NAME
smrsh — restricted shell for sendmail
DESCRIPTION
The
smrsh
program is intended as a replacement for
sh
for use in the
prog
mailer in
sendmail
configuration files.
It sharply limits the commands that can be run using the
|program
syntax of
sendmail
in order to improve the overall security of your system.
Briefly, even if a ``bad guy'' can get
sendmail
to run a program
without going through an alias or forward file,
smrsh
limits the set of programs that he or she can execute.
Briefly,
smrsh
limits programs to be in the directory
/var/adm/sm.bin,
allowing the system administrator to choose the set of acceptable commands.
It also rejects any commands with the characters
\,
<,
>,
|,
;,
&,
$,
(,
),
\r
(carriage return), and
\n
(newline)
on the command line to prevent ``end run'' attacks.
Initial pathnames on programs are stripped,
so forwarding to
/usr/ucb/vacation,
/usr/bin/vacation,
/home/server/mydir/bin/vacation,
and
vacation
all actually forward to
/var/adm/sm.bin/vacation.
System administrators should be conservative about populating
/var/adm/sm.bin.
Reasonable additions are
vacation
and
rmail.
Do not include any shell or shell-like program
(such as
perl)
in the
sm.bin
directory.
Note that this does not restrict the use of shell or perl scripts
in the
sm.bin
directory (using the
#!
syntax);
it simply disallows execution of arbitrary programs.
FILES
- /var/adm/sm.bin
Directory for restricted programs
Printable version
