SMRSH(8)                                                              SMRSH(8)


       smrsh - restricted shell for sendmail


       smrsh -c command


       The  smrsh  program  is intended as a replacement for sh for use in the
       ‘‘prog’’ mailer in sendmail(8) configuration files.  It sharply  limits
       the  commands that can be run using the ‘‘|program’’ syntax of sendmail
       in order to improve the over all security  of  your  system.   Briefly,
       even  if  a ‘‘bad guy’’ can get sendmail to run a program without going
       through an alias or forward file, smrsh limits the set of programs that
       he or she can execute.

       Briefly,  smrsh limits programs to be in a single directory, by default
       /etc/smrsh, allowing the system administrator  to  choose  the  set  of
       acceptable  commands,  and  to  the  shell  builtin  commands ‘‘exec’’,
       ‘‘exit’’, and ‘‘echo’’.  It also rejects any commands with the  charac-
       ters ‘`’, ‘<’, ‘>’, ‘;’, ‘$’, ‘(’, ‘)’, ‘\r’ (carriage return), or ‘\n’
       (newline) on the command line  to  prevent  ‘‘end  run’’  attacks.   It
       allows   ‘‘||’’   and   ‘‘&&’’   to   enable  commands  like:  ‘‘"|exec
       /usr/local/bin/filter || exit 75"’’

       Initial  pathnames  on  programs  are  stripped,   so   forwarding   to
       ‘‘/usr/ucb/vacation’’,                           ‘‘/usr/bin/vacation’’,
       ‘‘/home/server/mydir/bin/vacation’’, and ‘‘vacation’’ all actually for-
       ward to ‘‘/etc/smrsh/vacation’’.

       System  administrators  should  be  conservative  about  populating the
       /etc/smrsh directory.  For example, a  reasonable  additions  is  vaca-
       tion(1),  and  the  like.   No matter how brow-beaten you may be, never
       include any shell or  shell-like  program  (such  as  perl(1))  in  the
       /etc/smrsh  directory.   Note  that  this  does not restrict the use of
       shell or perl scripts in the sm.bin directory (using  the  ‘‘#!’’  syn-
       tax);  it  simply  disallows  execution  of  arbitrary programs.  Also,
       including mail filtering programs such as procmail(1)  is  a  very  bad
       idea.   procmail(1)  allows  users  to  run arbitrary programs in their


       /etc/smrsh - directory for restricted programs



                         $Date: 2004/08/06 03:55:35 $                 SMRSH(8)

Man(1) output converted with man2html