Import sendmail-8.9.1 (slightly trimmed) onto a fresh branch under

src/contrib as per various discussions.  I will copy across our changes
and then point the Makefiles across once the dust has settled..

1 files changed, 144 insertions, 0 deletions

diff --git a/contrib/sendmail/smrsh/README b/contrib/sendmail/smrsh/README
new file mode 100644
index 0000000..13f545c
--- /dev/null
+++ b/contrib/sendmail/smrsh/README
@@ -0,0 +1,144 @@
+
+
+
+README  smrsh - sendmail restricted shell.
+
+	@(#)README	8.2	11/11/95
+
+
+This README file is provided as a courtesy of the CERT Coordination Center,
+Software Engineering Institute, Carnegie Mellon University.  This file is 
+intended as a supplement to the CERT advisory CA-93:16.sendmail.vulnerability,
+and to the software, smrsh.c, written by Eric Allman.
+
+
+
+The smrsh(8) program is intended as a replacement for /bin/sh in the
+program mailer definition of sendmail(8).  This README file describes
+the steps needed to compile and install smrsh.
+
+smrsh is a restricted shell utility that provides the ability to
+specify, through a configuration, an explicit list of executable
+programs.  When used in conjunction with sendmail, smrsh effectively
+limits sendmail's scope of program execution to only those programs
+specified in smrsh's configuration.
+
+smrsh has been written with portability in mind, and uses traditional 
+Unix library utilities.  As such, smrsh should compile on most
+Unix C compilers.
+
+
+
+To compile smrsh.c, use the following command:
+
+host.domain% cc -o smrsh smrsh.c
+
+For machines that provide dynamic linking, it is advisable to compile
+smrsh without dynamic linking.  As an example with the Sun Microsystems
+compiler, you should compile with the -Bstatic option.
+
+host.domain% cc -Bstatic -o smrsh smrsh.c
+
+
+Choose a directory that smrsh will reside in.  We will use the traditional 
+/usr/local/etc directory for the remainder of this document.
+
+As root, install smrsh in /usr/local/etc directory, with mode 511.
+
+host.domain# mv smrsh /usr/local/etc
+host.domain# chmod 511 /usr/local/etc/smrsh
+
+
+
+Next, determine the list of commands that smrsh should allow sendmail
+to run.  This list of allowable commands can be determined by:
+
+   1.  examining your /etc/aliases file, to indicate what commands 
+       are being used by the system. 
+
+   2.  surveying your host's .forward files, to determine what 
+       commands users have specified.  
+
+See the man page for aliases(5) if you are unfamiliar with the format of 
+these specifications. Additionally, you should include in the list, 
+popular commands such as /usr/ucb/vacation.
+
+You should NOT include interpreter programs such as sh(1), csh(1),
+perl(1), uudecode(1) or the stream editor sed(1) in your list of 
+acceptable commands.
+
+
+You will next need to create the directory /usr/adm/sm.bin and populate 
+it with the programs that your site feels are allowable for sendmail
+to execute.   This directory is explicitly specified in the source
+code for smrsh, so changing this directory must be accompanied with
+a change in smrsh.c.
+
+
+You will have to be root to make these modifications.
+
+After creating the /usr/adm/sm.bin directory, either copy the programs
+to the directory, or establish links to the allowable programs from
+/usr/adm/sm.bin.  Change the file permissions, so that these programs
+can not be modified by non-root users.  If you use links, you should
+ensure that the target programs are not modifiable.
+
+To allow the popular vacation(1) program by creating a link in the 
+/usr/adm/sm.bin directory, you should:
+
+host.domain# cd /usr/adm/sm.bin
+host.domain# ln -s /usr/ucb/vacation vacation
+
+
+
+
+After populating the /usr/adm/sm.bin directory, you can now configure
+sendmail to use the restricted shell.  Save the current sendmail.cf
+file prior to modifying it, as a prudent precaution.
+
+Typically, the program mailer is defined by a single line in the 
+sendmail configuration file, sendmail.cf.  This file is traditionally
+found in the /etc, /usr/lib or /etc/mail directories, depending on 
+the UNIX vendor.
+
+If you are unsure of the location of the actual sendmail configuration
+file, a search of the strings(1) output of the sendmail binary, will
+help to locate it.
+
+In order to configure sendmail to use smrsh, you must modify the Mprog 
+definition in the sendmail.cf file, by replacing the /bin/sh specification 
+with /usr/local/etc/smrsh.
+
+As an example:
+
+In most Sun Microsystems' sendmail.cf files, the line is:
+Mprog,	P=/bin/sh,   F=lsDFMeuP,  S=10, R=20, A=sh -c $u
+
+which should be changed to:
+Mprog,	P=/usr/local/etc/smrsh,   F=lsDFMeuP,  S=10, R=20, A=sh -c $u
+          ^^^^^^^^^^^^^^^^^^^^
+
+A more generic line may be:
+Mprog,		P=/bin/sh, F=lsDFM, A=sh -c $u
+
+and should be changed to;
+Mprog,		P=/usr/local/etc/smrsh, F=lsDFM, A=sh -c $u
+
+
+After modifying the Mprog definition in the sendmail.cf file, if a frozen 
+configuration file is being used, it is essential to create a new one.
+You can determine if you need a frozen configuration by discovering
+if a sendmail.fc file currently exists in either the /etc/, /usr/lib,
+or /etc/mail directories.  The specific location can be determined using
+a search of the strings(1) output of the sendmail binary.
+
+In order to create a new frozen configuration, if it is required:
+host.domain# /usr/lib/sendmail -bz
+
+Now re-start the sendmail process.  An example of how to do this on 
+a typical system follows:
+ 
+host.domain# /usr/bin/ps aux | /usr/bin/grep sendmail
+root 130  0.0  0.0  168    0 ?  IW   Oct  2  0:10 /usr/lib/sendmail -bd -q
+host.domain# /bin/kill -9 130
+host.domain# /usr/lib/sendmail -bd -q30m