1 | |
---|
2 | |
---|
3 | |
---|
4 | SMRSH(8) SMRSH(8) |
---|
5 | |
---|
6 | |
---|
7 | NNAAMMEE |
---|
8 | smrsh - restricted shell for sendmail |
---|
9 | |
---|
10 | SSYYNNOOPPSSIISS |
---|
11 | ssmmrrsshh --cc command |
---|
12 | |
---|
13 | DDEESSCCRRIIPPTTIIOONN |
---|
14 | The _s_m_r_s_h program is intended as a replacement for _s_h for |
---|
15 | use in the ``prog'' mailer in _s_e_n_d_m_a_i_l(8) configuration |
---|
16 | files. It sharply limits the commands that can be run |
---|
17 | using the ``|program'' syntax of _s_e_n_d_m_a_i_l in order to |
---|
18 | improve the over all security of your system. Briefly, |
---|
19 | even if a ``bad guy'' can get sendmail to run a program |
---|
20 | without going through an alias or forward file, _s_m_r_s_h lim- |
---|
21 | its the set of programs that he or she can execute. |
---|
22 | |
---|
23 | Briefly, _s_m_r_s_h limits programs to be in the directory |
---|
24 | /usr/adm/sm.bin, allowing the system administrator to |
---|
25 | choose the set of acceptable commands. It also rejects |
---|
26 | any commands with the characters ``', `<', `>', `|', `;', |
---|
27 | `&', `$', `(', `)', `\r' (carriage return), or `\n' (new- |
---|
28 | line) on the command line to prevent ``end run'' attacks. |
---|
29 | |
---|
30 | Initial pathnames on programs are stripped, so forwarding |
---|
31 | to ``/usr/ucb/vacation'', ``/usr/bin/vacation'', |
---|
32 | ``/home/server/mydir/bin/vacation'', and ``vacation'' all |
---|
33 | actually forward to ``/usr/adm/sm.bin/vacation''. |
---|
34 | |
---|
35 | System administrators should be conservative about popu- |
---|
36 | lating /usr/adm/sm.bin. Reasonable additions are _v_a_c_a_- |
---|
37 | _t_i_o_n(1), _p_r_o_c_m_a_i_l(1), and the like. No matter how brow- |
---|
38 | beaten you may be, never include any shell or shell-like |
---|
39 | program (such as _p_e_r_l(1)) in the sm.bin directory. Note |
---|
40 | that this does not restrict the use of shell or perl |
---|
41 | scripts in the sm.bin directory (using the ``#!'' syntax); |
---|
42 | it simply disallows execution of arbitrary programs. |
---|
43 | |
---|
44 | CCOOMMPPIILLAATTIIOONN |
---|
45 | Compilation should be trivial on most systems. You may |
---|
46 | need to use -DPATH=\"_p_a_t_h\" to adjust the default search |
---|
47 | path (defaults to ``/bin:/usr/bin:/usr/ucb'') and/or |
---|
48 | -DCMDBIN=\"_d_i_r\" to change the default program directory |
---|
49 | (defaults to ``/usr/adm/sm.bin''). |
---|
50 | |
---|
51 | FFIILLEESS |
---|
52 | /usr/adm/sm.bin - directory for restricted programs |
---|
53 | |
---|
54 | SSEEEE AALLSSOO |
---|
55 | sendmail(8) |
---|
56 | |
---|
57 | |
---|
58 | |
---|
59 | |
---|
60 | |
---|
61 | |
---|
62 | |
---|
63 | |
---|
64 | 11/02/93 1 |
---|
65 | |
---|
66 | |
---|