summaryrefslogtreecommitdiff
path: root/gnu/usr.sbin
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/usr.sbin')
-rw-r--r--gnu/usr.sbin/sendmail/smrsh/smrsh.8125
1 files changed, 82 insertions, 43 deletions
diff --git a/gnu/usr.sbin/sendmail/smrsh/smrsh.8 b/gnu/usr.sbin/sendmail/smrsh/smrsh.8
index 15ffdb833b6..8e51659adad 100644
--- a/gnu/usr.sbin/sendmail/smrsh/smrsh.8
+++ b/gnu/usr.sbin/sendmail/smrsh/smrsh.8
@@ -9,72 +9,111 @@
.\" the sendmail distribution.
.\"
.\"
+.\" $OpenBSD: smrsh.8,v 1.5 2001/01/17 05:26:51 millert Exp $
.\" $Sendmail: smrsh.8,v 8.11.16.2 2000/12/15 19:50:46 gshapiro Exp $
.\"
-.TH SMRSH 8 "$Date: 2001/01/17 04:53:19 $"
-.SH NAME
-smrsh \- restricted shell for sendmail
-.SH SYNOPSIS
-.B smrsh
-.B \-c
-command
-.SH DESCRIPTION
+.Dd December 15, 2000
+.Dt SMRSH 8
+.Os
+.Sh NAME
+.Nm smrsh
+.Nd restricted shell for sendmail
+.Sh SYNOPSIS
+.Nm smrsh
+.Fl c Ar command
+.Sh DESCRIPTION
The
-.I smrsh
+.Nm smrsh
program is intended as a replacement for
-.I sh
-for use in the ``prog'' mailer in
-.IR sendmail (8)
+.Pa /bin/sh
+for use in the
+.Dq prog
+mailer in
+.Xr sendmail 8
configuration files.
It sharply limits the commands that can be run using the
-``|program'' syntax of
-.I sendmail
-in order to improve the over all security of your system.
-Briefly, even if a ``bad guy'' can get sendmail to run a program
+.Dq |program
+syntax of
+.Xr sendmail 8
+in order to improve the overall security of your system.
+Briefly, even if a
+.Dq bad guy
+can get sendmail to run a program
without going through an alias or forward file,
-.I smrsh
+.Nm smrsh
limits the set of programs that he or she can execute.
-.PP
+.Pp
Briefly,
-.I smrsh
-limits programs to be in a single directory,
-by default
-/usr/libexec/sm.bin,
+.Nm smrsh
+limits programs to be in a single directory, by default
+.Pa /usr/libexec/sm.bin ,
allowing the system administrator to choose the set of acceptable commands,
-and to the shell builtin commands ``exec'', ``exit'', and ``echo''.
+and the shell builtin commands
+.Dq exec ,
+.Dq exit ,
+and
+.Dq echo .
It also rejects any commands with the characters
-`\`', `<', `>', `;', `$', `(', `)', `\er' (carriage return),
-or `\en' (newline)
-on the command line to prevent ``end run'' attacks.
-It allows ``||'' and ``&&'' to enable commands like:
-``"|exec /usr/local/bin/procmail -f- /etc/procmailrcs/user || exit 75"''
-.PP
+.Sq \e ,
+.Sq < ,
+.Sq > ,
+.So
+;
+.Sc ,
+.Sq $ ,
+.So
+(
+.Sc ,
+.So
+)
+.Sc ,
+.Sq \er
+(carriage return), or
+.Sq \en
+(newline) on the command line to prevent
+.Dq end run
+attacks.
+It allows
+.Dq ||
+and
+.Dq &&
+to enable commands like:
+.Bd -literal -compact -offset "XXXX"
+.Qq "|exec /usr/local/bin/procmail -f- /etc/procmailrcs/user || exit 75"
+.Ed
+.Pp
Initial pathnames on programs are stripped,
-so forwarding to ``/usr/ucb/vacation'',
-``/usr/bin/vacation'',
-``/home/server/mydir/bin/vacation'',
+so forwarding to
+.Pa /usr/ucb/vacation ,
+.Pa /usr/bin/vacation ,
+.Pa /home/server/mydir/bin/vacation ,
and
-``vacation''
+.Pa vacation
all actually forward to
-``/usr/libexec/sm.bin/vacation''.
-.PP
+.Pa /usr/libexec/sm.bin/vacation .
+.Pp
System administrators should be conservative about populating
the sm.bin directory.
Reasonable additions are
-.IR vacation (1),
-.IR procmail (1),
+.Xr vacation 1 ,
+.Xr procmail 1 ,
and the like.
No matter how brow-beaten you may be,
never include any shell or shell-like program
(such as
-.IR perl (1))
+.Xr perl 1 )
in the
sm.bin
directory.
Note that this does not restrict the use of shell or perl scripts
-in the sm.bin directory (using the ``#!'' syntax);
+in the sm.bin directory (using the
+.Dq #!
+syntax);
it simply disallows execution of arbitrary programs.
-.SH FILES
-/usr/libexec/sm.bin \- directory for restricted programs
-.SH SEE ALSO
-sendmail(8)
+.Sh FILES
+.Bl -tag -width "/usr/libexec/sm.bin" -compact
+.It Pa /usr/libexec/sm.bin
+directory for restricted programs
+.El
+.Sh SEE ALSO
+.Xr sendmail 8