1SMRSH(8)                    System Manager's Manual                   SMRSH(8)
2
3
4

NAME

6       smrsh - restricted shell for sendmail
7

SYNOPSIS

9       smrsh -c command
10

DESCRIPTION

12       The  smrsh  program  is intended as a replacement for sh for use in the
13       ``prog'' mailer in sendmail(8) configuration files.  It sharply  limits
14       the  commands that can be run using the ``|program'' syntax of sendmail
15       in order to improve the over all security  of  your  system.   Briefly,
16       even  if  a ``bad guy'' can get sendmail to run a program without going
17       through an alias or forward file, smrsh limits the set of programs that
18       he or she can execute.
19
20       Briefly,  smrsh limits programs to be in a single directory, by default
21       /etc/smrsh, allowing the system administrator  to  choose  the  set  of
22       acceptable  commands,  and  to  the  shell  builtin  commands ``exec'',
23       ``exit'', and ``echo''.  It also rejects any commands with the  charac‐
24       ters ``', `<', `>', `;', `$', `(', `)', `\r' (carriage return), or `\n'
25       (newline) on the command line  to  prevent  ``end  run''  attacks.   It
26       allows   ``||''   and   ``&&''   to   enable  commands  like:  ``"|exec
27       /usr/local/bin/filter || exit 75"''
28
29       Initial  pathnames  on  programs  are  stripped,   so   forwarding   to
30       ``/usr/ucb/vacation'',                           ``/usr/bin/vacation'',
31       ``/home/server/mydir/bin/vacation'', and ``vacation'' all actually for‐
32       ward to ``/etc/smrsh/vacation''.
33
34       System  administrators  should  be  conservative  about  populating the
35       /etc/smrsh directory.  For example, a  reasonable  additions  is  vaca‐
36       tion(1),  and  the  like.   No matter how brow-beaten you may be, never
37       include any shell or  shell-like  program  (such  as  perl(1))  in  the
38       /etc/smrsh  directory.   Note  that  this  does not restrict the use of
39       shell or perl scripts in the sm.bin directory (using  the  ``#!''  syn‐
40       tax);  it  simply  disallows  execution  of  arbitrary programs.  Also,
41       including mail filtering programs such as procmail(1)  is  a  very  bad
42       idea.   procmail(1)  allows  users  to  run arbitrary programs in their
43       procmailrc(5).
44

FILES

46       /etc/smrsh - directory for restricted programs
47

SEE ALSO

49       sendmail(8)
50
51
52
53                         $Date: 2004/08/06 03:55:35 $                 SMRSH(8)
Impressum