Mercurial Mercurial > upstream > oracle > userland-gate / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/sendmail/files/man/smrsh.8
changeset 5566 9009ada25177
parent 3649 4006eaaa7d29
child 7820 a2b9a7de9e1a
equal deleted inserted replaced
5565:f678cc44b3d0 5566:9009ada25177 
       
     1 '\" te
 
       
     2 .\" Copyright (c) 1983 Eric P. Allman
 
       
     3 .\" Copyright (c) 1988, 1993 The Regents of the University of California.  All rights reserved.
 
       
     4 .\" Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright    notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright    notice, this list of conditions and the following disclaimer in the    documentation and/or other materials provided with the distribution. 3. All advertising materials mentioning features or use of this software    must display the following acknowledgement: This product includes software developed by the University of California, Berkeley and its contributors. 4. Neither the name of the University nor the names of its contributors    may be used to endorse or promote products derived from this software    without specific prior written permission.  THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
       
     5 .\" Copyright (c) 1998-2006, 2008 Sendmail, Inc. and its suppliers.  All rights reserved.
 
       
     6 .\" The following license terms and conditions apply, unless a different license is obtained from Sendmail, Inc., 6425 Christie Ave, Fourth Floor, Emeryville, CA 94608, USA, or by electronic mail at [email protected].  License Terms:  Use, Modification and Redistribution (including distribution of any modified or derived work) in source and binary forms is permitted only if each of the following conditions is met:  1. Redistributions qualify as "freeware" or "Open Source Software" under    one of the following terms:     (a) Redistributions are made at no charge beyond the reasonable cost of        materials and delivery.     (b) Redistributions are accompanied by a copy of the Source Code or by an        irrevocable offer to provide a copy of the Source Code for up to three       years at the cost of materials and delivery.  Such redistributions        must allow further use, modification, and redistribution of the Source       Code under substantially the same terms as this license.  For the        purposes of redistribution "Source Code" means the complete compilable       and linkable source code of sendmail including all modifications.  2. Redistributions of source code must retain the copyright notices as they    appear in each source code file, these license terms, and the    disclaimer/limitation of liability set forth as paragraph 6 below.  3. Redistributions in binary form must reproduce the Copyright Notice,    these license terms, and the disclaimer/limitation of liability set    forth as paragraph 6 below, in the documentation and/or other materials    provided with the distribution.  For the purposes of binary distribution    the "Copyright Notice" refers to the following language:    "Copyright (c) 1998-2004 Sendmail, Inc.  All rights reserved."  4. Neither the name of Sendmail, Inc. nor the University of California nor    the names of their contributors may be used to endorse or promote    products derived from this software without specific prior written    permission.  The name "sendmail" is a trademark of Sendmail, Inc.  5. All redistributions must comply with the conditions imposed by the    University of California on certain embedded code, whose copyright    notice and conditions for redistribution are as follows:     (a) Copyright (c) 1988, 1993 The Regents of the University of        California.  All rights reserved.     (b) Redistribution and use in source and binary forms, with or without        modification, are permitted provided that the following conditions        are met:        (i)   Redistributions of source code must retain the above copyright             notice, this list of conditions and the following disclaimer.        (ii)  Redistributions in binary form must reproduce the above             copyright notice, this list of conditions and the following             disclaimer in the documentation and/or other materials provided             with the distribution.        (iii) Neither the name of the University nor the names of its             contributors may be used to endorse or promote products derived             from this software without specific prior written permission. 6. Disclaimer/Limitation of Liability: THIS SOFTWARE IS PROVIDED BY    SENDMAIL, INC. AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED    WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF    MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN    NO EVENT SHALL SENDMAIL, INC., THE REGENTS OF THE UNIVERSITY OF    CALIFORNIA OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,    INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT    NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF    USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON    ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT    (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF    THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
 
       
     7 .\" Portions Copyright (c) 2009, 2016, Oracle and/or its affiliates. All rights reserved.
 
