source: trunk/third/sendmail/smrsh/smrsh.8 @ 19208

Revision 19208, 2.7 KB checked in by zacheiss, 22 years ago (diff)
Merge with sendmail 8.12.9.
Line 
1.\" Dummy comment to avoid confusing man
2.so /usr/athena/share/tmac/tmac.doc
3.\" Copyright (c) 1998-2001 Sendmail, Inc. and its suppliers.
4.\"      All rights reserved.
5.\" Copyright (c) 1993 Eric P. Allman.  All rights reserved.
6.\" Copyright (c) 1993
7.\"     The Regents of the University of California.  All rights reserved.
8.\"
9.\" By using this file, you agree to the terms and conditions set
10.\" forth in the LICENSE file which can be found at the top level of
11.\" the sendmail distribution.
12.\"
13.\"
14.\"     $Id: smrsh.8,v 1.4 2003-04-08 15:42:16 zacheiss Exp $
15.\"
16.TH SMRSH 8 "$Date: 2003-04-08 15:42:16 $"
17.SH NAME
18smrsh \- restricted shell for sendmail
19.SH SYNOPSIS
20.B smrsh
21.B \-c
22command
23.SH DESCRIPTION
24The
25.I smrsh
26program is intended as a replacement for
27.I sh
28for use in the ``prog'' mailer in
29.IR sendmail (8)
30configuration files.
31It sharply limits the commands that can be run using the
32``|program'' syntax of
33.I sendmail
34in order to improve the over all security of your system.
35Briefly, even if a ``bad guy'' can get sendmail to run a program
36without going through an alias or forward file,
37.I smrsh
38limits the set of programs that he or she can execute.
39.Pp
40Briefly,
41.I smrsh
42limits programs to be in a single directory,
43by default
44/usr/adm/sm.bin,
45allowing the system administrator to choose the set of acceptable commands,
46and to the shell builtin commands ``exec'', ``exit'', and ``echo''.
47It also rejects any commands with the characters
48`\`', `<', `>', `;', `$', `(', `)', `\er' (carriage return),
49or `\en' (newline)
50on the command line to prevent ``end run'' attacks.
51It allows ``||'' and ``&&'' to enable commands like:
52``"|exec /usr/local/bin/procmail -f- /etc/procmailrcs/user || exit 75"''
53.Pp
54Initial pathnames on programs are stripped,
55so forwarding to ``/usr/ucb/vacation'',
56``/usr/bin/vacation'',
57``/home/server/mydir/bin/vacation'',
58and
59``vacation''
60all actually forward to
61``/usr/adm/sm.bin/vacation''.
62.Pp
63System administrators should be conservative about populating
64the sm.bin directory.
65Reasonable additions are
66.IR vacation (1),
67.IR procmail (1),
68and the like.
69No matter how brow-beaten you may be,
70never include any shell or shell-like program
71(such as
72.IR perl (1))
73in the
74sm.bin
75directory.
76Note that this does not restrict the use of shell or perl scripts
77in the sm.bin directory (using the ``#!'' syntax);
78it simply disallows execution of arbitrary programs.
79.SH COMPILATION
80Compilation should be trivial on most systems.
81You may need to use \-DSMRSH_PATH=\e"\fIpath\fP\e"
82to adjust the default search path
83(defaults to ``/bin:/usr/bin:/usr/ucb'')
84and/or \-DSMRSH_CMDDIR=\e"\fIdir\fP\e"
85to change the default program directory
86(defaults to ``/usr/adm/sm.bin'').
87.SH FILES
88/usr/adm/sm.bin \- directory for restricted programs
89.SH SEE ALSO
90sendmail(8)
Note: See TracBrowser for help on using the repository browser.