smrsh - restricted shell for sendmail
smrsh -c command
The smrsh program is intended as a replacement for sh for use in the ``prog'' mailer in
sendmail(8) configuration files. It sharply limits the commands that can be run using the
``|program'' syntax of sendmail in order to improve the over all security of your system.
Briefly, even if a ``bad guy'' can get sendmail to run a program without going through an
alias or forward file, smrsh limits the set of programs that he or she can execute.
Briefly, smrsh limits programs to be in a single directory, by default /etc/smrsh, allow-
ing the system administrator to choose the set of acceptable commands, and to the shell
builtin commands ``exec'', ``exit'', and ``echo''. It also rejects any commands with the
characters ``', `<', `>', `;', `$', `(', `)', `\r' (carriage return), or `\n' (newline) on
the command line to prevent ``end run'' attacks. It allows ``||'' and ``&&'' to enable
commands like: ``"|exec /usr/local/bin/procmail -f- /etc/procmailrcs/user || exit 75"''
Initial pathnames on programs are stripped, so forwarding to ``/usr/ucb/vacation'',
``/usr/bin/vacation'', ``/home/server/mydir/bin/vacation'', and ``vacation'' all actually
forward to ``/etc/smrsh/vacation''.
System administrators should be conservative about populating the /etc/smrsh directory.
Reasonable additions are vacation(1), procmail(1), and the like. No matter how brow-
beaten you may be, never include any shell or shell-like program (such as perl(1)) in the
/etc/smrsh directory. Note that this does not restrict the use of shell or perl scripts
in the sm.bin directory (using the ``#!'' syntax); it simply disallows execution of arbi-
/etc/smrsh - directory for restricted programs
$Date: 2002/04/25 13:33:40 $ SMRSH(8)