]>
Commit | Line | Data |
---|---|---|
1e8578a6 PG |
1 | --- ./smrsh/README.org Tue Sep 30 09:59:46 2003 |
2 | +++ ./smrsh/README Tue Sep 30 10:04:24 2003 | |
1dce6292 JB |
3 | @@ -6,7 +6,7 @@ |
4 | intended as a supplement to the CERT advisory CA-93:16.sendmail.vulnerability, | |
5 | and to the software, smrsh.c, written by Eric Allman. | |
6 | ||
7 | - | |
dbea50b4 | 8 | +* Modified by PLD Team to reflect different paths. * |
1dce6292 JB |
9 | |
10 | The smrsh(8) program is intended as a replacement for /bin/sh in the | |
11 | program mailer definition of sendmail(8). This README file describes | |
1e8578a6 PG |
12 | @@ -47,24 +47,24 @@ |
13 | The following C defines can be set defined to change the search path and | |
14 | the bin directory used by smrsh. | |
15 | ||
16 | --DSMRSH_PATH=\"path\" \"/bin:/usr/bin:/usr/ucb\" The default search | |
17 | +-DSMRSH_PATH=\"path\" \"/bin:/usr/bin:/usr/bin\" The default search | |
18 | path. | |
19 | --DSMRSH_CMDDIR=\"dir\" \"/usr/adm/sm.bin\" The default smrsh | |
20 | +-DSMRSH_CMDDIR=\"dir\" \"/etc/smrsh\" The default smrsh | |
21 | program directory | |
22 | ||
23 | These can be added to the devtools/Site/site.config.m4 file using the | |
24 | global M4 macro confENVDEF or the smrsh specific M4 macro | |
25 | conf_smrsh_ENVDEF. | |
1dce6292 JB |
26 | |
27 | -As root, install smrsh in /usr/libexec. Using the Build script: | |
28 | +As root, install smrsh in /usr/sbin. Using the Build script: | |
29 | ||
30 | host.domain# sh Build install | |
31 | ||
32 | -For manual installation: install smrsh in the /usr/libexec | |
33 | +For manual installation: install smrsh in the /usr/sbin | |
34 | directory, with mode 511. | |
35 | ||
36 | - host.domain# mv smrsh /usr/libexec | |
37 | - host.domain# chmod 511 /usr/libexec/smrsh | |
38 | + host.domain# mv smrsh /usr/sbin | |
39 | + host.domain# chmod 511 /usr/sbin/smrsh | |
40 | ||
41 | ||
42 | ||
1e8578a6 PG |
43 | @@ -79,14 +79,14 @@ |
44 | ||
45 | See the man page for aliases(5) if you are unfamiliar with the format of | |
46 | these specifications. Additionally, you should include in the list, | |
47 | -popular commands such as /usr/ucb/vacation. | |
48 | +popular commands such as /usr/bin/vacation. | |
49 | ||
50 | You should NOT include interpreter programs such as sh(1), csh(1), | |
51 | perl(1), uudecode(1) or the stream editor sed(1) in your list of | |
1dce6292 JB |
52 | acceptable commands. |
53 | ||
a4f43047 | 54 | If your platform doesn't have a default SMRSH_CMDDIR setting, you will |
dbea50b4 JB |
55 | -next need to create the directory /usr/adm/sm.bin and populate |
56 | +next need to create the directory /etc/smrsh and populate | |
1dce6292 JB |
57 | it with the programs that your site feels are allowable for sendmail |
58 | to execute. This directory is explicitly specified in the source | |
59 | code for smrsh, so changing this directory must be accompanied with | |
1e8578a6 | 60 | @@ -95,22 +95,22 @@ |
1dce6292 JB |
61 | |
62 | You will have to be root to make these modifications. | |
63 | ||
64 | -After creating the /usr/adm/sm.bin directory, either copy the programs | |
