|
3649
|
1 |
'\" te
|
|
|
2 |
.\" Copyright (c) 1983 Eric P. Allman
|
|
|
3 |
.\" Copyright (c) 1988, 1993 The Regents of the University of California. All rights reserved.
|
|
|
4 |
.\" Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. All advertising materials mentioning features or use of this software must display the following acknowledgement: This product includes software developed by the University of California, Berkeley and its contributors. 4. Neither the name of the University nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
|
5 |
.\" Copyright (c) 1998-2006, 2008 Sendmail, Inc. and its suppliers. All rights reserved.
|
|
|
6 |
.\" The following license terms and conditions apply, unless a different license is obtained from Sendmail, Inc., 6425 Christie Ave, Fourth Floor, Emeryville, CA 94608, USA, or by electronic mail at [email protected]. License Terms: Use, Modification and Redistribution (including distribution of any modified or derived work) in source and binary forms is permitted only if each of the following conditions is met: 1. Redistributions qualify as "freeware" or "Open Source Software" under one of the following terms: (a) Redistributions are made at no charge beyond the reasonable cost of materials and delivery. (b) Redistributions are accompanied by a copy of the Source Code or by an irrevocable offer to provide a copy of the Source Code for up to three years at the cost of materials and delivery. Such redistributions must allow further use, modification, and redistribution of the Source Code under substantially the same terms as this license. For the purposes of redistribution "Source Code" means the complete compilable and linkable source code of sendmail including all modifications. 2. Redistributions of source code must retain the copyright notices as they appear in each source code file, these license terms, and the disclaimer/limitation of liability set forth as paragraph 6 below. 3. Redistributions in binary form must reproduce the Copyright Notice, these license terms, and the disclaimer/limitation of liability set forth as paragraph 6 below, in the documentation and/or other materials provided with the distribution. For the purposes of binary distribution the "Copyright Notice" refers to the following language: "Copyright (c) 1998-2004 Sendmail, Inc. All rights reserved." 4. Neither the name of Sendmail, Inc. nor the University of California nor the names of their contributors may be used to endorse or promote products derived from this software without specific prior written permission. The name "sendmail" is a trademark of Sendmail, Inc. 5. All redistributions must comply with the conditions imposed by the University of California on certain embedded code, whose copyright notice and conditions for redistribution are as follows: (a) Copyright (c) 1988, 1993 The Regents of the University of California. All rights reserved. (b) Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: (i) Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. (ii) Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. (iii) Neither the name of the University nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. 6. Disclaimer/Limitation of Liability: THIS SOFTWARE IS PROVIDED BY SENDMAIL, INC. AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL SENDMAIL, INC., THE REGENTS OF THE UNIVERSITY OF CALIFORNIA OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
|
|
|
7 |
.\" Portions Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved.
|
|
|
8 |
.TH smrsh 1M "28 Oct 2014" "SunOS 5.12" "System Administration Commands"
|
|
|
9 |
.SH NAME
|
|
|
10 |
smrsh \- restricted shell for sendmail
|
|
|
11 |
.SH SYNOPSIS
|
|
|
12 |
.LP
|
|
|
13 |
.nf
|
|
|
14 |
\fBsmrsh\fR \fB-c\fR \fIcommand\fR
|
|
|
15 |
.fi
|
|
|
16 |
|
|
|
17 |
.SH DESCRIPTION
|
|
|
18 |
.sp
|
|
|
19 |
.LP
|
|
|
20 |
The \fBsmrsh\fR program is intended as a replacement for the \fBsh\fR command in the \fBprog\fR mailer in \fBsendmail\fR(1M) configuration files. The \fBsmrsh\fR program sharply limits commands that can be run using the \fB|program\fR syntax of \fBsendmail\fR. This improves overall system security. \fBsmrsh\fR limits the set of programs that a programmer can execute, even if \fBsendmail\fR runs a program without going through an \fBalias\fR or \fBforward\fR file.
|
|
|
21 |
.sp
|
|
|
22 |
.LP
|
|
|
23 |
Briefly, \fBsmrsh\fR limits programs to be in the directory \fB/var/adm/sm.bin\fR, allowing system administrators to choose the set of acceptable commands. It also rejects any commands with the characters: \fB,\fR, \fB<\fR, \fB>\fR, \fB|\fR, \fB;\fR, \fB&\fR, \fB$\fR, \fB\er\fR (RETURN), or \fB\en\fR (NEWLINE) on the command line to prevent end run attacks.
|
|
|
24 |
.sp
|
|
|
25 |
.LP
|
|
|
26 |
Initial pathnames on programs are stripped, so forwarding to \fB/usr/bin/vacation\fR, \fB/home/server/mydir/bin/vacation\fR, and vacation all actually forward to \fB/var/adm/sm.bin/vacation\fR.
|
|
|
27 |
.sp
|
|
|
28 |
.LP
|
|
|
29 |
System administrators should be conservative about populating \fB/var/adm/sm.bin\fR. Reasonable additions are utilities such as \fBvacation\fR(1) and \fBprocmail\fR. Never include any shell or shell-like program (for example, \fBperl\fR) in the \fBsm.bin\fR directory. This does not restrict the use of \fBshell\fR or \fBperl\fR scrips in the \fBsm.bin\fR directory (using the \fB#!\fR syntax); it simply disallows the execution of arbitrary programs.
|
|
|
30 |
.SH OPTIONS
|
|
|
31 |
.sp
|
|
|
32 |
.LP
|
|
|
33 |
The following options are supported:
|
|
|
34 |
.sp
|
|
|
35 |
.ne 2
|
|
|
36 |
.mk
|
|
|
37 |
.na
|
|
|
38 |
\fB\fB-c\fR \fIcommand\fR\fR
|
|
|
39 |
.ad
|
|
|
40 |
.RS 14n
|
|
|
41 |
.rt
|
|
|
42 |
Where \fIcommand\fR is a valid command, executes \fIcommand\fR.
|
|
|
43 |
.RE
|
|
|
44 |
|
|
|
45 |
.SH FILES
|
|
|
46 |
.sp
|
|
|
47 |
.ne 2
|
|
|
48 |
.mk
|
|
|
49 |
.na
|
|
|
50 |
\fB\fB/var/adm/sm.bin\fR\fR
|
|
|
51 |
.ad
|
|
|
52 |
.RS 19n
|
|
|
53 |
.rt
|
|
|
54 |
directory for restricted programs
|
|
|
55 |
.RE
|
|
|
56 |
|
|
|
57 |
.SH ATTRIBUTES
|
|
|
58 |
.sp
|
|
|
59 |
.LP
|
|
|
60 |
See \fBattributes\fR(5) for descriptions of the following attributes:
|
|
|
61 |
.sp
|
|
|
62 |
|
|
|
63 |
.sp
|
|
|
64 |
.TS
|
|
|
65 |
tab(�) box;
|
|
|
66 |
cw(2.75i) |cw(2.75i)
|
|
|
67 |
lw(2.75i) |lw(2.75i)
|
|
|
68 |
.
|
|
|
69 |
ATTRIBUTE TYPE�ATTRIBUTE VALUE
|
|
|
70 |
_
|
|
|
71 |
Availability�service/network/smtp/sendmail
|
|
|
72 |
.TE
|
|
|
73 |
|
|
|
74 |
.SH SEE ALSO
|
|
|
75 |
.sp
|
|
|
76 |
.LP
|
|
|
77 |
\fBsendmail\fR(1M), , \fBattributes\fR(5)
|