       
     8 .TH smrsh 8 "8 Mar 2016" "SunOS 5.12" "System Administration Commands"
 
       
     9 .SH NAME
 
       
    10 smrsh \- restricted shell for sendmail
 
       
    11 .SH SYNOPSIS
 
       
    12 .LP
 
       
    13 .nf
 
       
    14 \fBsmrsh\fR \fB-c\fR \fIcommand\fR
 
       
    15 .fi
 
       
    16 
       
    17 .SH DESCRIPTION
 
       
    18 .sp
 
       
    19 .LP
 
       
    20 The \fBsmrsh\fR program is intended as a replacement for the \fBsh\fR command in the \fBprog\fR mailer in \fBsendmail\fR(8) configuration files. The \fBsmrsh\fR program sharply limits commands that can be run using the \fB|program\fR syntax of \fBsendmail\fR. This improves overall system security. \fBsmrsh\fR limits the set of programs that a programmer can execute, even if \fBsendmail\fR runs a program without going through an \fBalias\fR or \fBforward\fR file.
 
       
    21 .sp
 
       
    22 .LP
 
       
    23 Briefly, \fBsmrsh\fR limits programs to be in the directory \fB/var/adm/sm.bin\fR, allowing system administrators to choose the set of acceptable commands. It also rejects any commands with the characters: \fB,\fR, \fB<\fR, \fB>\fR, \fB|\fR, \fB;\fR, \fB&\fR, \fB$\fR, \fB\er\fR (RETURN), or \fB\en\fR (NEWLINE) on the command line to prevent end run attacks.
 
       
    24 .sp
 
       
    25 .LP
 
       
    26 Initial pathnames on programs are stripped, so forwarding to \fB/usr/bin/vacation\fR, \fB/home/server/mydir/bin/vacation\fR, and vacation all actually forward to \fB/var/adm/sm.bin/vacation\fR.
 
       
    27 .sp
 
       
    28 .LP
 
       
    29 System administrators should be conservative about populating \fB/var/adm/sm.bin\fR. Reasonable additions are utilities such as \fBvacation\fR(1) and \fBprocmail\fR. Never include any shell or shell-like program (for example, \fBperl\fR) in the \fBsm.bin\fR directory. This does not restrict the use of \fBshell\fR or \fBperl\fR scrips in the \fBsm.bin\fR directory (using the \fB#!\fR syntax); it simply disallows the execution of arbitrary programs.
 
       
    30 .SH OPTIONS
 
       
    31 .sp
 
       
    32 .LP
 
       
    33 The following options are supported:
 
       
    34 .sp
 
       
    35 .ne 2
 
       
    36 .mk
 
       
    37 .na
 
       
    38 \fB\fB-c\fR \fIcommand\fR\fR
 
       
    39 .ad
 
       
    40 .RS 14n
 
       
    41 .rt  
       
    42 Where \fIcommand\fR is a valid command, executes \fIcommand\fR.
 
       
    43 .RE
 
       
    44 
       
    45 .SH FILES
 
       
    46 .sp
 
       
    47 .ne 2
 
       
    48 .mk
 
       
    49 .na
 
       
    50 \fB\fB/var/adm/sm.bin\fR\fR
 
       
    51 .ad
 
       
    52 .RS 19n
 
       
    53 .rt  
       
    54 directory for restricted programs
 
       
    55 .RE
 
       
    56 
       
    57 .SH ATTRIBUTES
 
       
    58 .sp
 
       
    59 .LP
 
       
    60 See \fBattributes\fR(7) for descriptions of the following attributes:
 
       
    61 .sp
 
       
    62 
       
    63 .sp
 
       
    64 .TS
 
       
    65 tab() box;
 
       
    66 cw(2.75i) |cw(2.75i) 
       
    67 lw(2.75i) |lw(2.75i) 
       
    68 .
 
       
    69 ATTRIBUTE TYPEATTRIBUTE VALUE
 
       
    70 _
 
       
    71 Availabilityservice/network/smtp/sendmail
 
       
    72 .TE
 
       
    73 
       
    74 .SH SEE ALSO
 
       
    75 .sp
 
       
    76 .LP
 
       
    77 \fBattributes\fR(7), \fBsendmail\fR(8)
upstream/oracle/userland-gate