1 | .\" Dummy comment to avoid confusing man |
---|
2 | .so /usr/athena/share/tmac/tmac.doc |
---|
3 | .\" Copyright (c) 1998-2001 Sendmail, Inc. and its suppliers. |
---|
4 | .\" All rights reserved. |
---|
5 | .\" Copyright (c) 1993 Eric P. Allman. All rights reserved. |
---|
6 | .\" Copyright (c) 1993 |
---|
7 | .\" The Regents of the University of California. All rights reserved. |
---|
8 | .\" |
---|
9 | .\" By using this file, you agree to the terms and conditions set |
---|
10 | .\" forth in the LICENSE file which can be found at the top level of |
---|
11 | .\" the sendmail distribution. |
---|
12 | .\" |
---|
13 | .\" |
---|
14 | .\" $Id: smrsh.8,v 1.4 2003-04-08 15:42:16 zacheiss Exp $ |
---|
15 | .\" |
---|
16 | .TH SMRSH 8 "$Date: 2003-04-08 15:42:16 $" |
---|
17 | .SH NAME |
---|
18 | smrsh \- restricted shell for sendmail |
---|
19 | .SH SYNOPSIS |
---|
20 | .B smrsh |
---|
21 | .B \-c |
---|
22 | command |
---|
23 | .SH DESCRIPTION |
---|
24 | The |
---|
25 | .I smrsh |
---|
26 | program is intended as a replacement for |
---|
27 | .I sh |
---|
28 | for use in the ``prog'' mailer in |
---|
29 | .IR sendmail (8) |
---|
30 | configuration files. |
---|
31 | It sharply limits the commands that can be run using the |
---|
32 | ``|program'' syntax of |
---|
33 | .I sendmail |
---|
34 | in order to improve the over all security of your system. |
---|
35 | Briefly, even if a ``bad guy'' can get sendmail to run a program |
---|
36 | without going through an alias or forward file, |
---|
37 | .I smrsh |
---|
38 | limits the set of programs that he or she can execute. |
---|
39 | .Pp |
---|
40 | Briefly, |
---|
41 | .I smrsh |
---|
42 | limits programs to be in a single directory, |
---|
43 | by default |
---|
44 | /usr/adm/sm.bin, |
---|
45 | allowing the system administrator to choose the set of acceptable commands, |
---|
46 | and to the shell builtin commands ``exec'', ``exit'', and ``echo''. |
---|
47 | It also rejects any commands with the characters |
---|
48 | `\`', `<', `>', `;', `$', `(', `)', `\er' (carriage return), |
---|
49 | or `\en' (newline) |
---|
50 | on the command line to prevent ``end run'' attacks. |
---|
51 | It allows ``||'' and ``&&'' to enable commands like: |
---|
52 | ``"|exec /usr/local/bin/procmail -f- /etc/procmailrcs/user || exit 75"'' |
---|
53 | .Pp |
---|
54 | Initial pathnames on programs are stripped, |
---|
55 | so forwarding to ``/usr/ucb/vacation'', |
---|
56 | ``/usr/bin/vacation'', |
---|
57 | ``/home/server/mydir/bin/vacation'', |
---|
58 | and |
---|
59 | ``vacation'' |
---|
60 | all actually forward to |
---|
61 | ``/usr/adm/sm.bin/vacation''. |
---|
62 | .Pp |
---|
63 | System administrators should be conservative about populating |
---|
64 | the sm.bin directory. |
---|
65 | Reasonable additions are |
---|
66 | .IR vacation (1), |
---|
67 | .IR procmail (1), |
---|
68 | and the like. |
---|
69 | No matter how brow-beaten you may be, |
---|
70 | never include any shell or shell-like program |
---|
71 | (such as |
---|
72 | .IR perl (1)) |
---|
73 | in the |
---|
74 | sm.bin |
---|
75 | directory. |
---|
76 | Note that this does not restrict the use of shell or perl scripts |
---|
77 | in the sm.bin directory (using the ``#!'' syntax); |
---|
78 | it simply disallows execution of arbitrary programs. |
---|
79 | .SH COMPILATION |
---|
80 | Compilation should be trivial on most systems. |
---|
81 | You may need to use \-DSMRSH_PATH=\e"\fIpath\fP\e" |
---|
82 | to adjust the default search path |
---|
83 | (defaults to ``/bin:/usr/bin:/usr/ucb'') |
---|
84 | and/or \-DSMRSH_CMDDIR=\e"\fIdir\fP\e" |
---|
85 | to change the default program directory |
---|
86 | (defaults to ``/usr/adm/sm.bin''). |
---|
87 | .SH FILES |
---|
88 | /usr/adm/sm.bin \- directory for restricted programs |
---|
89 | .SH SEE ALSO |
---|
90 | sendmail(8) |
---|