|
 |
95f7f3 |
diff -up sendmail-8.14.3/smrsh/README.smrsh_paths sendmail-8.14.3/smrsh/README
|
|
|
95f7f3 |
--- sendmail-8.14.3/smrsh/README.smrsh_paths 2008-02-12 17:40:06.000000000 +0100
|
|
|
95f7f3 |
+++ sendmail-8.14.3/smrsh/README 2008-07-15 14:40:36.000000000 +0200
|
|
|
95f7f3 |
@@ -6,7 +6,7 @@ Software Engineering Institute, Carnegie
|
|
|
95f7f3 |
intended as a supplement to the CERT advisory CA-93:16.sendmail.vulnerability,
|
|
|
95f7f3 |
and to the software, smrsh.c, written by Eric Allman.
|
|
|
95f7f3 |
|
|
|
95f7f3 |
-
|
|
|
95f7f3 |
+* Modified by Red Hat, Inc., to reflect different paths. *
|
|
|
95f7f3 |
|
|
|
95f7f3 |
The smrsh(8) program is intended as a replacement for /bin/sh in the
|
|
|
95f7f3 |
program mailer definition of sendmail(8). This README file describes
|
|
|
95f7f3 |
@@ -56,15 +56,15 @@ These can be added to the devtools/Site/
|
|
|
95f7f3 |
global M4 macro confENVDEF or the smrsh specific M4 macro
|
|
|
95f7f3 |
conf_smrsh_ENVDEF.
|
|
|
95f7f3 |
|
|
|
95f7f3 |
-As root, install smrsh in /usr/libexec. Using the Build script:
|
|
|
95f7f3 |
+As root, install smrsh in /usr/sbin. Using the Build script:
|
|
|
95f7f3 |
|
|
|
95f7f3 |
host.domain# sh ./Build install
|
|
|
95f7f3 |
|
|
|
95f7f3 |
-For manual installation: install smrsh in the /usr/libexec
|
|
|
95f7f3 |
+For manual installation: install smrsh in the /usr/sbin
|
|
|
95f7f3 |
directory, with mode 511.
|
|
|
95f7f3 |
|
|
|
95f7f3 |
- host.domain# mv smrsh /usr/libexec
|
|
|
95f7f3 |
- host.domain# chmod 511 /usr/libexec/smrsh
|
|
|
95f7f3 |
+ host.domain# mv smrsh /usr/sbin
|
|
|
95f7f3 |
+ host.domain# chmod 511 /usr/sbin/smrsh
|
|
|
95f7f3 |
|
|
|
95f7f3 |
|
|
|
95f7f3 |
|
|
|
95f7f3 |
@@ -86,7 +86,7 @@ perl(1), uudecode(1) or the stream edito
|
|
|
95f7f3 |
acceptable commands.
|
|
|
95f7f3 |
|
|
|
95f7f3 |
If your platform doesn't have a default SMRSH_CMDDIR setting, you will
|
|
|
95f7f3 |
-next need to create the directory /usr/adm/sm.bin and populate
|
|
|
95f7f3 |
+next need to create the directory /etc/smrsh and populate
|
|
|
95f7f3 |
it with the programs that your site feels are allowable for sendmail
|
|
|
95f7f3 |
to execute. This directory is explicitly specified in the source
|
|
|
95f7f3 |
code for smrsh, so changing this directory must be accompanied with
|
|
|
95f7f3 |
@@ -95,22 +95,22 @@ a change in smrsh.c.
|
|
|
95f7f3 |
|
|
|
95f7f3 |
You will have to be root to make these modifications.
|
|
|
95f7f3 |
|
|
|
95f7f3 |
-After creating the /usr/adm/sm.bin directory, either copy the programs
|
|
|
95f7f3 |
+After creating the /etc/smrsh directory, either copy the programs
|
|
|
95f7f3 |
to the directory, or establish links to the allowable programs from
|
|
|
95f7f3 |
-/usr/adm/sm.bin. Change the file permissions, so that these programs
|
|
|
95f7f3 |
+/etc/smrsh. Change the file permissions, so that these programs
|
|
|
95f7f3 |
can not be modified by non-root users. If you use links, you should
|
|
|
95f7f3 |
ensure that the target programs are not modifiable.
|
|
|
95f7f3 |
|
|
|
95f7f3 |
To allow the popular vacation(1) program by creating a link in the
|
|
|
95f7f3 |
-/usr/adm/sm.bin directory, you should:
|
|
|
95f7f3 |
+/etc/smrsh directory, you should:
|
|
|
95f7f3 |
|
|
|
95f7f3 |
- host.domain# cd /usr/adm/sm.bin
|
|
|
95f7f3 |
+ host.domain# cd /etc/smrsh
|
|
|
95f7f3 |
host.domain# ln -s /usr/ucb/vacation vacation
|
|
|
95f7f3 |
|
|
|
95f7f3 |
|
|
|
95f7f3 |
|
|
|
95f7f3 |
|
|
|
95f7f3 |
-After populating the /usr/adm/sm.bin directory, you can now configure
|
|
|
95f7f3 |
+After populating the /etc/smrsh directory, you can now configure
|
|
|
95f7f3 |
sendmail to use the restricted shell. Save the current sendmail.cf
|
|
|
95f7f3 |
file prior to modifying it, as a prudent precaution.