65 | +After creating the /etc/smrsh directory, either copy the programs | |
66 | to the directory, or establish links to the allowable programs from | |
67 | -/usr/adm/sm.bin. Change the file permissions, so that these programs | |
68 | +/etc/smrsh. Change the file permissions, so that these programs | |
69 | can not be modified by non-root users. If you use links, you should | |
70 | ensure that the target programs are not modifiable. | |
71 | ||
72 | To allow the popular vacation(1) program by creating a link in the | |
73 | -/usr/adm/sm.bin directory, you should: | |
74 | +/etc/smrsh directory, you should: | |
75 | ||
76 | - host.domain# cd /usr/adm/sm.bin | |
dbea50b4 | 77 | - host.domain# ln -s /usr/ucb/vacation vacation |
1dce6292 | 78 | + host.domain# cd /etc/smrsh |
dbea50b4 | 79 | + host.domain# ln -s /usr/bin/vacation vacation |
1dce6292 JB |
80 | |
81 | ||
82 | ||
83 | ||
84 | -After populating the /usr/adm/sm.bin directory, you can now configure | |
85 | +After populating the /etc/smrsh directory, you can now configure | |
86 | sendmail to use the restricted shell. Save the current sendmail.cf | |
87 | file prior to modifying it, as a prudent precaution. | |
88 | ||
1e8578a6 | 89 | @@ -125,7 +125,7 @@ |
1dce6292 JB |
90 | |
91 | In order to configure sendmail to use smrsh, you must modify the Mprog | |
92 | definition in the sendmail.cf file, by replacing the /bin/sh specification | |
93 | -with /usr/libexec/smrsh. | |
94 | +with /usr/sbin/smrsh. | |
95 | ||
96 | As an example: | |
97 | ||
1e8578a6 | 98 | @@ -133,14 +133,14 @@ |
1dce6292 JB |
99 | Mprog, P=/bin/sh, F=lsDFMeuP, S=10, R=20, A=sh -c $u |
100 | ||
101 | which should be changed to: | |
102 | -Mprog, P=/usr/libexec/smrsh, F=lsDFMeuP, S=10, R=20, A=sh -c $u | |
103 | +Mprog, P=/usr/sbin/smrsh, F=lsDFMeuP, S=10, R=20, A=sh -c $u | |
4e879beb | 104 | ^^^^^^^^^^^^^^^^^^ |
1dce6292 JB |
105 | |
106 | A more generic line may be: | |
107 | Mprog, P=/bin/sh, F=lsDFM, A=sh -c $u | |
108 | ||
109 | and should be changed to; | |
110 | -Mprog, P=/usr/libexec/smrsh, F=lsDFM, A=sh -c $u | |
111 | +Mprog, P=/usr/sbin/smrsh, F=lsDFM, A=sh -c $u | |
112 | ||
113 | ||
114 | After modifying the Mprog definition in the sendmail.cf file, if a frozen | |
1e8578a6 | 115 | @@ -151,7 +151,7 @@ |
1dce6292 JB |
116 | a search of the strings(1) output of the sendmail binary. |
117 | ||
118 | In order to create a new frozen configuration, if it is required: | |
119 | - host.domain# /usr/lib/sendmail -bz | |
120 | + host.domain# /usr/sbin/sendmail -bz | |
121 | ||
122 | Now re-start the sendmail process. An example of how to do this on | |
123 | a typical system follows: | |
1e8578a6 PG |
124 | --- ./smrsh/smrsh.8.org Tue Sep 30 10:04:39 2003 |
125 | +++ ./smrsh/smrsh.8 Tue Sep 30 10:12:49 2003 | |
dbea50b4 | 126 | @@ -39,7 +39,7 @@ |
1dce6292 | 127 | .I smrsh |
dbea50b4 JB |
128 | limits programs to be in a single directory, |
129 | by default | |
1dce6292 JB |
130 | -/usr/adm/sm.bin, |
131 | +/etc/smrsh, | |
132 | allowing the system administrator to choose the set of acceptable commands, | |
133 | and to the shell builtin commands ``exec'', ``exit'', and ``echo''. | |
