diff options
Diffstat (limited to 'contrib/sendmail/smrsh/README')
| -rw-r--r-- | contrib/sendmail/smrsh/README | 96 |
1 files changed, 54 insertions, 42 deletions
diff --git a/contrib/sendmail/smrsh/README b/contrib/sendmail/smrsh/README index fa4e2de..1e048c6 100644 --- a/contrib/sendmail/smrsh/README +++ b/contrib/sendmail/smrsh/README @@ -1,13 +1,8 @@ - - README smrsh - sendmail restricted shell. - @(#)README 8.2 11/11/1995 - - This README file is provided as a courtesy of the CERT Coordination Center, -Software Engineering Institute, Carnegie Mellon University. This file is +Software Engineering Institute, Carnegie Mellon University. This file is intended as a supplement to the CERT advisory CA-93:16.sendmail.vulnerability, and to the software, smrsh.c, written by Eric Allman. @@ -23,52 +18,65 @@ programs. When used in conjunction with sendmail, smrsh effectively limits sendmail's scope of program execution to only those programs specified in smrsh's configuration. -smrsh has been written with portability in mind, and uses traditional +smrsh has been written with portability in mind, and uses traditional Unix library utilities. As such, smrsh should compile on most Unix C compilers. +smrsh should build on most systems with the enclosed Build script: + host.domain% sh Build -To compile smrsh.c, use the following command: +To compile smrsh.c by hand, use the following command: -host.domain% cc -o smrsh smrsh.c + host.domain% cc -o smrsh smrsh.c For machines that provide dynamic linking, it is advisable to compile smrsh without dynamic linking. As an example with the Sun Microsystems compiler, you should compile with the -Bstatic option. -host.domain% cc -Bstatic -o smrsh smrsh.c + host.domain% cc -Bstatic -o smrsh smrsh.c + or + host.domain% sh Build LDOPTS=-Bstatic + +With gcc, the GNU C compiler, use the -static option. + + host.domain% cc -static -o smrsh smrsh.c + or + host.domain% sh Build LDOPTS=-static -Choose a directory that smrsh will reside in. We will use the traditional -/usr/local/etc directory for the remainder of this document. -As root, install smrsh in /usr/local/etc directory, with mode 511. +As root, install smrsh in /usr/libexec. Using the Build script: -host.domain# mv smrsh /usr/local/etc -host.domain# chmod 511 /usr/local/etc/smrsh + host.domain# sh Build install + +For manual installation: install smrsh in the /usr/libexec +directory, with mode 511. + + host.domain# mv smrsh /usr/libexec + host.domain# chmod 511 /usr/libexec/smrsh Next, determine the list of commands that smrsh should allow sendmail to run. This list of allowable commands can be determined by: - 1. examining your /etc/aliases file, to indicate what commands - are being used by the system. + 1. examining your /etc/mail/aliases file, to indicate what commands + are being used by the system. - 2. surveying your host's .forward files, to determine what - commands users have specified. + 2. surveying your host's .forward files, to determine what + commands users have specified. -See the man page for aliases(5) if you are unfamiliar with the format of -these specifications. Additionally, you should include in the list, +See the man page for aliases(5) if you are unfamiliar with the format of +these specifications. Additionally, you should include in the list, popular commands such as /usr/ucb/vacation. You should NOT include interpreter programs such as sh(1), csh(1), -perl(1), uudecode(1) or the stream editor sed(1) in your list of +perl(1), uudecode(1) or the stream editor sed(1) in your list of acceptable commands. -You will next need to create the directory /usr/adm/sm.bin and populate +You will next need to create the directory /usr/adm/sm.bin and populate it with the programs that your site feels are allowable for sendmail to execute. This directory is explicitly specified in the source code for smrsh, so changing this directory must be accompanied with @@ -83,11 +91,11 @@ to the directory, or establish links to the allowable programs from can not be modified by non-root users. If you use links, you should ensure that the target programs are not modifiable. -To allow the popular vacation(1) program by creating a link in the +To allow the popular vacation(1) program by creating a link in the /usr/adm/sm.bin directory, you should: -host.domain# cd /usr/adm/sm.bin -host.domain# ln -s /usr/ucb/vacation vacation + host.domain# cd /usr/adm/sm.bin + host.domain# ln -s /usr/ucb/vacation vacation @@ -96,18 +104,18 @@ After populating the /usr/adm/sm.bin directory, you can now configure sendmail to use the restricted shell. Save the current sendmail.cf file prior to modifying it, as a prudent precaution. -Typically, the program mailer is defined by a single line in the +Typically, the program mailer is defined by a single line in the sendmail configuration file, sendmail.cf. This file is traditionally -found in the /etc, /usr/lib or /etc/mail directories, depending on +found in the /etc, /usr/lib or /etc/mail directories, depending on the UNIX vendor. If you are unsure of the location of the actual sendmail configuration file, a search of the strings(1) output of the sendmail binary, will help to locate it. -In order to configure sendmail to use smrsh, you must modify the Mprog -definition in the sendmail.cf file, by replacing the /bin/sh specification -with /usr/local/etc/smrsh. +In order to configure sendmail to use smrsh, you must modify the Mprog +definition in the sendmail.cf file, by replacing the /bin/sh specification +with /usr/libexec/smrsh. As an example: @@ -115,17 +123,17 @@ In most Sun Microsystems' sendmail.cf files, the line is: Mprog, P=/bin/sh, F=lsDFMeuP, S=10, R=20, A=sh -c $u which should be changed to: -Mprog, P=/usr/local/etc/smrsh, F=lsDFMeuP, S=10, R=20, A=sh -c $u - ^^^^^^^^^^^^^^^^^^^^ +Mprog, P=/usr/libexec/smrsh, F=lsDFMeuP, S=10, R=20, A=sh -c $u + ^^^^^^^^^^^^^^^^^^ A more generic line may be: Mprog, P=/bin/sh, F=lsDFM, A=sh -c $u and should be changed to; -Mprog, P=/usr/local/etc/smrsh, F=lsDFM, A=sh -c $u +Mprog, P=/usr/libexec/smrsh, F=lsDFM, A=sh -c $u -After modifying the Mprog definition in the sendmail.cf file, if a frozen +After modifying the Mprog definition in the sendmail.cf file, if a frozen configuration file is being used, it is essential to create a new one. You can determine if you need a frozen configuration by discovering if a sendmail.fc file currently exists in either the /etc/, /usr/lib, @@ -133,12 +141,16 @@ or /etc/mail directories. The specific location can be determined using a search of the strings(1) output of the sendmail binary. In order to create a new frozen configuration, if it is required: -host.domain# /usr/lib/sendmail -bz + host.domain# /usr/lib/sendmail -bz -Now re-start the sendmail process. An example of how to do this on +Now re-start the sendmail process. An example of how to do this on a typical system follows: - -host.domain# /usr/bin/ps aux | /usr/bin/grep sendmail -root 130 0.0 0.0 168 0 ? IW Oct 2 0:10 /usr/lib/sendmail -bd -q -host.domain# /bin/kill -9 130 -host.domain# /usr/lib/sendmail -bd -q30m + + host.domain# cat /var/run/sendmail.pid + 130 + /usr/sbin/sendmail -bd -q30m + host.domain# /bin/kill -15 130 + host.domain# /usr/sbin/sendmail -bd -q30m + + +$Revision: 8.6 $, Last updated $Date: 1999/04/28 01:09:51 $ |
