smrsh Command

Purpose

Restricted shell for sendmail.

Syntax

smrsh -c command

Description

The smrsh command is intended as a replacement for the sh command in the prog mailer in sendmail configuration files. The smrsh command limits the programs that can be run using the sendmail command syntax. This improves overall system security. smrsh limits the set of programs that a programmer can execute, even if sendmail runs a program without going through an alias or forward file.

The smrsh command requires that programs be in the /var/adm/sm.bin directory. This allows system administrators to choose which programs can be run by the smrsh command. The smrsh command also rejects any commands with the following characters on the command line to prevent end-run attacks: ,, <, >, |, ;, &, $, \r (<RETURN>), or \n (<NEWLINE>) on the command line to prevent end run attacks.

,
<
>
|
;
&
$
\r (<RETURN>)
or \n (<NEWLINE>)

Initial pathnames on programs are stripped, so forwarding to /usr/ucb/vacation, /usr/bin/vacation, /home/server/mydir/bin/vacation, and vacation all actually forward to /var/adm/sm.bin/vacation. System administrators should be conservative about populating /var/adm/sm.bin. Reasonable additions are utilities such as vacation(1) and procmail. Never include any shell or shell-like programs (for example, perl) in the sm.bin directory. This does not allow the execution of arbitrary programs, but does not restrict the use of shell or perl scripts in the sm.bin directory (using the #! syntax).

Flags

-c command: Runs the program specified by command.

Location

/usr/sbin/smrsh: Default location of smrsh command.

Files

/var/adm/sm.bin: Directory for restricted programs.