|
|
|
95f7f3 |
|
|
|
95f7f3 |
@@ -125,7 +125,7 @@ help to locate it.
|
|
|
95f7f3 |
|
|
|
95f7f3 |
In order to configure sendmail to use smrsh, you must modify the Mprog
|
|
|
95f7f3 |
definition in the sendmail.cf file, by replacing the /bin/sh specification
|
|
|
95f7f3 |
-with /usr/libexec/smrsh.
|
|
|
95f7f3 |
+with /usr/sbin/smrsh.
|
|
|
95f7f3 |
|
|
|
95f7f3 |
As an example:
|
|
|
95f7f3 |
|
|
|
95f7f3 |
@@ -133,14 +133,14 @@ In most Sun Microsystems' sendmail.cf fi
|
|
|
95f7f3 |
Mprog, P=/bin/sh, F=lsDFMeuP, S=10, R=20, A=sh -c $u
|
|
|
95f7f3 |
|
|
|
95f7f3 |
which should be changed to:
|
|
|
95f7f3 |
-Mprog, P=/usr/libexec/smrsh, F=lsDFMeuP, S=10, R=20, A=sh -c $u
|
|
|
95f7f3 |
- ^^^^^^^^^^^^^^^^^^
|
|
|
95f7f3 |
+Mprog, P=/usr/sbin/smrsh, F=lsDFMeuP, S=10, R=20, A=sh -c $u
|
|
|
95f7f3 |
+ ^^^^^^^^^^^^^^^^
|
|
|
95f7f3 |
|
|
|
95f7f3 |
A more generic line may be:
|
|
|
95f7f3 |
Mprog, P=/bin/sh, F=lsDFM, A=sh -c $u
|
|
|
95f7f3 |
|
|
|
95f7f3 |
and should be changed to;
|
|
|
95f7f3 |
-Mprog, P=/usr/libexec/smrsh, F=lsDFM, A=sh -c $u
|
|
|
95f7f3 |
+Mprog, P=/usr/sbin/smrsh, F=lsDFM, A=sh -c $u
|
|
|
95f7f3 |
|
|
|
95f7f3 |
|
|
|
95f7f3 |
After modifying the Mprog definition in the sendmail.cf file, if a frozen
|
|
|
95f7f3 |
@@ -151,7 +151,7 @@ or /etc/mail directories. The specific
|
|
|
95f7f3 |
a search of the strings(1) output of the sendmail binary.
|
|
|
95f7f3 |
|
|
|
95f7f3 |
In order to create a new frozen configuration, if it is required:
|
|
|
95f7f3 |
- host.domain# /usr/lib/sendmail -bz
|
|
|
95f7f3 |
+ host.domain# /usr/sbin/sendmail -bz
|
|
|
95f7f3 |
|
|
|
95f7f3 |
Now re-start the sendmail process. An example of how to do this on
|
|
|
95f7f3 |
a typical system follows:
|
|
|
95f7f3 |
diff -up sendmail-8.14.3/smrsh/smrsh.8.smrsh_paths sendmail-8.14.3/smrsh/smrsh.8
|
|
|
95f7f3 |
--- sendmail-8.14.3/smrsh/smrsh.8.smrsh_paths 2004-08-06 05:55:35.000000000 +0200
|
|
|
95f7f3 |
+++ sendmail-8.14.3/smrsh/smrsh.8 2008-07-15 14:38:07.000000000 +0200
|
|
|
95f7f3 |
@@ -39,7 +39,7 @@ Briefly,
|
|
|
95f7f3 |
.I smrsh
|
|
|
95f7f3 |
limits programs to be in a single directory,
|
|
|
95f7f3 |
by default
|
|
|
95f7f3 |
-/usr/adm/sm.bin,
|
|
|
95f7f3 |
+/etc/smrsh,
|
|
|
95f7f3 |
allowing the system administrator to choose the set of acceptable commands,
|
|
|
95f7f3 |
and to the shell builtin commands ``exec'', ``exit'', and ``echo''.
|
|
|
95f7f3 |
It also rejects any commands with the characters
|
|
|
95f7f3 |
@@ -56,10 +56,10 @@ so forwarding to ``/usr/ucb/vacation'',
|
|
|
95f7f3 |
and
|
|
|
95f7f3 |
``vacation''
|
|
|
95f7f3 |
all actually forward to
|
|
|
95f7f3 |
-``/usr/adm/sm.bin/vacation''.
