]>
Commit | Line | Data |
---|---|---|
f4355ae1 JR |
1 | diff -urNp -x '*.orig' sendmail-8.16.1.org/smrsh/README sendmail-8.16.1/smrsh/README |
2 | --- sendmail-8.16.1.org/smrsh/README 2020-05-19 21:54:33.000000000 +0200 | |
3 | +++ sendmail-8.16.1/smrsh/README 2021-10-03 22:30:57.155592021 +0200 | |
4 | @@ -6,7 +6,7 @@ Software Engineering Institute, Carnegie | |
1dce6292 JB |
5 | intended as a supplement to the CERT advisory CA-93:16.sendmail.vulnerability, |
6 | and to the software, smrsh.c, written by Eric Allman. | |
7 | ||
8 | - | |
dbea50b4 | 9 | +* Modified by PLD Team to reflect different paths. * |
1dce6292 JB |
10 | |
11 | The smrsh(8) program is intended as a replacement for /bin/sh in the | |
12 | program mailer definition of sendmail(8). This README file describes | |
f4355ae1 | 13 | @@ -47,24 +47,24 @@ With gcc, the GNU C compiler, use the -s |
1e8578a6 PG |
14 | The following C defines can be set defined to change the search path and |
15 | the bin directory used by smrsh. | |
16 | ||
17 | --DSMRSH_PATH=\"path\" \"/bin:/usr/bin:/usr/ucb\" The default search | |
18 | +-DSMRSH_PATH=\"path\" \"/bin:/usr/bin:/usr/bin\" The default search | |
19 | path. | |
20 | --DSMRSH_CMDDIR=\"dir\" \"/usr/adm/sm.bin\" The default smrsh | |
21 | +-DSMRSH_CMDDIR=\"dir\" \"/etc/smrsh\" The default smrsh | |
22 | program directory | |
23 | ||
24 | These can be added to the devtools/Site/site.config.m4 file using the | |
25 | global M4 macro confENVDEF or the smrsh specific M4 macro | |
26 | conf_smrsh_ENVDEF. | |
1dce6292 JB |
27 | |
28 | -As root, install smrsh in /usr/libexec. Using the Build script: | |
29 | +As root, install smrsh in /usr/sbin. Using the Build script: | |
30 | ||
efac155f | 31 | host.domain# sh ./Build install |
1dce6292 JB |
32 | |
33 | -For manual installation: install smrsh in the /usr/libexec | |
34 | +For manual installation: install smrsh in the /usr/sbin | |
35 | directory, with mode 511. | |
36 | ||
37 | - host.domain# mv smrsh /usr/libexec | |
38 | - host.domain# chmod 511 /usr/libexec/smrsh | |
39 | + host.domain# mv smrsh /usr/sbin | |
40 | + host.domain# chmod 511 /usr/sbin/smrsh | |
41 | ||
42 | ||
43 | ||
f4355ae1 | 44 | @@ -79,14 +79,14 @@ to run. This list of allowable commands |
1e8578a6 PG |
45 | |
46 | See the man page for aliases(5) if you are unfamiliar with the format of | |
47 | these specifications. Additionally, you should include in the list, | |
48 | -popular commands such as /usr/ucb/vacation. | |
49 | +popular commands such as /usr/bin/vacation. | |
50 | ||
51 | You should NOT include interpreter programs such as sh(1), csh(1), | |
52 | perl(1), uudecode(1) or the stream editor sed(1) in your list of | |
1dce6292 JB |
53 | acceptable commands. |
54 | ||
a4f43047 | 55 | If your platform doesn't have a default SMRSH_CMDDIR setting, you will |
dbea50b4 JB |
56 | -next need to create the directory /usr/adm/sm.bin and populate |
57 | +next need to create the directory /etc/smrsh and populate | |
1dce6292 JB |
58 | it with the programs that your site feels are allowable for sendmail |
59 | to execute. This directory is explicitly specified in the source | |
60 | code for smrsh, so changing this directory must be accompanied with | |
f4355ae1 | 61 | @@ -95,22 +95,22 @@ a change in smrsh.c. |
1dce6292 JB |
62 | |
63 | You will have to be root to make these modifications. | |
64 | ||
65 | -After creating the /usr/adm/sm.bin directory, either copy the programs | |
