smrsh(1M)smrsh(1M)NAMEsmrsh - restricted shell for sendmail
SYNOPSIS
command
DESCRIPTION
The program is intended as a replacement for for use in the mailer in
configuration files. It sharply limits the commands that can be run
using the syntax of in order to improve the overall security of your
system. Briefly, even if a ``bad guy'' can get to run a program with‐
out going through an alias or forward file, limits the set of programs
that he or she can execute.
Briefly, limits programs to be in the directory allowing the system
administrator to choose the set of acceptable commands. It also
rejects any commands with the characters (carriage return), and (new‐
line) on the command line to prevent ``end run'' attacks.
Initial pathnames on programs are stripped, so forwarding to and all
actually forward to
System administrators should be conservative about populating Reason‐
able additions are and Do not include any shell or shell-like program
(such as in the directory. Note that this does not restrict the use of
shell or perl scripts in the directory (using the syntax); it simply
disallows execution of arbitrary programs.
FILES
Directory for restricted programs
SEE ALSOsendmail(1M).
smrsh(1M)
