SMRSH(8)                                                 SMRSH(8)


NAME
       smrsh - restricted shell for sendmail



SYNOPSIS
       smrsh -c command

DESCRIPTION
       The  smrsh program is intended as a replacement for sh for
       use in the ``prog'' mailer  in  sendmail(8)  configuration
       files.   It  sharply  limits  the commands that can be run
       using the ``|program'' syntax  of  sendmail  in  order  to
       improve  the  over  all security of your system.  Briefly,
       even if a ``bad guy'' can get sendmail to  run  a  program
       without going through an alias or forward file, smrsh lim-
       its the set of programs that he or she can execute.

       Briefly, smrsh limits programs  to  be  in  the  directory
       /usr/libexec/sm.bin,  allowing the system administrator to
       choose the set of acceptable commands.   It  also  rejects
       any  commands with the characters ``', `<', `>', `|', `;',
       `&', `$', `(', `)', `\r' (carriage return), or `\n'  (new-
       line)  on the command line to prevent ``end run'' attacks.

       Initial pathnames on programs are stripped, so  forwarding
       to      ``/usr/ucb/vacation'',      ``/usr/bin/vacation'',
       ``/home/server/mydir/bin/vacation'', and ``vacation''  all
       actually forward to ``/usr/libexec/sm.bin/vacation''.

       System  administrators  should be conservative about popu-
       lating  /usr/libexec/sm.bin.   Reasonable  additions   are
       vacation(1),  procmail(1),  and  the  like.  No matter how
       brow-beaten you may be, never include any shell or  shell-
       like  program  (such  as perl(1)) in the sm.bin directory.
       Note that this does not restrict the use of shell or  perl
       scripts in the sm.bin directory (using the ``#!'' syntax);
       it simply disallows execution of arbitrary programs.

FILES
       /usr/libexec/sm.bin - directory for restricted programs

SEE ALSO
       sendmail(8)















                             11/02/93                           1