HP-UX Reference (11i v3 07/02) - 1M System Administration Commands N-Z (vol 4)

s
smrsh(1M) smrsh(1M)
NAME
smrsh - restricted shell for sendmail
SYNOPSIS
smrsh -c command
DESCRIPTION
The smrsh program is intended as a replacement for
sh for use in the prog mailer in sendmail
configuration files. It sharply limits the commands that can be run using the
|program syntax of send-
mail
in order to improve the overall security of your system. Briefly, even if a ‘‘bad guy’’ can get
send-
mail
to run a program without going through an alias or forward file,
smrsh limits the set of programs
that he or she can execute.
Briefly,
smrsh limits programs to be in the directory
/var/adm/sm.bin
, allowing the system adminis-
trator to choose the set of acceptable commands. It also rejects any commands with the characters
\, <, >,
|, ;, &, $
, (, ), \r (carriage return), and \n (newline) on the command line to prevent ‘‘end run’’
attacks.
Initial pathnames on programs are stripped, so forwarding to
/usr/ucb/vacation
,
/usr/bin/vacation
, /home/server/mydir/bin/vacation, and
vacation all actually for-
ward to
/var/adm/sm.bin/vacation
.
System administrators should be conservative about populating
/var/adm/sm.bin. Reasonable addi-
tions are
vacation and rmail. Do not include any shell or shell-like program (such as perl
) in the
sm.bin directory. Note that this does not restrict the use of shell or perl scripts in the
sm.bin directory
(using the
#! syntax); it simply disallows execution of arbitrary programs.
FILES
/var/adm/sm.bin Directory for restricted programs
SEE ALSO
sendmail(1M).
396 Hewlett-Packard Company 1 HP-UX 11i Version 3: February 2007