smrsh - restricted shell for sendmail
smrsh -c command
The smrsh program is intended as a replacement for sh for use in the
prog mailer in sendmail configuration files. It sharply limits the
commands that can be run using the |program syntax of sendmail in
order to improve the overall security of your system. Briefly, even
if a ``bad guy'' can get sendmail to run a program without going
through an alias or forward file, smrsh limits the set of programs
that he or she can execute.
Briefly, smrsh limits programs to be in the directory /var/adm/sm.bin,
allowing the system administrator to choose the set of acceptable
commands. It also rejects any commands with the characters \, <<<<, >>>>,
|, ;, &&&&, $, (, ), \r (carriage return), and \n (newline) on the
command line to prevent ``end run'' attacks.
Initial pathnames on programs are stripped, so forwarding to
/usr/ucb/vacation, /usr/bin/vacation, /home/server/mydir/bin/vacation,
and vacation all actually forward to /var/adm/sm.bin/vacation.
System administrators should be conservative about populating
/var/adm/sm.bin. Reasonable additions are vacation and rmail. Do not
include any shell or shell-like program (such as perl) in the sm.bin
directory. Note that this does not restrict the use of shell or perl
scripts in the sm.bin directory (using the #! syntax); it simply
disallows execution of arbitrary programs.
/var/adm/sm.bin Directory for restricted programs
Hewlett-Packard Company - 1 - HP-UX Release 11i: November 2000