Ralph Freshour <rfresh(_at_)mail(_dot_)idt(_dot_)net> writes:
I see the term 'smrsh' mentioned a lot in this mailing list - as a new
unix user, what does that stand for? A unix/mail utility? Thanks.
For the record, smrsh is the SendMail Restricted SHell. It's a
minimalist replacement for /bin/sh to be invoked as sendmail's 'prog'
mailer. It doesn't support any shell syntax beyond white space
delimited arguments, and doesn't even use a search path, but looks for
the specified program, with any explicit path stripped from it, in a
compiled in location. For instance, I compiled smrsh here to use
/usr/lib/sm.bin as it's directory of executables. This means that all
of the following .forwards:
"|/usr/local/bin/procmail"
"|/procmail"
"|procmail"
"|skjfjfskhfskjfskjfskfdsufhdsiuhfsiuhsduf/procmail"
all result in /usr/lib/sm.bin/procmail being run. Any shell meta-
characters like '&' or ';' result in smrsh throwing an error and
refusing to execute anything.
The whole point of smrsh is to eliminate a class of possible security
holes whereby bugs in sendmail are combined with the shell's flexible
syntax to execute arbitrary programs.
Note that the purpose of smrsh is *not* to protect a system from
malicious users, though fascist admins may find it useful for such. If
you make procmail the local mailer, or put it in the sm.bin directory,
whereever that is, then malicious users can execute whatever they
wany. smrsh is there to protect the system from insufficient paranoia
in sendmail.
Does that make sense?
Philip Guenther