|
|
smrsh limits programs available in the directory
/usr/adm/sm.bin,
allowing the system administrator to choose
the set of acceptable commands,
and to the shell builtin commands exec,
exit, and echo.
It also rejects any commands with the characters
\, <, >, |, ;, &, $, (, ), <Return>, or (newline)
on the command line to prevent ``end run'' access.
It allows ``||'' and ``&&'' to enable constructions similar to
the following:
|exec /usr/local/bin/procmail -f- /etc/procmailrcs/user || exit 75
Initial path names on programs are stripped.
System administrators should be conservative about populating /usr/adm/sm.bin. Never include any shell or shell-like program such as perl in the sm.bin directory. This does not restrict the use of shell or perl scripts in the sm.bin directory (using the #! syntax); it simply disallows execution of arbitrary programs.
Compilation should be trivial on most systems. You may need to use -DPATH=path to adjust the default search path (defaults to /bin:/usr/bin:/usr/ucb) or -DCMDBIN=dir to change the default program directory (defaults to /usr/adm/sm.bin).