1 | .\" Dummy comment to avoid confusing man |
---|
2 | .so /usr/athena/share/tmac/tmac.doc |
---|
3 | .\" Copyright (c) 1998 Sendmail, Inc. All rights reserved. |
---|
4 | .\" Copyright (c) 1993 Eric P. Allman. All rights reserved. |
---|
5 | .\" Copyright (c) 1993 |
---|
6 | .\" The Regents of the University of California. All rights reserved. |
---|
7 | .\" |
---|
8 | .\" By using this file, you agree to the terms and conditions set |
---|
9 | .\" forth in the LICENSE file which can be found at the top level of |
---|
10 | .\" the sendmail distribution. |
---|
11 | .\" |
---|
12 | .\" |
---|
13 | .\" @(#)smrsh.8 8.7 (Berkeley) 5/19/1998 |
---|
14 | .\" |
---|
15 | .TH SMRSH 8 11/02/93 |
---|
16 | .SH NAME |
---|
17 | smrsh \- restricted shell for sendmail |
---|
18 | .SH SYNOPSIS |
---|
19 | .B smrsh |
---|
20 | .B \-c |
---|
21 | command |
---|
22 | .SH DESCRIPTION |
---|
23 | The |
---|
24 | .I smrsh |
---|
25 | program is intended as a replacement for |
---|
26 | .I sh |
---|
27 | for use in the ``prog'' mailer in |
---|
28 | .IR sendmail (8) |
---|
29 | configuration files. |
---|
30 | It sharply limits the commands that can be run using the |
---|
31 | ``|program'' syntax of |
---|
32 | .I sendmail |
---|
33 | in order to improve the over all security of your system. |
---|
34 | Briefly, even if a ``bad guy'' can get sendmail to run a program |
---|
35 | without going through an alias or forward file, |
---|
36 | .I smrsh |
---|
37 | limits the set of programs that he or she can execute. |
---|
38 | .Pp |
---|
39 | Briefly, |
---|
40 | .I smrsh |
---|
41 | limits programs to be in the directory |
---|
42 | /usr/adm/sm.bin, |
---|
43 | allowing the system administrator to choose the set of acceptable commands. |
---|
44 | It also rejects any commands with the characters |
---|
45 | `\`', `<', `>', `|', `;', `&', `$', `(', `)', `\er' (carriage return), |
---|
46 | or `\en' (newline) |
---|
47 | on the command line to prevent ``end run'' attacks. |
---|
48 | .Pp |
---|
49 | Initial pathnames on programs are stripped, |
---|
50 | so forwarding to ``/usr/ucb/vacation'', |
---|
51 | ``/usr/bin/vacation'', |
---|
52 | ``/home/server/mydir/bin/vacation'', |
---|
53 | and |
---|
54 | ``vacation'' |
---|
55 | all actually forward to |
---|
56 | ``/usr/adm/sm.bin/vacation''. |
---|
57 | .Pp |
---|
58 | System administrators should be conservative about populating |
---|
59 | /usr/adm/sm.bin. |
---|
60 | Reasonable additions are |
---|
61 | .IR vacation (1), |
---|
62 | .IR procmail (1), |
---|
63 | and the like. |
---|
64 | No matter how brow-beaten you may be, |
---|
65 | never include any shell or shell-like program |
---|
66 | (such as |
---|
67 | .IR perl (1)) |
---|
68 | in the |
---|
69 | sm.bin |
---|
70 | directory. |
---|
71 | Note that this does not restrict the use of shell or perl scripts |
---|
72 | in the sm.bin directory (using the ``#!'' syntax); |
---|
73 | it simply disallows execution of arbitrary programs. |
---|
74 | .SH COMPILATION |
---|
75 | Compilation should be trivial on most systems. |
---|
76 | You may need to use \-DPATH=\e"\fIpath\fP\e" |
---|
77 | to adjust the default search path |
---|
78 | (defaults to ``/bin:/usr/bin:/usr/ucb'') |
---|
79 | and/or \-DCMDBIN=\e"\fIdir\fP\e" |
---|
80 | to change the default program directory |
---|
81 | (defaults to ``/usr/adm/sm.bin''). |
---|
82 | .SH FILES |
---|
83 | /usr/adm/sm.bin \- directory for restricted programs |
---|
84 | .SH SEE ALSO |
---|
85 | sendmail(8) |
---|