---- sendmail-8.10.0/smrsh/README.smrsh Tue Apr 27 22:26:10 1999
-+++ sendmail-8.10.0/smrsh/README Thu Mar 9 13:21:10 2000
+--- ./smrsh/README.org Wed Jan 24 01:05:58 2001
++++ ./smrsh/README Tue Jun 4 14:25:06 2002
@@ -6,7 +6,7 @@
intended as a supplement to the CERT advisory CA-93:16.sendmail.vulnerability,
and to the software, smrsh.c, written by Eric Allman.
-
-+* Modified by Red Hat Software to reflect different paths. *
++* Modified by PLD Team to reflect different paths. *
The smrsh(8) program is intended as a replacement for /bin/sh in the
program mailer definition of sendmail(8). This README file describes
@@ -76,7 +76,7 @@
acceptable commands.
-
--You will next need to create the directory /usr/adm/sm.bin and populate
-+You will next need to create the directory /etc/smrsh and populate
+ If your platform doesn't have a default SMRSH_CMDDIR setting, you will
+-next need to create the directory /usr/adm/sm.bin and populate
++next need to create the directory /etc/smrsh and populate
it with the programs that your site feels are allowable for sendmail
to execute. This directory is explicitly specified in the source
code for smrsh, so changing this directory must be accompanied with
+/etc/smrsh directory, you should:
- host.domain# cd /usr/adm/sm.bin
+- host.domain# ln -s /usr/ucb/vacation vacation
+ host.domain# cd /etc/smrsh
- host.domain# ln -s /usr/ucb/vacation vacation
++ host.domain# ln -s /usr/bin/vacation vacation
Now re-start the sendmail process. An example of how to do this on
a typical system follows:
---- sendmail-8.10.0/smrsh/smrsh.8.smrsh Tue Jun 15 00:50:19 1999
-+++ sendmail-8.10.0/smrsh/smrsh.8 Thu Mar 9 13:21:40 2000
-@@ -38,7 +38,7 @@
- Briefly,
+--- ./smrsh/smrsh.8.org Thu Apr 25 15:33:40 2002
++++ ./smrsh/smrsh.8 Tue Jun 4 14:27:48 2002
+@@ -39,7 +39,7 @@
.I smrsh
- limits programs to be in the directory
+ limits programs to be in a single directory,
+ by default
-/usr/adm/sm.bin,
+/etc/smrsh,
allowing the system administrator to choose the set of acceptable commands,
and to the shell builtin commands ``exec'', ``exit'', and ``echo''.
It also rejects any commands with the characters
-@@ -55,10 +55,10 @@
+@@ -47,7 +47,7 @@
+ or `\en' (newline)
+ on the command line to prevent ``end run'' attacks.
+ It allows ``||'' and ``&&'' to enable commands like:
+-``"|exec /usr/local/bin/procmail -f- /etc/procmailrcs/user || exit 75"''
++``"|exec /usr/bin/procmail -f- /etc/procmailrcs/user || exit 75"''
+ .PP
+ Initial pathnames on programs are stripped,
+ so forwarding to ``/usr/ucb/vacation'',
+@@ -56,10 +56,10 @@
and
``vacation''
all actually forward to
+``/etc/smrsh/vacation''.
.PP
System administrators should be conservative about populating
--/usr/adm/sm.bin.
-+/etc/smrsh
+-the sm.bin directory.
++the /etc/smrsh/ directory.
Reasonable additions are
.IR vacation (1),
.IR procmail (1),
-@@ -68,20 +68,12 @@
+@@ -69,20 +69,12 @@
(such as
.IR perl (1))
in the
-sm.bin
-+/etc/smrsh
++/etc/smrsh/
directory.
Note that this does not restrict the use of shell or perl scripts
--in the sm.bin directory (using the ``#!'' syntax);
-+in the /etc/smrsh directory (using the ``#!'' syntax);
+ in the sm.bin directory (using the ``#!'' syntax);
it simply disallows execution of arbitrary programs.
-.SH COMPILATION
-Compilation should be trivial on most systems.
--You may need to use \-DPATH=\e"\fIpath\fP\e"
+-You may need to use \-DSMRSH_PATH=\e"\fIpath\fP\e"
-to adjust the default search path
-(defaults to ``/bin:/usr/bin:/usr/ucb'')
--and/or \-DCMDBIN=\e"\fIdir\fP\e"
+-and/or \-DSMRSH_CMDDIR=\e"\fIdir\fP\e"
-to change the default program directory
-(defaults to ``/usr/adm/sm.bin'').
.SH FILES
-/usr/adm/sm.bin \- directory for restricted programs
-+/etc/smrsh \- directory for restricted programs
++/etc/smrsh/ \- directory for restricted programs
.SH SEE ALSO
sendmail(8)
---- sendmail-8.10.0/smrsh/smrsh.c.smrsh2 Tue Oct 26 22:49:51 1999
-+++ sendmail-8.10.0/smrsh/smrsh.c Thu Mar 9 13:28:37 2000
-@@ -76,7 +76,7 @@
-
- /* directory in which all commands must reside */
- #ifndef CMDDIR
--# define CMDDIR "/usr/adm/sm.bin"
-+# define CMDDIR "/etc/smrsh"
+--- ./smrsh/smrsh.c.org Sat May 25 04:41:31 2002
++++ ./smrsh/smrsh.c Tue Jun 4 14:29:28 2002
+@@ -75,7 +75,7 @@
+ # ifdef SMRSH_CMDDIR
+ # define CMDDIR SMRSH_CMDDIR
+ # else /* SMRSH_CMDDIR */
+-# define CMDDIR "/usr/adm/sm.bin"
++# define CMDDIR "/etc/smrsh"
+ # endif /* SMRSH_CMDDIR */
#endif /* ! CMDDIR */
- /* characters disallowed in the shell "-c" argument */
-@@ -84,7 +84,7 @@
-
- /* default search path */
- #ifndef PATH
--# define PATH "/bin:/usr/bin:/usr/ucb"
-+# define PATH "/bin:/usr/bin:"
+@@ -87,7 +87,7 @@
+ # ifdef SMRSH_PATH
+ # define PATH SMRSH_PATH
+ # else /* SMRSH_PATH */
+-# define PATH "/bin:/usr/bin:/usr/ucb"
++# define PATH "/bin:/usr/bin"
+ # endif /* SMRSH_PATH */
#endif /* ! PATH */
- #ifndef __P
projects / packages / sendmail.git / blobdiff