HP-UX Mailing Services Administrator's Guide (B2355-91064)
Using the Sendmail Restricted Shell Program
Sendmail allows the aliases file or a user’s .forward file to specify programs to be
run. These programs are by default invoked through /usr/bin/sh -c. The Sendmail
restricted shell (smrsh) program enables you to restrict the programs that can be run
through the aliases file or through a .forward file; only programs that are linked
to the /var/adm/sm.bin directory can be invoked.
To use the smrsh program, complete the following steps:
1. In the /etc/mail/sendmail.cf file, comment the following lines by inserting
a pound sign (#) before each line:
# Mprog, P=/usr/bin/sh, F=lsDFMoeu, S=10/30, R=20/40, D=$z:/,
# T=X-Unix,
# A=sh -c $u
2. In the /etc/mail/sendmail.cf file, uncomment the following lines by deleting
the pound sign (#) before each line:
Mprog, P=/usr/bin/smrsh, F=lsDFMoeu, S=10/30, R=20/40, D=$z:/,
T=X-Unix,
A=smrsh -c $u
3. Create the directory /var/adm/sm.bin/ with root:bin ownership and 755
permissions. Place the binaries of the programs that you want to allow into this
directory. Typically, programs such as vacation, rmail, and AutoReply are
placed in this directory. (You can also specify hard links to the binaries.) Do not
place shells such as ksh, sh, csh, and perl in this directory because they have
too many security issues.
Turning Off Standard Security Checks
Sendmail has security checks that limit reading and writing to certain files in a directory.
These checks protect files that may reside in unsafe directories or that may be tampered
with by users other than the owner. You can turn these safety checks off by editing the
DontBlameSendmail option in the configuration file.
In the sendmail.cf file, change DontBlameSendmail=option value, where
option value is any of the options listed in Table 2-4. The default option value is
safe. After you change option value, the new value becomes the default value.
Security 73