1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
|
SMRSH(8) SMRSH(8)
N�NA�AM�ME�E
smrsh - restricted shell for sendmail
S�SY�YN�NO�OP�PS�SI�IS�S
s�sm�mr�rs�sh�h -�-c�c command
D�DE�ES�SC�CR�RI�IP�PT�TI�IO�ON�N
The _�s_�m_�r_�s_�h program is intended as a replacement for _�s_�h for
use in the ``prog'' mailer in _�s_�e_�n_�d_�m_�a_�i_�l(8) configuration
files. It sharply limits the commands that can be run
using the ``|program'' syntax of _�s_�e_�n_�d_�m_�a_�i_�l in order to
improve the over all security of your system. Briefly,
even if a ``bad guy'' can get sendmail to run a program
without going through an alias or forward file, _�s_�m_�r_�s_�h lim-
its the set of programs that he or she can execute.
Briefly, _�s_�m_�r_�s_�h limits programs to be in the directory
/usr/adm/sm.bin, allowing the system administrator to
choose the set of acceptable commands. It also rejects
any commands with the characters ``', `<', `>', `|', `;',
`&', `$', `(', `)', `\r' (carriage return), or `\n' (new-
line) on the command line to prevent ``end run'' attacks.
Initial pathnames on programs are stripped, so forwarding
to ``/usr/ucb/vacation'', ``/usr/bin/vacation'',
``/home/server/mydir/bin/vacation'', and ``vacation'' all
actually forward to ``/usr/adm/sm.bin/vacation''.
System administrators should be conservative about popu-
lating /usr/adm/sm.bin. Reasonable additions are _�v_�a_�c_�a_�-
_�t_�i_�o_�n(1), _�p_�r_�o_�c_�m_�a_�i_�l(1), and the like. No matter how brow-
beaten you may be, never include any shell or shell-like
program (such as _�p_�e_�r_�l(1)) in the sm.bin directory. Note
that this does not restrict the use of shell or perl
scripts in the sm.bin directory (using the ``#!'' syntax);
it simply disallows execution of arbitrary programs.
C�CO�OM�MP�PI�IL�LA�AT�TI�IO�ON�N
Compilation should be trivial on most systems. You may
need to use -DPATH=\"_�p_�a_�t_�h\" to adjust the default search
path (defaults to ``/bin:/usr/bin:/usr/ucb'') and/or
-DCMDBIN=\"_�d_�i_�r\" to change the default program directory
(defaults to ``/usr/adm/sm.bin'').
F�FI�IL�LE�ES�S
/usr/adm/sm.bin - directory for restricted programs
S�SE�EE�E A�AL�LS�SO�O
sendmail(8)
11/02/93 1
|
