smrsh(1M)                                                         smrsh(1M)




 NAME    [Toc]    [Back]
      smrsh - restricted shell for sendmail

 SYNOPSIS    [Toc]    [Back]
      smrsh -c command

 DESCRIPTION    [Toc]    [Back]
      The smrsh program is intended as a replacement for sh for use in the
      prog mailer in sendmail configuration files.  It sharply limits the
      commands that can be run using the |program syntax of sendmail in
      order to improve the overall security of your system.  Briefly, even
      if a ``bad guy'' can get sendmail to run a program without going
      through an alias or forward file, smrsh limits the set of programs
      that he or she can execute.

      Briefly, smrsh limits programs to be in the directory /var/adm/sm.bin,
      allowing the system administrator to choose the set of acceptable
      commands.  It also rejects any commands with the characters \, <, >,
      |, ;, &, $, (, ), \r (carriage return), and \n (newline) on the
      command line to prevent ``end run'' attacks.

      Initial pathnames on programs are stripped, so forwarding to
      /usr/ucb/vacation, /usr/bin/vacation, /home/server/mydir/bin/vacation,
      and vacation all actually forward to /var/adm/sm.bin/vacation.

      System administrators should be conservative about populating
      /var/adm/sm.bin.  Reasonable additions are vacation and rmail.  Do not
      include any shell or shell-like program (such as perl) in the sm.bin
      directory.  Note that this does not restrict the use of shell or perl
      scripts in the sm.bin directory (using the #!  syntax); it simply
      disallows execution of arbitrary programs.

 FILES    [Toc]    [Back]
      /var/adm/sm.bin               Directory for restricted programs

 SEE ALSO    [Toc]    [Back]
      sendmail(1M).


 Hewlett-Packard Company            - 1 -   HP-UX 11i Version 2: August 2003