System Administration Commands smrsh(1M)
NAME
smrsh - restricted shell for sendmail
SYNOPSIS
smrsh -c command
DESCRIPTION
The smrsh program is intended as a replacement for the sh
command in the prog mailer in sendmail(1M) configurationfiles. The smrsh program sharply limits commands that can be
run using the |program syntax of sendmail. This improvesoverall system security. smrsh limits the set of programs
that a programmer can execute, even if sendmail runs a pro-
gram without going through an alias or forward file.Briefly, smrsh limits programs to be in the directory
/var/adm/sm.bin, allowing system administrators to choose the set of acceptable commands. It also rejects any commandswith the characters: ,, <, >, |, ;, &, $, \r (RETURN), or \n
(NEWLINE) on the command line to prevent end run attacks. Initial pathnames on programs are stripped, so forwarding to /usr/ucb/vacation, /usr/bin/vacation, /home/server/mydir/bin/vacation, and vacation all actually forward to/var/adm/sm.bin/vacation.System administrators should be conservative about populat-
ing /var/adm/sm.bin. Reasonable additions are utilities such as vacation(1) and procmail. Never include any shell orshell-like program (for example, perl) in the sm.bin direc-
tory. This does not restrict the use of shell or perl scripsin the sm.bin directory (using the #! syntax); it simply
disallows the execution of arbitrary programs. OPTIONS The following options are supported:-c command Where command is a valid command, executes
command. FILES /var/adm/sm.bin directory for restricted programsATTRIBUTES
See attributes(5) for descriptions of the following attri-
butes:SunOS 5.11 Last change: 6 Nov 1998 1
System Administration Commands smrsh(1M)
____________________________________________________________
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
|_____________________________|_____________________________|
| Availability | SUNWcs, SUNWcs ||_____________________________|_____________________________|
SEE ALSO
sendmail(1M), , attributes(5)SunOS 5.11 Last change: 6 Nov 1998 2