66 | +After creating the /etc/smrsh directory, either copy the programs | |
67 | to the directory, or establish links to the allowable programs from | |
68 | -/usr/adm/sm.bin. Change the file permissions, so that these programs | |
69 | +/etc/smrsh. Change the file permissions, so that these programs | |
70 | can not be modified by non-root users. If you use links, you should | |
71 | ensure that the target programs are not modifiable. | |
72 | ||
73 | To allow the popular vacation(1) program by creating a link in the | |
74 | -/usr/adm/sm.bin directory, you should: | |
75 | +/etc/smrsh directory, you should: | |
76 | ||
77 | - host.domain# cd /usr/adm/sm.bin | |
dbea50b4 | 78 | - host.domain# ln -s /usr/ucb/vacation vacation |
1dce6292 | 79 | + host.domain# cd /etc/smrsh |
dbea50b4 | 80 | + host.domain# ln -s /usr/bin/vacation vacation |
1dce6292 JB |
81 | |
82 | ||
83 | ||
84 | ||
85 | -After populating the /usr/adm/sm.bin directory, you can now configure | |
86 | +After populating the /etc/smrsh directory, you can now configure | |
87 | sendmail to use the restricted shell. Save the current sendmail.cf | |
88 | file prior to modifying it, as a prudent precaution. | |
89 | ||
f4355ae1 | 90 | @@ -125,7 +125,7 @@ help to locate it. |
1dce6292 JB |
91 | |
92 | In order to configure sendmail to use smrsh, you must modify the Mprog | |
93 | definition in the sendmail.cf file, by replacing the /bin/sh specification | |
94 | -with /usr/libexec/smrsh. | |
95 | +with /usr/sbin/smrsh. | |
96 | ||
97 | As an example: | |
98 | ||
f4355ae1 | 99 | @@ -133,14 +133,14 @@ In most Sun Microsystems' sendmail.cf fi |
1dce6292 JB |
100 | Mprog, P=/bin/sh, F=lsDFMeuP, S=10, R=20, A=sh -c $u |
101 | ||
102 | which should be changed to: | |
103 | -Mprog, P=/usr/libexec/smrsh, F=lsDFMeuP, S=10, R=20, A=sh -c $u | |
104 | +Mprog, P=/usr/sbin/smrsh, F=lsDFMeuP, S=10, R=20, A=sh -c $u | |
4e879beb | 105 | ^^^^^^^^^^^^^^^^^^ |
1dce6292 JB |
106 | |
107 | A more generic line may be: | |
108 | Mprog, P=/bin/sh, F=lsDFM, A=sh -c $u | |
109 | ||
110 | and should be changed to; | |
111 | -Mprog, P=/usr/libexec/smrsh, F=lsDFM, A=sh -c $u | |
112 | +Mprog, P=/usr/sbin/smrsh, F=lsDFM, A=sh -c $u | |
113 | ||
114 | ||
115 | After modifying the Mprog definition in the sendmail.cf file, if a frozen | |
f4355ae1 | 116 | @@ -151,7 +151,7 @@ or /etc/mail directories. The specific |
1dce6292 JB |
117 | a search of the strings(1) output of the sendmail binary. |
118 | ||
119 | In order to create a new frozen configuration, if it is required: | |
120 | - host.domain# /usr/lib/sendmail -bz | |
121 | + host.domain# /usr/sbin/sendmail -bz | |
122 | ||
123 | Now re-start the sendmail process. An example of how to do this on | |
124 | a typical system follows: | |
f4355ae1 JR |
125 | diff -urNp -x '*.orig' sendmail-8.16.1.org/smrsh/smrsh.8 sendmail-8.16.1/smrsh/smrsh.8 |
126 | --- sendmail-8.16.1.org/smrsh/smrsh.8 2020-05-19 21:54:33.000000000 +0200 | |
127 | +++ sendmail-8.16.1/smrsh/smrsh.8 2021-10-03 22:30:57.155592021 +0200 | |
128 | @@ -39,7 +39,7 @@ Briefly, | |
1dce6292 | 129 | .I smrsh |
dbea50b4 JB |
130 | limits programs to be in a single directory, |
131 | by default | |
1dce6292 JB |
132 | -/usr/adm/sm.bin, |
133 | +/etc/smrsh, | |
134 | allowing the system administrator to choose the set of acceptable commands, | |
135 | and to the shell builtin commands ``exec'', ``exit'', and ``echo''. | |
136 | It also rejects any commands with the characters | |
