*** /usr/src/usr.sbin/sendmail/smrsh/Makefile 1995/12/02 17:24:12 1.1 --- /usr/src/usr.sbin/sendmail/smrsh/Makefile 1996/04/22 06:34:37 1.1.1.1.2.1 *************** *** 1,8 **** # @(#)Makefile 8.1 (Berkeley) 7/2/95 PROG= smrsh ! MAN8= smrsh.0 CFLAGS+=-I${.CURDIR}/../src -DNDBM -DNEWDB ! .include "../../Makefile.inc" .include --- 1,8 ---- # @(#)Makefile 8.1 (Berkeley) 7/2/95 PROG= smrsh ! MAN8= smrsh.8 CFLAGS+=-I${.CURDIR}/../src -DNDBM -DNEWDB ! BINDIR= /usr/libexec .include *** /usr/src/usr.sbin/sendmail/smrsh/smrsh.8 1995/12/02 17:24:13 1.1 --- /usr/src/usr.sbin/sendmail/smrsh/smrsh.8 1996/04/22 06:34:38 1.1.1.1.2.1 *************** *** 59,65 **** Briefly, .I smrsh limits programs to be in the directory ! /usr/adm/sm.bin, allowing the system administrator to choose the set of acceptable commands. It also rejects any commands with the characters `\`', `<', `>', `|', `;', `&', `$', `(', `)', `\r' (carriage return), --- 59,65 ---- Briefly, .I smrsh limits programs to be in the directory ! /usr/libexec/sm.bin, allowing the system administrator to choose the set of acceptable commands. It also rejects any commands with the characters `\`', `<', `>', `|', `;', `&', `$', `(', `)', `\r' (carriage return), *************** *** 67,82 **** on the command line to prevent ``end run'' attacks. .PP Initial pathnames on programs are stripped, ! so forwarding to ``/usr/ucb/vacation'', ! ``/usr/bin/vacation'', ``/home/server/mydir/bin/vacation'', and ``vacation'' all actually forward to ! ``/usr/adm/sm.bin/vacation''. .PP System administrators should be conservative about populating ! /usr/adm/sm.bin. Reasonable additions are .IR vacation (1), .IR procmail (1), --- 67,81 ---- on the command line to prevent ``end run'' attacks. .PP Initial pathnames on programs are stripped, ! so forwarding to ``/usr/bin/vacation'', ``/home/server/mydir/bin/vacation'', and ``vacation'' all actually forward to ! ``/usr/libexec/sm.bin/vacation''. .PP System administrators should be conservative about populating ! /usr/libexec/sm.bin. Reasonable additions are .IR vacation (1), .IR procmail (1), *************** *** 95,105 **** Compilation should be trivial on most systems. You may need to use \-DPATH=\e"\fIpath\fP\e" to adjust the default search path ! (defaults to ``/bin:/usr/bin:/usr/ucb'') and/or \-DCMDBIN=\e"\fIdir\fP\e" to change the default program directory ! (defaults to ``/usr/adm/sm.bin''). .SH FILES ! /usr/adm/sm.bin \- directory for restricted programs .SH SEE ALSO sendmail(8) --- 94,104 ---- Compilation should be trivial on most systems. You may need to use \-DPATH=\e"\fIpath\fP\e" to adjust the default search path ! (defaults to ``/bin:/usr/bin'') and/or \-DCMDBIN=\e"\fIdir\fP\e" to change the default program directory ! (defaults to ``/usr/libexec/sm.bin''). .SH FILES ! /usr/libexec/sm.bin \- directory for restricted programs .SH SEE ALSO sendmail(8) *** /usr/src/usr.sbin/sendmail/smrsh/smrsh.c 1995/12/02 17:24:13 1.1 --- /usr/src/usr.sbin/sendmail/smrsh/smrsh.c 1996/04/22 06:34:38 1.1.1.1.2.1 *************** *** 58,65 **** ** This is more restrictive than strictly necessary. ** ** To use this, edit /etc/sendmail.cf, search for ^Mprog, and ! ** change P=/bin/sh to P=/usr/local/etc/smrsh, where this compiled ! ** binary is installed /usr/local/etc/smrsh. ** ** This can be used on any version of sendmail. ** --- 58,65 ---- ** This is more restrictive than strictly necessary. ** ** To use this, edit /etc/sendmail.cf, search for ^Mprog, and ! ** change P=/bin/sh to P=/usr/libexec/smrsh, where this compiled ! ** binary is installed /usr/libexec/smrsh. ** ** This can be used on any version of sendmail. ** *************** *** 79,85 **** /* directory in which all commands must reside */ #ifndef CMDDIR ! # define CMDDIR "/usr/adm/sm.bin" #endif /* characters disallowed in the shell "-c" argument */ --- 79,85 ---- /* directory in which all commands must reside */ #ifndef CMDDIR ! # define CMDDIR "/usr/libexec/sm.bin" #endif /* characters disallowed in the shell "-c" argument */ *************** *** 87,93 **** /* default search path */ #ifndef PATH ! # define PATH "/bin:/usr/bin:/usr/ucb" #endif main(argc, argv) --- 87,93 ---- /* default search path */ #ifndef PATH ! # define PATH "/bin:/usr/bin" #endif main(argc, argv)