smrsh.1m (2010 09)
s
smrsh(1M) smrsh(1M)
NAME
smrsh - restricted shell for sendmail
SYNOPSIS
smrsh -c command
DESCRIPTION
The
smrsh program is intended as a replacement for
sh for use in the prog mailer in sendmail
configuration files. It sharply limits the commands that can be run using the
|program syntax of
sendmail in order to improve the overall security of your system. Briefly, even if a ‘‘bad guy’’ can get
sendmail to run a program without going through an alias or forward file,
smrsh limits the set of pro-
grams that he or she can execute.
Briefly,
smrsh limits programs to be in the directory
/var/adm/sm.bin
, allowing the system adminis-
trator to choose the set of acceptable commands. It also rejects any commands with the characters
\, <,
>, |, ;, &
, $, (, ), \r (carriage return), and \n (newline) on the command line to prevent ‘‘end run’’
attacks.
Initial pathnames on programs are stripped, so forwarding to
/usr/ucb/vacation
,
/usr/bin/vacation
, /home/server/mydir/bin/vacation
, and vacation all actually for-
ward to
/var/adm/sm.bin/vacation
.
System administrators should be conservative about populating
/var/adm/sm.bin. Reasonable addi-
tions are
vacation and rmail. Do not include any shell or shell-like program (such as perl
) in the
sm.bin directory. Note that this does not restrict the use of shell or perl scripts in the
sm.bin direc-
tory (using the
#! syntax); it simply disallows execution of arbitrary programs.
FILES
/var/adm/sm.bin Directory for restricted programs
SEE ALSO
sendmail(1M).
HP-UX 11i Version 3: September 2010 − 1 − Hewlett-Packard Company 1