|
|
|
95f7f3 |
+``/etc/smrsh/vacation''.
|
|
|
95f7f3 |
.PP
|
|
|
95f7f3 |
System administrators should be conservative about populating
|
|
|
95f7f3 |
-the sm.bin directory.
|
|
|
95f7f3 |
+the /etc/smrsh directory.
|
|
|
95f7f3 |
For example, a reasonable additions is
|
|
|
95f7f3 |
.IR vacation (1),
|
|
|
95f7f3 |
and the like.
|
|
|
95f7f3 |
@@ -68,7 +68,7 @@ never include any shell or shell-like pr
|
|
|
95f7f3 |
(such as
|
|
|
95f7f3 |
.IR perl (1))
|
|
|
95f7f3 |
in the
|
|
|
95f7f3 |
-sm.bin
|
|
|
95f7f3 |
+/etc/smrsh
|
|
|
95f7f3 |
directory.
|
|
|
95f7f3 |
Note that this does not restrict the use of shell or perl scripts
|
|
|
95f7f3 |
in the sm.bin directory (using the ``#!'' syntax);
|
|
|
95f7f3 |
@@ -79,20 +79,7 @@ is a very bad idea.
|
|
|
95f7f3 |
.IR procmail (1)
|
|
|
95f7f3 |
allows users to run arbitrary programs in their
|
|
|
95f7f3 |
.IR procmailrc (5).
|
|
|
95f7f3 |
-.SH COMPILATION
|
|
|
95f7f3 |
-Compilation should be trivial on most systems.
|
|
|
95f7f3 |
-You may need to use \-DSMRSH_PATH=\e"\fIpath\fP\e"
|
|
|
95f7f3 |
-to adjust the default search path
|
|
|
95f7f3 |
-(defaults to ``/bin:/usr/bin:/usr/ucb'')
|
|
|
95f7f3 |
-and/or \-DSMRSH_CMDDIR=\e"\fIdir\fP\e"
|
|
|
95f7f3 |
-to change the default program directory
|
|
|
95f7f3 |
-(defaults to ``/usr/adm/sm.bin'').
|
|
|
95f7f3 |
.SH FILES
|
|
|
95f7f3 |
-/usr/adm/sm.bin \- default directory for restricted programs on most OSs
|
|
|
95f7f3 |
-.PP
|
|
|
95f7f3 |
-/var/adm/sm.bin \- directory for restricted programs on HP UX and Solaris
|
|
|
95f7f3 |
-.PP
|
|
|
95f7f3 |
-/usr/libexec/sm.bin \- directory for restricted programs on FreeBSD (>= 3.3) and DragonFly BSD
|
|
|
95f7f3 |
-
|
|
|
95f7f3 |
+/etc/smrsh \- directory for restricted programs
|
|
|
95f7f3 |
.SH SEE ALSO
|
|
|
95f7f3 |
sendmail(8)
|
|
|
95f7f3 |
diff -up sendmail-8.14.3/smrsh/smrsh.c.smrsh_paths sendmail-8.14.3/smrsh/smrsh.c
|
|
|
95f7f3 |
--- sendmail-8.14.3/smrsh/smrsh.c.smrsh_paths 2004-08-06 20:54:22.000000000 +0200
|
|
|
95f7f3 |
+++ sendmail-8.14.3/smrsh/smrsh.c 2008-07-15 14:38:07.000000000 +0200
|
|
|
95f7f3 |
@@ -77,7 +77,7 @@ SM_IDSTR(id, "@(#)$Id: smrsh.c,v 8.65 20
|
|
|
95f7f3 |
# ifdef SMRSH_CMDDIR
|
|
|
95f7f3 |
# define CMDDIR SMRSH_CMDDIR
|
|
|
95f7f3 |
# else /* SMRSH_CMDDIR */
|
|
|
95f7f3 |
-# define CMDDIR "/usr/adm/sm.bin"
|
|
|
95f7f3 |
+# define CMDDIR "/etc/smrsh"
|
|
|
95f7f3 |
# endif /* SMRSH_CMDDIR */
|
|
|
95f7f3 |
#endif /* ! CMDDIR */
|
|
|
95f7f3 |
|
|
|
95f7f3 |
@@ -89,7 +89,7 @@ SM_IDSTR(id, "@(#)$Id: smrsh.c,v 8.65 20
|
|
|
95f7f3 |
# ifdef SMRSH_PATH
|
|
|
95f7f3 |
# define PATH SMRSH_PATH
|
|
|
95f7f3 |
# else /* SMRSH_PATH */
|
|
|
95f7f3 |
-# define PATH "/bin:/usr/bin:/usr/ucb"
|
|
|
95f7f3 |
+# define PATH "/bin:/usr/bin"
|
|
|
95f7f3 |
# endif /* SMRSH_PATH */
|
|
|
95f7f3 |
#endif /* ! PATH */
|
|
|
95f7f3 |
|