SMRSH(8) OpenBSD System Manager's Manual SMRSH(8)NAMEsmrsh - restricted shell for sendmail
SYNOPSISsmrsh-c command
DESCRIPTION
The smrsh program is intended as a replacement for /bin/sh for use in the
``prog'' mailer in sendmail(8) configuration files. It sharply limits
the commands that can be run using the ``|program'' syntax of sendmail(8)
in order to improve the overall security of your system. Briefly, even
if a ``bad guy'' can get sendmail to run a program without going through
an alias or forward file, smrsh limits the set of programs that he or she
can execute.
Briefly, smrsh limits programs to be in a single directory, by default
/usr/libexec/sm.bin, allowing the system administrator to choose the set
of acceptable commands, and the shell built-in commands ``exec'',
``exit'', and ``echo''. It also rejects any commands with the characters
`\', `<', `>', `;', `$', `(', `)', `\r' (carriage return), or `\n'
(newline) on the command line to prevent ``end run'' attacks. It allows
``||'' and ``&&'' to enable commands like:
"|exec /usr/local/bin/filter || exit 75"
Initial pathnames on programs are stripped, so forwarding to
/usr/ucb/vacation, /usr/bin/vacation, /home/server/mydir/bin/vacation,
and vacation all actually forward to /usr/libexec/sm.bin/vacation.
System administrators should be conservative about populating the sm.bin
directory. For example, a reasonable additions is vacation(1) and the
like. No matter how brow-beaten you may be, never include any shell or
shell-like program (such as perl(1)) in the sm.bin directory. Note that
this does not restrict the use of shell or perl scripts in the sm.bin
directory (using the ``#!'' syntax); it simply disallows execution of
arbitrary programs. Also, including mail filtering programs such as
procmail is a very bad idea. procmail allows users to run arbitrary
programs in their procmailrc.
FILES
/usr/libexec/sm.bin directory for restricted programs
SEE ALSOsendmail(8)OpenBSD 4.9 September 23, 2010 OpenBSD 4.9
