smrsh man page on QNX
Printed from http://www.polarhome.com/service/man/?qf=smrsh&af=0&tf=2&of=QNX

SMRSH(8)							      SMRSH(8)

NAME
       smrsh - restricted shell for sendmail

SYNOPSIS
       smrsh -c command

DESCRIPTION
       The  smrsh  program  is intended as a replacement for sh for use in the
       ``prog'' mailer in sendmail(8) configuration files.  It sharply	limits
       the  commands that can be run using the ``|program'' syntax of sendmail
       in order to improve the over all security  of  your  system.   Briefly,
       even  if	 a ``bad guy'' can get sendmail to run a program without going
       through an alias or forward file, smrsh limits the set of programs that
       he or she can execute.

       Briefly,	 smrsh limits programs to be in a single directory, by default
       /usr/pkg/libexec/sm.bin, allowing the system  administrator  to	choose
       the  set	 of  acceptable	 commands,  and	 to the shell builtin commands
       ``exec'', ``exit'', and ``echo''.  It also rejects  any	commands  with
       the  characters	``',  `<',  `>',  `;',	`$',  `(', `)', `\r' (carriage
       return), or `\n' (newline) on the command line to prevent  ``end	 run''
       attacks.	 It allows ``||'' and ``&&'' to enable commands like: ``"|exec
       /usr/local/bin/filter || exit 75"''

       Initial	pathnames  on  programs	 are  stripped,	  so   forwarding   to
       ``/usr/ucb/vacation'',				``/usr/bin/vacation'',
       ``/home/server/mydir/bin/vacation'', and ``vacation'' all actually for‐
       ward to ``/usr/pkg/libexec/sm.bin/vacation''.

       System  administrators  should  be  conservative	 about	populating the
       sm.bin directory.  For example, a reasonable additions is  vacation(1),
       and  the like.  No matter how brow-beaten you may be, never include any
       shell or shell-like program (such as perl(1)) in the sm.bin  directory.
       Note  that  this	 does not restrict the use of shell or perl scripts in
       the sm.bin directory (using the ``#!''  syntax);	 it  simply  disallows
       execution  of  arbitrary programs.  Also, including mail filtering pro‐
       grams such as procmail(1) is a very bad idea.  procmail(1) allows users
       to run arbitrary programs in their procmailrc(5).

COMPILATION
       Compilation  should  be	trivial	 on most systems.  You may need to use
       -DSMRSH_PATH=\"path\" to adjust the default search  path	 (defaults  to
       ``/bin:/usr/bin:/usr/ucb'') and/or -DSMRSH_CMDDIR=\"dir\" to change the
       default program directory (defaults to ``/usr/pkg/libexec/sm.bin'').

FILES
       /usr/pkg/libexec/sm.bin - default directory for restricted programs

SEE ALSO
       sendmail(8)

			 $Date: 2004/08/06 03:55:35 $		      SMRSH(8)
[top] 
                             _         _         _ 
                            | |       | |       | |     
                            | |       | |       | |     
                         __ | | __ __ | | __ __ | | __  
                         \ \| |/ / \ \| |/ / \ \| |/ /  
                          \ \ / /   \ \ / /   \ \ / /   
                           \   /     \   /     \   /    
                            \_/       \_/       \_/
More information is available in HTML format for server QNX

List of man pages available for QNX

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net