134 | It also rejects any commands with the characters | |
1e8578a6 PG |
135 | @@ -50,16 +50,16 @@ |
136 | ``"|exec /usr/local/bin/filter || exit 75"'' | |
dbea50b4 JB |
137 | .PP |
138 | Initial pathnames on programs are stripped, | |
1e8578a6 PG |
139 | -so forwarding to ``/usr/ucb/vacation'', |
140 | +so forwarding to ``/usr/bin/vacation'', | |
141 | ``/usr/bin/vacation'', | |
142 | ``/home/server/mydir/bin/vacation'', | |
1dce6292 JB |
143 | and |
144 | ``vacation'' | |
145 | all actually forward to | |
146 | -``/usr/adm/sm.bin/vacation''. | |
147 | +``/etc/smrsh/vacation''. | |
148 | .PP | |
149 | System administrators should be conservative about populating | |
dbea50b4 | 150 | -the sm.bin directory. |
1e8578a6 PG |
151 | +the /etc/smrsh directory. |
152 | For example, a reasonable additions is | |
1dce6292 | 153 | .IR vacation (1), |
1e8578a6 PG |
154 | and the like. |
155 | @@ -68,10 +68,10 @@ | |
1dce6292 JB |
156 | (such as |
157 | .IR perl (1)) | |
158 | in the | |
159 | -sm.bin | |
1e8578a6 | 160 | +/etc/smrsh |
1dce6292 JB |
161 | directory. |
162 | Note that this does not restrict the use of shell or perl scripts | |
1e8578a6 PG |
163 | -in the sm.bin directory (using the ``#!'' syntax); |
164 | +in the /etc/smrsh directory (using the ``#!'' syntax); | |
1dce6292 | 165 | it simply disallows execution of arbitrary programs. |
1e8578a6 PG |
166 | Also, including mail filtering programs such as |
167 | .IR procmail (1) | |
168 | @@ -79,15 +79,7 @@ | |
169 | .IR procmail (1) | |
170 | allows users to run arbitrary programs in their | |
171 | .IR procmailrc (5). | |
1dce6292 JB |
172 | -.SH COMPILATION |
173 | -Compilation should be trivial on most systems. | |
a4f43047 | 174 | -You may need to use \-DSMRSH_PATH=\e"\fIpath\fP\e" |
1dce6292 JB |
175 | -to adjust the default search path |
176 | -(defaults to ``/bin:/usr/bin:/usr/ucb'') | |
4e879beb | 177 | -and/or \-DSMRSH_CMDDIR=\e"\fIdir\fP\e" |
1dce6292 JB |
178 | -to change the default program directory |
179 | -(defaults to ``/usr/adm/sm.bin''). | |
180 | .SH FILES | |
c1a60ed1 | 181 | -/usr/adm/sm.bin \- default directory for restricted programs on most OSs |
1e8578a6 | 182 | +/etc/smrsh \- directory for restricted programs |
c1a60ed1 JB |
183 | .PP |
184 | /var/adm/sm.bin \- directory for restricted programs on HP UX and Solaris | |
1e8578a6 PG |
185 | --- ./smrsh/smrsh.c.org Tue Sep 30 10:12:59 2003 |
186 | +++ ./smrsh/smrsh.c Tue Sep 30 10:14:02 2003 | |
187 | @@ -77,7 +77,7 @@ | |
a4f43047 JB |
188 | # ifdef SMRSH_CMDDIR |
189 | # define CMDDIR SMRSH_CMDDIR | |
190 | # else /* SMRSH_CMDDIR */ | |
dbea50b4 | 191 | -# define CMDDIR "/usr/adm/sm.bin" |
a4f43047 JB |
192 | +# define CMDDIR "/etc/smrsh" |
193 | # endif /* SMRSH_CMDDIR */ | |
1dce6292 JB |
194 | #endif /* ! CMDDIR */ |
195 | ||
1e8578a6 | 196 | @@ -89,7 +89,7 @@ |
a4f43047 JB |
197 | # ifdef SMRSH_PATH |
198 | # define PATH SMRSH_PATH | |
199 | # else /* SMRSH_PATH */ | |
200 | -# define PATH "/bin:/usr/bin:/usr/ucb" | |
1e8578a6 | 201 | +# define PATH "/bin:/usr/bin:/usr/sbin" |
a4f43047 | 202 | # endif /* SMRSH_PATH */ |
1dce6292 JB |
203 | #endif /* ! PATH */ |
204 |