smrsh(1M) smrsh(1M)
NAME
smrsh - restricted shell for sendmail
SYNOPSIS
command
DESCRIPTION
The program is intended as a replacement for for use in the mailer in configuration files. It sharply limits the commands that can be run
using the syntax of in order to improve the overall security of your system. Briefly, even if a ``bad guy'' can get to run a program with-
out going through an alias or forward file, limits the set of programs that he or she can execute.
Briefly, limits programs to be in the directory allowing the system administrator to choose the set of acceptable commands. It also
rejects any commands with the characters (carriage return), and (newline) on the command line to prevent ``end run'' attacks.
Initial pathnames on programs are stripped, so forwarding to and all actually forward to
System administrators should be conservative about populating Reasonable additions are and Do not include any shell or shell-like program
(such as in the directory. Note that this does not restrict the use of shell or perl scripts in the directory (using the syntax); it sim-
ply disallows execution of arbitrary programs.
FILES
Directory for restricted programs
SEE ALSO
sendmail(1M).
smrsh(1M)
