]>
Commit | Line | Data |
---|---|---|
4e879beb PG |
1 | --- ./smrsh/README.org Wed Jan 24 01:05:58 2001 |
2 | +++ ./smrsh/README Tue Jun 4 14:25:06 2002 | |
1dce6292 JB |
3 | @@ -6,7 +6,7 @@ |
4 | intended as a supplement to the CERT advisory CA-93:16.sendmail.vulnerability, | |
5 | and to the software, smrsh.c, written by Eric Allman. | |
6 | ||
7 | - | |
dbea50b4 | 8 | +* Modified by PLD Team to reflect different paths. * |
1dce6292 JB |
9 | |
10 | The smrsh(8) program is intended as a replacement for /bin/sh in the | |
11 | program mailer definition of sendmail(8). This README file describes | |
12 | @@ -46,15 +46,15 @@ | |
13 | ||
14 | ||
15 | ||
16 | -As root, install smrsh in /usr/libexec. Using the Build script: | |
17 | +As root, install smrsh in /usr/sbin. Using the Build script: | |
18 | ||
19 | host.domain# sh Build install | |
20 | ||
21 | -For manual installation: install smrsh in the /usr/libexec | |
22 | +For manual installation: install smrsh in the /usr/sbin | |
23 | directory, with mode 511. | |
24 | ||
25 | - host.domain# mv smrsh /usr/libexec | |
26 | - host.domain# chmod 511 /usr/libexec/smrsh | |
27 | + host.domain# mv smrsh /usr/sbin | |
28 | + host.domain# chmod 511 /usr/sbin/smrsh | |
29 | ||
30 | ||
31 | ||
32 | @@ -76,7 +76,7 @@ | |
33 | acceptable commands. | |
34 | ||
a4f43047 | 35 | If your platform doesn't have a default SMRSH_CMDDIR setting, you will |
dbea50b4 JB |
36 | -next need to create the directory /usr/adm/sm.bin and populate |
37 | +next need to create the directory /etc/smrsh and populate | |
1dce6292 JB |
38 | it with the programs that your site feels are allowable for sendmail |
39 | to execute. This directory is explicitly specified in the source | |
40 | code for smrsh, so changing this directory must be accompanied with | |
41 | @@ -85,22 +85,22 @@ | |
42 | ||
43 | You will have to be root to make these modifications. | |
44 | ||
45 | -After creating the /usr/adm/sm.bin directory, either copy the programs | |
46 | +After creating the /etc/smrsh directory, either copy the programs | |
47 | to the directory, or establish links to the allowable programs from | |
48 | -/usr/adm/sm.bin. Change the file permissions, so that these programs | |
49 | +/etc/smrsh. Change the file permissions, so that these programs | |
50 | can not be modified by non-root users. If you use links, you should | |
51 | ensure that the target programs are not modifiable. | |
52 | ||
53 | To allow the popular vacation(1) program by creating a link in the | |
54 | -/usr/adm/sm.bin directory, you should: | |
55 | +/etc/smrsh directory, you should: | |
56 | ||
57 | - host.domain# cd /usr/adm/sm.bin | |
dbea50b4 | 58 | - host.domain# ln -s /usr/ucb/vacation vacation |
1dce6292 | 59 | + host.domain# cd /etc/smrsh |
dbea50b4 | 60 | + host.domain# ln -s /usr/bin/vacation vacation |
1dce6292 JB |
61 | |
62 | ||
63 | ||
64 | ||
65 | -After populating the /usr/adm/sm.bin directory, you can now configure | |
66 | +After populating the /etc/smrsh directory, you can now configure | |
67 | sendmail to use the restricted shell. Save the current sendmail.cf | |
68 | file prior to modifying it, as a prudent precaution. | |
69 | ||
70 | @@ -115,7 +115,7 @@ | |
71 | ||
72 | In order to configure sendmail to use smrsh, you must modify the Mprog | |
73 | definition in the sendmail.cf file, by replacing the /bin/sh specification | |
74 | -with /usr/libexec/smrsh. | |
75 | +with /usr/sbin/smrsh. | |
76 | ||
77 | As an example: | |
78 | ||
79 | @@ -123,14 +123,14 @@ | |
80 | Mprog, P=/bin/sh, F=lsDFMeuP, S=10, R=20, A=sh -c $u | |
81 | ||
82 | which should be changed to: | |
83 | -Mprog, P=/usr/libexec/smrsh, F=lsDFMeuP, S=10, R=20, A=sh -c $u | |
84 | +Mprog, P=/usr/sbin/smrsh, F=lsDFMeuP, S=10, R=20, A=sh -c $u | |
4e879beb | 85 | ^^^^^^^^^^^^^^^^^^ |
1dce6292 JB |
86 | |
87 | A more generic line may be: | |
88 | Mprog, P=/bin/sh, F=lsDFM, A=sh -c $u | |
89 | ||
90 | and should be changed to; | |
