'\" te
.\" Copyright (c) 1983 Eric P. Allman
.\" Copyright (c) 1988, 1993 The Regents of the University of California.  All rights reserved.
.\" Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright    notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright    notice, this list of conditions and the following disclaimer in the    documentation and/or other materials provided with the distribution. 3. All advertising materials mentioning features or use of this software    must display
.\" the following acknowledgement: This product includes software developed by the University of California, Berkeley and its contributors. 4. Neither the name of the University nor the names of its contributors    may be used to endorse or promote products derived from this software    without specific
.\" prior written permission.  THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR
.\" CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
.\" IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\" Copyright (c) 1998-2006, 2008 Sendmail, Inc. and its suppliers.  All rights reserved.
.\" The following license terms and conditions apply, unless a different license is obtained from Sendmail, Inc., 6425 Christie Ave, Fourth Floor, Emeryville, CA 94608, USA, or by electronic mail at license@sendmail.com.  License Terms:  Use, Modification and Redistribution
.\" (including distribution of any modified or derived work) in source and binary forms is permitted only if each of the following conditions is met:  1. Redistributions qualify as "freeware" or "Open Source Software" under    one of the following terms:     (a) Redistributions are made at no charge
.\" beyond the reasonable cost of        materials and delivery.     (b) Redistributions are accompanied by a copy of the Source Code or by an        irrevocable offer to provide a copy of the Source Code for up to three       years at the cost of materials and delivery.  Such redistributions
.\"    must allow further use, modification, and redistribution of the Source       Code under substantially the same terms as this license.  For the        purposes of redistribution "Source Code" means the complete compilable       and linkable source code of sendmail including all modifications.
.\"  2. Redistributions of source code must retain the copyright notices as they    appear in each source code file, these license terms, and the    disclaimer/limitation of liability set forth as paragraph 6 below.  3. Redistributions in binary form must reproduce the Copyright Notice,    these license
.\" terms, and the disclaimer/limitation of liability set    forth as paragraph 6 below, in the documentation and/or other materials    provided with the distribution.  For the purposes of binary distribution    the "Copyright Notice" refers to the following language:    "Copyright (c) 1998-2004 Sendmail,
.\" Inc.  All rights reserved."  4. Neither the name of Sendmail, Inc. nor the University of California nor    the names of their contributors may be used to endorse or promote    products derived from this software without specific prior written    permission.  The name "sendmail" is a trademark
.\" of Sendmail, Inc.  5. All redistributions must comply with the conditions imposed by the    University of California on certain embedded code, whose copyright    notice and conditions for redistribution are as follows:     (a) Copyright (c) 1988, 1993 The Regents of the University of        California.
.\"  All rights reserved.     (b) Redistribution and use in source and binary forms, with or without        modification, are permitted provided that the following conditions        are met:        (i)   Redistributions of source code must retain the above copyright             notice, this list of
.\" conditions and the following disclaimer.        (ii)  Redistributions in binary form must reproduce the above             copyright notice, this list of conditions and the following             disclaimer in the documentation and/or other materials provided             with the distribution.
.\"       (iii) Neither the name of the University nor the names of its             contributors may be used to endorse or promote products derived             from this software without specific prior written permission. 6. Disclaimer/Limitation of Liability: THIS SOFTWARE IS PROVIDED BY    SENDMAIL,
.\" INC. AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED    WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF    MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN    NO EVENT SHALL SENDMAIL, INC., THE REGENTS OF THE UNIVERSITY OF    CALIFORNIA OR CONTRIBUTORS
.\" BE LIABLE FOR ANY DIRECT, INDIRECT,    INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT    NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF    USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON    ANY THEORY OF LIABILITY, WHETHER
.\" IN CONTRACT, STRICT LIABILITY, OR TORT    (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF    THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
.\" Copyright (c) 2009, Sun Microsystems, Inc.  All Rights Reserved.
.TH SMRSH 8 "June 20, 2021"
.SH NAME
smrsh \- restricted shell for sendmail
.SH SYNOPSIS
.nf
\fBsmrsh\fR \fB-c\fR \fIcommand\fR
.fi

.SH DESCRIPTION
The \fBsmrsh\fR program is intended as a replacement for the \fBsh\fR command
in the \fBprog\fR mailer in \fBsendmail\fR(8) configuration files. The
\fBsmrsh\fR program sharply limits commands that can be run using the
\fB|program\fR syntax of \fBsendmail\fR. This improves overall system security.
\fBsmrsh\fR limits the set of programs that a programmer can execute, even if
\fBsendmail\fR runs a program without going through an \fBalias\fR or
\fBforward\fR file.
.sp
.LP
Briefly, \fBsmrsh\fR limits programs to be in the directory
\fB/var/adm/sm.bin\fR, allowing system administrators to choose the set of
acceptable commands. It also rejects any commands with the characters: \fB,\fR,
\fB<\fR, \fB>\fR, \fB|\fR, \fB;\fR, \fB&\fR, \fB$\fR, \fB\er\fR (RETURN), or
\fB\en\fR (NEWLINE) on the command line to prevent end run attacks.
.sp
.LP
Initial pathnames on programs are stripped, so forwarding to
\fB/usr/ucb/vacation\fR, \fB/usr/bin/vacation\fR,
\fB/home/server/mydir/bin/vacation\fR, and \fBvacation\fR all actually forward
to \fB/var/adm/sm.bin/vacation\fR.
.sp
.LP
System administrators should be conservative about populating
\fB/var/adm/sm.bin\fR. Reasonable additions are utilities such as
\fBvacation\fR(1) and \fBprocmail\fR. Never include any shell or shell-like
program (for example, \fBperl\fR) in the \fBsm.bin\fR directory. This does not
restrict the use of \fBshell\fR or \fBperl\fR scrips in the \fBsm.bin\fR
directory (using the \fB#!\fR syntax); it simply disallows the execution of
arbitrary programs.
.SH OPTIONS
The following options are supported:
.sp
.ne 2
.na
\fB\fB-c\fR \fIcommand\fR\fR
.ad
.RS 14n
Where \fIcommand\fR is a valid command, executes \fIcommand\fR.
.RE

.SH FILES
.ne 2
.na
\fB\fB/var/adm/sm.bin\fR\fR
.ad
.RS 19n
directory for restricted programs
.RE

.SH SEE ALSO
.BR attributes (7),
.BR sendmail (8)