f4355ae1 | 137 | @@ -50,16 +50,16 @@ It allows ``||'' and ``&&'' to enable co |
1e8578a6 | 138 | ``"|exec /usr/local/bin/filter || exit 75"'' |
dbea50b4 JB |
139 | .PP |
140 | Initial pathnames on programs are stripped, | |
1e8578a6 PG |
141 | -so forwarding to ``/usr/ucb/vacation'', |
142 | +so forwarding to ``/usr/bin/vacation'', | |
143 | ``/usr/bin/vacation'', | |
144 | ``/home/server/mydir/bin/vacation'', | |
1dce6292 JB |
145 | and |
146 | ``vacation'' | |
147 | all actually forward to | |
148 | -``/usr/adm/sm.bin/vacation''. | |
149 | +``/etc/smrsh/vacation''. | |
150 | .PP | |
151 | System administrators should be conservative about populating | |
dbea50b4 | 152 | -the sm.bin directory. |
1e8578a6 PG |
153 | +the /etc/smrsh directory. |
154 | For example, a reasonable additions is | |
1dce6292 | 155 | .IR vacation (1), |
1e8578a6 | 156 | and the like. |
f4355ae1 | 157 | @@ -68,10 +68,10 @@ never include any shell or shell-like pr |
1dce6292 JB |
158 | (such as |
159 | .IR perl (1)) | |
160 | in the | |
161 | -sm.bin | |
1e8578a6 | 162 | +/etc/smrsh |
1dce6292 JB |
163 | directory. |
164 | Note that this does not restrict the use of shell or perl scripts | |
1e8578a6 PG |
165 | -in the sm.bin directory (using the ``#!'' syntax); |
166 | +in the /etc/smrsh directory (using the ``#!'' syntax); | |
1dce6292 | 167 | it simply disallows execution of arbitrary programs. |
1e8578a6 PG |
168 | Also, including mail filtering programs such as |
169 | .IR procmail (1) | |
f4355ae1 | 170 | @@ -79,16 +79,8 @@ is a very bad idea. |
1e8578a6 PG |
171 | .IR procmail (1) |
172 | allows users to run arbitrary programs in their | |
173 | .IR procmailrc (5). | |
1dce6292 JB |
174 | -.SH COMPILATION |
175 | -Compilation should be trivial on most systems. | |
a4f43047 | 176 | -You may need to use \-DSMRSH_PATH=\e"\fIpath\fP\e" |
1dce6292 JB |
177 | -to adjust the default search path |
178 | -(defaults to ``/bin:/usr/bin:/usr/ucb'') | |
4e879beb | 179 | -and/or \-DSMRSH_CMDDIR=\e"\fIdir\fP\e" |
1dce6292 JB |
180 | -to change the default program directory |
181 | -(defaults to ``/usr/adm/sm.bin''). | |
182 | .SH FILES | |
c1a60ed1 | 183 | -/usr/adm/sm.bin \- default directory for restricted programs on most OSs |
1e8578a6 | 184 | +/etc/smrsh \- directory for restricted programs |
c1a60ed1 JB |
185 | .PP |
186 | /var/adm/sm.bin \- directory for restricted programs on HP UX and Solaris | |
f4355ae1 JR |
187 | .PP |
188 | diff -urNp -x '*.orig' sendmail-8.16.1.org/smrsh/smrsh.c sendmail-8.16.1/smrsh/smrsh.c | |
189 | --- sendmail-8.16.1.org/smrsh/smrsh.c 2020-05-19 21:54:33.000000000 +0200 | |
190 | +++ sendmail-8.16.1/smrsh/smrsh.c 2021-10-03 22:30:57.155592021 +0200 | |
191 | @@ -77,7 +77,7 @@ SM_IDSTR(id, "@(#)$Id: smrsh.c,v 8.66 20 | |
a4f43047 JB |
192 | # ifdef SMRSH_CMDDIR |
193 | # define CMDDIR SMRSH_CMDDIR | |
229843d7 | 194 | # else |
dbea50b4 | 195 | -# define CMDDIR "/usr/adm/sm.bin" |
a4f43047 | 196 | +# define CMDDIR "/etc/smrsh" |
229843d7 | 197 | # endif |
1dce6292 JB |
198 | #endif /* ! CMDDIR */ |
199 | ||
f4355ae1 | 200 | @@ -89,7 +89,7 @@ SM_IDSTR(id, "@(#)$Id: smrsh.c,v 8.66 20 |
a4f43047 JB |
201 | # ifdef SMRSH_PATH |
202 | # define PATH SMRSH_PATH | |
229843d7 | 203 | # else |
a4f43047 | 204 | -# define PATH "/bin:/usr/bin:/usr/ucb" |
1e8578a6 | 205 | +# define PATH "/bin:/usr/bin:/usr/sbin" |
229843d7 | 206 | # endif |
1dce6292 JB |
207 | #endif /* ! PATH */ |
208 |