1 | |
---|
2 | |
---|
3 | |
---|
4 | SMRSH(8) SMRSH(8) |
---|
5 | |
---|
6 | |
---|
7 | NNAAMMEE |
---|
8 | smrsh - restricted shell for sendmail |
---|
9 | |
---|
10 | SSYYNNOOPPSSIISS |
---|
11 | ssmmrrsshh --cc command |
---|
12 | |
---|
13 | DDEESSCCRRIIPPTTIIOONN |
---|
14 | The _s_m_r_s_h program is intended as a replacement for _s_h for |
---|
15 | use in the ``prog'' mailer in _s_e_n_d_m_a_i_l(8) configuration |
---|
16 | files. It sharply limits the commands that can be run |
---|
17 | using the ``|program'' syntax of _s_e_n_d_m_a_i_l in order to |
---|
18 | improve the over all security of your system. Briefly, |
---|
19 | even if a ``bad guy'' can get sendmail to run a program |
---|
20 | without going through an alias or forward file, _s_m_r_s_h lim- |
---|
21 | its the set of programs that he or she can execute. |
---|
22 | |
---|
23 | Briefly, _s_m_r_s_h limits programs to be in a single direc- |
---|
24 | tory, by default /usr/adm/sm.bin, allowing the system |
---|
25 | administrator to choose the set of acceptable commands, |
---|
26 | and to the shell builtin commands ``exec'', ``exit'', and |
---|
27 | ``echo''. It also rejects any commands with the charac- |
---|
28 | ters ``', `<', `>', `;', `$', `(', `)', `\r' (carriage |
---|
29 | return), or `\n' (newline) on the command line to prevent |
---|
30 | ``end run'' attacks. It allows ``||'' and ``&&'' to |
---|
31 | enable commands like: ``"|exec /usr/local/bin/procmail -f- |
---|
32 | /etc/procmailrcs/user || exit 75"'' |
---|
33 | |
---|
34 | Initial pathnames on programs are stripped, so forwarding |
---|
35 | to ``/usr/ucb/vacation'', ``/usr/bin/vacation'', |
---|
36 | ``/home/server/mydir/bin/vacation'', and ``vacation'' all |
---|
37 | actually forward to ``/usr/adm/sm.bin/vacation''. |
---|
38 | |
---|
39 | System administrators should be conservative about popu- |
---|
40 | lating the sm.bin directory. Reasonable additions are |
---|
41 | _v_a_c_a_t_i_o_n(1), _p_r_o_c_m_a_i_l(1), and the like. No matter how |
---|
42 | brow-beaten you may be, never include any shell or shell- |
---|
43 | like program (such as _p_e_r_l(1)) in the sm.bin directory. |
---|
44 | Note that this does not restrict the use of shell or perl |
---|
45 | scripts in the sm.bin directory (using the ``#!'' syntax); |
---|
46 | it simply disallows execution of arbitrary programs. |
---|
47 | |
---|
48 | CCOOMMPPIILLAATTIIOONN |
---|
49 | Compilation should be trivial on most systems. You may |
---|
50 | need to use -DSMRSH_PATH=\"_p_a_t_h\" to adjust the default |
---|
51 | search path (defaults to ``/bin:/usr/bin:/usr/ucb'') |
---|
52 | and/or -DSMRSH_CMDDIR=\"_d_i_r\" to change the default pro- |
---|
53 | gram directory (defaults to ``/usr/adm/sm.bin''). |
---|
54 | |
---|
55 | FFIILLEESS |
---|
56 | /usr/adm/sm.bin - directory for restricted programs |
---|
57 | |
---|
58 | SSEEEE AALLSSOO |
---|
59 | sendmail(8) |
---|
60 | |
---|
61 | |
---|
62 | |
---|
63 | |
---|
64 | $Date: 2003-04-08 15:09:33 $ 1 |
---|
65 | |
---|
66 | |
---|