SMRSH(8) Maintenance Commands and Procedures SMRSH(8)
smrsh - restricted shell for sendmail
smrsh -c command
The smrsh program is intended as a replacement for the sh command in
the prog mailer in sendmail(8) configuration files. The smrsh program
sharply limits commands that can be run using the |program syntax of
sendmail. This improves overall system security. smrsh limits the
set of programs that a programmer can execute, even if sendmail runs
a program without going through an alias or forward file.
Briefly, smrsh limits programs to be in the directory
/var/adm/sm.bin, allowing system administrators to choose the set of
acceptable commands. It also rejects any commands with the
characters: ,, <, >, |, ;, &, $, \r (RETURN), or \n (NEWLINE) on the
command line to prevent end run attacks.
Initial pathnames on programs are stripped, so forwarding to
/usr/ucb/vacation, /usr/bin/vacation,
/home/server/mydir/bin/vacation, and vacation all actually forward to
/var/adm/sm.bin/vacation.
System administrators should be conservative about populating
/var/adm/sm.bin. Reasonable additions are utilities such as
vacation(1) and procmail. Never include any shell or shell-like
program (for example, perl) in the sm.bin directory. This does not
restrict the use of shell or perl scrips in the sm.bin directory
(using the #! syntax); it simply disallows the execution of arbitrary
programs.
The following options are supported:
-c command
Where command is a valid command, executes command.
/var/adm/sm.bin
directory for restricted programs
attributes(7), sendmail(8)
June 20, 2021 SMRSH(8)
NAME
smrsh - restricted shell for sendmail
SYNOPSIS
smrsh -c command
DESCRIPTION
The smrsh program is intended as a replacement for the sh command in
the prog mailer in sendmail(8) configuration files. The smrsh program
sharply limits commands that can be run using the |program syntax of
sendmail. This improves overall system security. smrsh limits the
set of programs that a programmer can execute, even if sendmail runs
a program without going through an alias or forward file.
Briefly, smrsh limits programs to be in the directory
/var/adm/sm.bin, allowing system administrators to choose the set of
acceptable commands. It also rejects any commands with the
characters: ,, <, >, |, ;, &, $, \r (RETURN), or \n (NEWLINE) on the
command line to prevent end run attacks.
Initial pathnames on programs are stripped, so forwarding to
/usr/ucb/vacation, /usr/bin/vacation,
/home/server/mydir/bin/vacation, and vacation all actually forward to
/var/adm/sm.bin/vacation.
System administrators should be conservative about populating
/var/adm/sm.bin. Reasonable additions are utilities such as
vacation(1) and procmail. Never include any shell or shell-like
program (for example, perl) in the sm.bin directory. This does not
restrict the use of shell or perl scrips in the sm.bin directory
(using the #! syntax); it simply disallows the execution of arbitrary
programs.
OPTIONS
The following options are supported:
-c command
Where command is a valid command, executes command.
FILES
/var/adm/sm.bin
directory for restricted programs
SEE ALSO
attributes(7), sendmail(8)
June 20, 2021 SMRSH(8)