icon Top 9 categories map      RocketAware > man pages >


Tips: Browse or Search all pages for efficient awareness of more than 6000 of the most popular reusable and open source applications, functions, libraries, and FAQs.

The "RKT couplings" below include links to source code, updates, additional information, advice, FAQs, and overviews.


Search all pages


By activity
Professions, Sciences, Humanities, Business, ...

User Interface
Text-based, GUI, Audio, Video, Keyboards, Mouse, Images,...

Text Strings
Conversions, tests, processing, manipulation,...

Integer, Floating point, Matrix, Statistics, Boolean, ...

Algorithms, Memory, Process control, Debugging, ...

Stored Data
Data storage, Integrity, Encryption, Compression, ...

Networks, protocols, Interprocess, Remote, Client Server, ...

Hard World
Timing, Calendar and Clock, Audio, Video, Printer, Controls...

File System
Management, Filtering, File & Directory access, Viewers, ...


RocketLink!--> Man page versions: OpenBSD FreeBSD NetBSD Others

SMRSH(8)                                                 SMRSH(8)

       smrsh - restricted shell for sendmail

       smrsh -c command

       The  smrsh program is intended as a replacement for sh for
       use in the ``prog'' mailer  in  sendmail(8)  configuration
       files.   It  sharply  limits  the commands that can be run
       using the ``|program'' syntax  of  sendmail  in  order  to
       improve  the  over  all security of your system.  Briefly,
       even if a ``bad guy'' can get sendmail to  run  a  program
       without going through an alias or forward file, smrsh lim-
       its the set of programs that he or she can execute.

       Briefly, smrsh limits programs  to  be  in  the  directory
       /usr/libexec/sm.bin,  allowing the system administrator to
       choose the set of acceptable commands.   It  also  rejects
       any  commands with the characters ``', `<', `>', `|', `;',
       `&', `$', `(', `)', `\r' (carriage return), or `\n'  (new-
       line)  on the command line to prevent ``end run'' attacks.

       Initial pathnames on programs are stripped, so  forwarding
       to      ``/usr/ucb/vacation'',      ``/usr/bin/vacation'',
       ``/home/server/mydir/bin/vacation'', and ``vacation''  all
       actually forward to ``/usr/libexec/sm.bin/vacation''.

       System  administrators  should be conservative about popu-
       lating  /usr/libexec/sm.bin.   Reasonable  additions   are
       vacation(1),  procmail(1),  and  the  like.  No matter how
       brow-beaten you may be, never include any shell or  shell-
       like  program  (such  as perl(1)) in the sm.bin directory.
       Note that this does not restrict the use of shell or  perl
       scripts in the sm.bin directory (using the ``#!'' syntax);
       it simply disallows execution of arbitrary programs.

       /usr/libexec/sm.bin - directory for restricted programs


                             11/02/93                           1

Source: OpenBSD 2.6 man pages. Copyright: Portions are copyrighted by BERKELEY
SOFTWARE DESIGN, INC., The Regents of the University of California, Massachusetts
Institute of Technology, Free Software Foundation, FreeBSD Inc., and others.

(Corrections, notes, and links courtesy of RocketAware.com)

[Detailed Topics]
FreeBSD Sources for smrsh(8)
OpenBSD sources for smrsh(8)

[Overview Topics]

Up to: Email Server and Transport Agents - Electronic mail servers including delivery, routing, and transfer agents (MTAs), protocols (SMTP, POP, IMAP, -

RocketLink!--> Man page versions: OpenBSD FreeBSD NetBSD Others

Rapid-Links: Search | About | Comments | Submit Path: RocketAware > man pages > smrsh.8/
RocketAware.com is a service of Mib Software
Copyright 1999, Forrest J. Cavalier III. All Rights Reserved.
We welcome submissions and comments