexits.h>
+#include <syslog.h>
+#include <stdlib.h>
+
+/* directory in which all commands must reside */
+#ifndef CMDDIR
+# define CMDDIR		"/usr/adm/sm.bin"
+#endif
+
+/* characters disallowed in the shell "-c" argument */
+#define SPECIALS	"<|>^();&`$\r\n"
+
+/* default search path */
+#ifndef PATH
+# define PATH		"/bin:/usr/bin:/usr/ucb"
+#endif
+
+main(argc, argv)
+	int argc;
+	char **argv;
+{
+	register char *p;
+	register char *q;
+	register char *cmd;
+	int i;
+	char *newenv[2];
+	char cmdbuf[1000];
+	char pathbuf[1000];
+
+#ifndef LOG_MAIL
+	openlog("smrsh", 0);
+#else
+	openlog("smrsh", LOG_ODELAY|LOG_CONS, LOG_MAIL);
+#endif
+
+	strcpy(pathbuf, "PATH=");
+	strcat(pathbuf, PATH);
+	newenv[0] = pathbuf;
+	newenv[1] = NULL;
+
+	/*
+	**  Do basic argv usage checking
+	*/
+
+	if (argc != 3 || strcmp(argv[1], "-c") != 0)
+	{
+		fprintf(stderr, "Usage: %s -c command\n", argv[0]);
+		syslog(LOG_ERR, "usage");
+		exit(EX_USAGE);
+	}
+
+	/*
+	**  Disallow special shell syntax.  This is overly restrictive,
+	**  but it should shut down all attacks.
+	**  Be sure to include 8-bit versions, since many shells strip
+	**  the address to 7 bits before checking.
+	*/
+
+	strcpy(cmdbuf, SPECIALS);
+	for (p = cmdbuf; *p != '\0'; p++)
+		*p |= '\200';
+	strcat(cmdbuf, SPECIALS);
+	p = strpbrk(argv[2], cmdbuf);
+	if (p != NULL)
+	{
+		fprintf(stderr, "%s: cannot use %c in command\n",
+			argv[0], *p);
+		syslog(LOG_CRIT, "uid %d: attempt to use %c in command: %s",
+			getuid(), *p, argv[2]);
+		exit(EX_UNAVAILABLE);
+	}
+
+	/*
+	**  Do a quick sanity check on command line length.
+	*/
+
+	i = strlen(argv[2]);
+	if (i > (sizeof cmdbuf - sizeof CMDDIR - 2))
+	{
+		fprintf(stderr, "%s: command too long: %s\n", argv[0], argv[2]);
+		syslog(LOG_WARNING, "command too long: %.40s", argv[2]);
+		exit(EX_UNAVAILABLE);
+	}
+
+	/*
+	**  Strip off a leading pathname on the command name.  For
+	**  example, change /usr/ucb/vacation to vacation.
+	*/
+
+	/* strip leading spaces */
+	for (q = argv[2]; *q != '\0' && isascii(*q) && isspace(*q); )
+		q++;
+
+	/* find the end of the command name */
+	p = strpbrk(q, " \t");
+	if (p == NULL)
+		cmd = &q[strlen(q)];
+	else
+	{
+		*p = '\0';
+		cmd = p;
+	}
+
+	/* search backwards for last / (allow for 0200 bit) */
+	while (cmd > q)
+	{
+		if ((*--cmd & 0177) == '/')
+		{
+			cmd++;
+			break;
+		}
+	}
+
+	/* cmd now points at final component of path name */
+
+	/*
+	**  Check to see if the command name is legal.
+	*/
+
+	(void) strcpy(cmdbuf, CMDDIR);
+	(void) strcat(cmdbuf, "/");
+	(void) strcat(cmdbuf, cmd);
+#ifdef DEBUG
+	printf("Trying %s\n", cmdbuf);
+#endif
+	if (access(cmdbuf, X_OK) < 0)
+	{
+		/* oops....  crack attack possiblity */
+		fprintf(stderr, "%s: %s not available for sendmail programs\n",
+			argv[0], cmd);
+		if (p != NULL)
+			*p = ' ';
+		syslog(LOG_CRIT, "uid %d: attempt to use %s", getuid(), cmd);
+		exit(EX_UNAVAILABLE);
+	}
+	if (p != NULL)
+		*p = ' ';
+
+	/*
+	**  Create the actual shell input.
+	*/
+
+	strcpy(cmdbuf, CMDDIR);
+	strcat(cmdbuf, "/");
+	strcat(cmdbuf, cmd);
+
+	/*
+	**  Now invoke the shell
+	*/
+
+#ifdef DEBUG
+	printf("%s\n", cmdbuf);
+#endif
+	execle("/bin/sh", "/bin/sh", "-c", cmdbuf, NULL, newenv);
+	syslog(LOG_CRIT, "Cannot exec /bin/sh: %m");
+	perror("/bin/sh");
+	exit(EX_OSFILE);
+}