1N/A * Copyright (c) 1998-2004 Sendmail, Inc. and its suppliers. 1N/A * All rights reserved. 1N/A * Copyright (c) 1993 Eric P. Allman. All rights reserved. 1N/A * Copyright (c) 1993 1N/A * The Regents of the University of California. All rights reserved. 1N/A * By using this file, you agree to the terms and conditions set 1N/A * forth in the LICENSE file which can be found at the top level of 1N/A * the sendmail distribution. 1N/A#
pragma ident "%Z%%M% %I% %E% SMI" 1N/A"@(#) Copyright (c) 1998-2004 Sendmail, Inc. and its suppliers.\n\ 1N/A All rights reserved.\n\ 1N/A Copyright (c) 1993 Eric P. Allman. All rights reserved.\n\ 1N/A Copyright (c) 1993\n\ 1N/A The Regents of the University of California. All rights reserved.\n")
1N/A** SMRSH -- sendmail restricted shell 1N/A** This is a patch to get around the prog mailer bugs in most 1N/A** versions of sendmail. 1N/A** Use this in place of /bin/sh in the "prog" mailer definition 1N/A** root, mode 755) and put links to any programs you want 1N/A** available to prog mailers in that directory. This should 1N/A** include things like "vacation" and "procmail", but not "sed" 1N/A** Leading pathnames are stripped from program names so that 1N/A** existing .forward files that reference things like 1N/A** The following characters are completely illegal: 1N/A** < > ^ & ` ( ) \n \r 1N/A** The following characters are sometimes illegal: 1N/A** This is more restrictive than strictly necessary. 1N/A** To use this, add FEATURE(`smrsh') to your .mc file. 1N/A** This can be used on any version of sendmail. 1N/A** In loving memory of RTM. 11/02/93. 1N/A/* directory in which all commands must reside */ 1N/A#
else /* SMRSH_CMDDIR */ 1N/A#
endif /* SMRSH_CMDDIR */ 1N/A#
endif /* ! CMDDIR */ 1N/A/* characters disallowed in the shell "-c" argument */ 1N/A/* default search path */ 1N/A#
else /* SMRSH_PATH */ 1N/A#
endif /* SMRSH_PATH */ 1N/A** ADDCMD -- add a string to newcmdbuf, check for overflow 1N/A** s -- string to add 1N/A** cmd -- it's a command: prepend CMDDIR/ 1N/A** len -- length of string to add 1N/A** changes newcmdbuf or exits with a failure. 1N/A /* enough space for s (len) and CMDDIR + "/" and '\0'? */ 1N/A#
else /* ! LOG_MAIL */ 1N/A#
endif /* ! LOG_MAIL */ 1N/A ** Do basic argv usage checking 1N/A "Usage: %s -c command\n",
prg);
1N/A ** Disallow special shell syntax. This is overly restrictive, 1N/A ** but it should shut down all attacks. 1N/A ** Be sure to include 8-bit versions, since many shells strip 1N/A ** the address to 7 bits before checking. 1N/A ** Do a quick sanity check on command line length. 1N/A ** Strip off a leading pathname on the command name. For 1N/A /* strip leading spaces */ 1N/A "%s: missing command to exec\n",
1N/A /* find the end of the command name */ 1N/A /* search backwards for last / (allow for 0200 bit) */ 1N/A /* cmd now points at final component of path name */ 1N/A /* allow a few shell builtins */ 1N/A /* test _next_ arg */ 1N/A /* test following chars */ 1N/A ** Check to see if the command name is legal. 1N/A "%s: \"%s\" not available for sendmail programs (filename too long)\n",
1N/A "%s: \"%s\" not available for sendmail programs (stat failed)\n",
1N/A "%s: \"%s\" not available for sendmail programs (not a file)\n",
1N/A /* oops.... crack attack possiblity */ 1N/A "%s: \"%s\" not available for sendmail programs\n",
1N/A ** Create the actual shell input. 1N/A#
endif /* ALLOWSEMI */ 1N/A if ((*r ==
'&' && *(r +
1) ==
'&') ||
1N/A (*r ==
'|' && *(r +
1) ==
'|'))
1N/A "%s: cannot use %c in command\n",
prg, *r);
1N/A "%s: missing command to exec\n",
prg);
1N/A /* make sure we created something */ 1N/A "Usage: %s -c command\n",
prg);
1N/A ** Now invoke the shell