*nix Documentation Project
·  Home
 +   man pages
·  Linux HOWTOs
·  FreeBSD Tips
·  *niX Forums

  man pages->HP-UX 11i man pages -> smrsh (1m)              
Title
Content
Arch
Section
 

Contents


 smrsh(1M)                                                         smrsh(1M)




 NAME    [Toc]    [Back]
      smrsh - restricted shell for sendmail

 SYNOPSIS    [Toc]    [Back]
      smrsh -c command

 DESCRIPTION    [Toc]    [Back]
      The smrsh program is intended as a replacement for sh for use in the
      prog mailer in sendmail configuration files.  It sharply limits the
      commands that can be run using the |program syntax of sendmail in
      order to improve the overall security of your system.  Briefly, even
      if a ``bad guy'' can get sendmail to run a program without going
      through an alias or forward file, smrsh limits the set of programs
      that he or she can execute.

      Briefly, smrsh limits programs to be in the directory /var/adm/sm.bin,
      allowing the system administrator to choose the set of acceptable
      commands.  It also rejects any commands with the characters \, <, >,
      |, ;, &, $, (, ), \r (carriage return), and \n (newline) on the
      command line to prevent ``end run'' attacks.

      Initial pathnames on programs are stripped, so forwarding to
      /usr/ucb/vacation, /usr/bin/vacation, /home/server/mydir/bin/vacation,
      and vacation all actually forward to /var/adm/sm.bin/vacation.

      System administrators should be conservative about populating
      /var/adm/sm.bin.  Reasonable additions are vacation and rmail.  Do not
      include any shell or shell-like program (such as perl) in the sm.bin
      directory.  Note that this does not restrict the use of shell or perl
      scripts in the sm.bin directory (using the #!  syntax); it simply
      disallows execution of arbitrary programs.

 FILES    [Toc]    [Back]
      /var/adm/sm.bin               Directory for restricted programs

 SEE ALSO    [Toc]    [Back]
      sendmail(1M).


 Hewlett-Packard Company            - 1 -   HP-UX 11i Version 2: August 2003
[ Back ]
      
      
 Similar pages
Name OS Title
ssh-dummy-shell Tru64 Restricted shell
rksh HP-UX shell, the standard/restricted command programming language
ksh HP-UX shell, the standard/restricted command programming language
sh IRIX a standard/restricted command and programming language
Safe IRIX Compile and execute code in restricted compartments
alias HP-UX standard and restricted POSIX.2-conformant command shells
jobs HP-UX standard and restricted POSIX.2-conformant command shells
fg HP-UX standard and restricted POSIX.2-conformant command shells
fc HP-UX standard and restricted POSIX.2-conformant command shells
bg HP-UX standard and restricted POSIX.2-conformant command shells
Copyright © 2004-2005 DeniX Solutions SRL
newsletter delivery service