91 | -Mprog, P=/usr/libexec/smrsh, F=lsDFM, A=sh -c $u | |
92 | +Mprog, P=/usr/sbin/smrsh, F=lsDFM, A=sh -c $u | |
93 | ||
94 | ||
95 | After modifying the Mprog definition in the sendmail.cf file, if a frozen | |
96 | @@ -141,7 +141,7 @@ | |
97 | a search of the strings(1) output of the sendmail binary. | |
98 | ||
99 | In order to create a new frozen configuration, if it is required: | |
100 | - host.domain# /usr/lib/sendmail -bz | |
101 | + host.domain# /usr/sbin/sendmail -bz | |
102 | ||
103 | Now re-start the sendmail process. An example of how to do this on | |
104 | a typical system follows: | |
4e879beb PG |
105 | --- ./smrsh/smrsh.8.org Thu Apr 25 15:33:40 2002 |
106 | +++ ./smrsh/smrsh.8 Tue Jun 4 14:27:48 2002 | |
dbea50b4 | 107 | @@ -39,7 +39,7 @@ |
1dce6292 | 108 | .I smrsh |
dbea50b4 JB |
109 | limits programs to be in a single directory, |
110 | by default | |
1dce6292 JB |
111 | -/usr/adm/sm.bin, |
112 | +/etc/smrsh, | |
113 | allowing the system administrator to choose the set of acceptable commands, | |
114 | and to the shell builtin commands ``exec'', ``exit'', and ``echo''. | |
115 | It also rejects any commands with the characters | |
dbea50b4 JB |
116 | @@ -47,7 +47,7 @@ |
117 | or `\en' (newline) | |
118 | on the command line to prevent ``end run'' attacks. | |
119 | It allows ``||'' and ``&&'' to enable commands like: | |
120 | -``"|exec /usr/local/bin/procmail -f- /etc/procmailrcs/user || exit 75"'' | |
121 | +``"|exec /usr/bin/procmail -f- /etc/procmailrcs/user || exit 75"'' | |
122 | .PP | |
123 | Initial pathnames on programs are stripped, | |
124 | so forwarding to ``/usr/ucb/vacation'', | |
125 | @@ -56,10 +56,10 @@ | |
1dce6292 JB |
126 | and |
127 | ``vacation'' | |
128 | all actually forward to | |
129 | -``/usr/adm/sm.bin/vacation''. | |
130 | +``/etc/smrsh/vacation''. | |
131 | .PP | |
132 | System administrators should be conservative about populating | |
dbea50b4 | 133 | -the sm.bin directory. |
4e879beb | 134 | +the /etc/smrsh/ directory. |
1dce6292 JB |
135 | Reasonable additions are |
136 | .IR vacation (1), | |
137 | .IR procmail (1), | |
dbea50b4 | 138 | @@ -69,20 +69,12 @@ |
1dce6292 JB |
139 | (such as |
140 | .IR perl (1)) | |
141 | in the | |
142 | -sm.bin | |
4e879beb | 143 | +/etc/smrsh/ |
1dce6292 JB |
144 | directory. |
145 | Note that this does not restrict the use of shell or perl scripts | |
dbea50b4 | 146 | in the sm.bin directory (using the ``#!'' syntax); |
1dce6292 JB |
147 | it simply disallows execution of arbitrary programs. |
148 | -.SH COMPILATION | |
149 | -Compilation should be trivial on most systems. | |
a4f43047 | 150 | -You may need to use \-DSMRSH_PATH=\e"\fIpath\fP\e" |
1dce6292 JB |
151 | -to adjust the default search path |
152 | -(defaults to ``/bin:/usr/bin:/usr/ucb'') | |
4e879beb | 153 | -and/or \-DSMRSH_CMDDIR=\e"\fIdir\fP\e" |
1dce6292 JB |
154 | -to change the default program directory |
155 | -(defaults to ``/usr/adm/sm.bin''). | |
156 | .SH FILES | |
157 | -/usr/adm/sm.bin \- directory for restricted programs | |
4e879beb | 158 | +/etc/smrsh/ \- directory for restricted programs |
1dce6292 JB |
159 | .SH SEE ALSO |
160 | sendmail(8) | |
4e879beb PG |
161 | --- ./smrsh/smrsh.c.org Sat May 25 04:41:31 2002 |
162 | +++ ./smrsh/smrsh.c Tue Jun 4 14:29:28 2002 | |
163 | @@ -75,7 +75,7 @@ | |
a4f43047 JB |
164 | # ifdef SMRSH_CMDDIR |
165 | # define CMDDIR SMRSH_CMDDIR | |
166 | # else /* SMRSH_CMDDIR */ | |
dbea50b4 | 167 | -# define CMDDIR "/usr/adm/sm.bin" |
a4f43047 JB |
168 | +# define CMDDIR "/etc/smrsh" |
169 | # endif /* SMRSH_CMDDIR */ | |
1dce6292 JB |
170 | #endif /* ! CMDDIR */ |
171 | ||
4e879beb | 172 | @@ -87,7 +87,7 @@ |
a4f43047 JB |
173 | # ifdef SMRSH_PATH |
174 | # define PATH SMRSH_PATH | |
175 | # else /* SMRSH_PATH */ | |
176 | -# define PATH "/bin:/usr/bin:/usr/ucb" | |
177 | +# define PATH "/bin:/usr/bin" | |
178 | # endif /* SMRSH_PATH */ | |
1dce6292 JB |
179 | #endif /* ! PATH */ |
180 |