diff --git a/secure/usr.sbin/sendmail/Makefile b/secure/usr.sbin/sendmail/Makefile index 2dc0b0fd7b50..b24a1b68c2a8 100644 --- a/secure/usr.sbin/sendmail/Makefile +++ b/secure/usr.sbin/sendmail/Makefile @@ -1,7 +1,7 @@ # @(#)Makefile 8.12 (Berkeley) 5/29/95 VER= XX -SUBDIR= src mailstats makemap praliases cf/cf +SUBDIR= src mailstats makemap praliases shmrsh cf/cf FTPDIR= mastodon:/disks/barad-dur/ftp/sendmail/. DISTFILES=sendmail.${VER}.tar.Z sendmail.${VER}.tar.gz \ RELEASE_NOTES FAQ KNOWNBUGS diff --git a/usr.sbin/sendmail/Makefile b/usr.sbin/sendmail/Makefile index 2dc0b0fd7b50..b24a1b68c2a8 100644 --- a/usr.sbin/sendmail/Makefile +++ b/usr.sbin/sendmail/Makefile @@ -1,7 +1,7 @@ # @(#)Makefile 8.12 (Berkeley) 5/29/95 VER= XX -SUBDIR= src mailstats makemap praliases cf/cf +SUBDIR= src mailstats makemap praliases shmrsh cf/cf FTPDIR= mastodon:/disks/barad-dur/ftp/sendmail/. DISTFILES=sendmail.${VER}.tar.Z sendmail.${VER}.tar.gz \ RELEASE_NOTES FAQ KNOWNBUGS diff --git a/usr.sbin/sendmail/smrsh/Makefile b/usr.sbin/sendmail/smrsh/Makefile index f2629a8c1926..1cdf5d987dc2 100644 --- a/usr.sbin/sendmail/smrsh/Makefile +++ b/usr.sbin/sendmail/smrsh/Makefile @@ -1,8 +1,8 @@ # @(#)Makefile 8.1 (Berkeley) 7/2/95 PROG= smrsh -MAN8= smrsh.0 +MAN8= smrsh.8 CFLAGS+=-I${.CURDIR}/../src -DNDBM -DNEWDB -.include "../../Makefile.inc" +BINDIR= /usr/libexec .include diff --git a/usr.sbin/sendmail/smrsh/smrsh.8 b/usr.sbin/sendmail/smrsh/smrsh.8 index 3e547fcc892c..bed2417075d3 100644 --- a/usr.sbin/sendmail/smrsh/smrsh.8 +++ b/usr.sbin/sendmail/smrsh/smrsh.8 @@ -59,7 +59,7 @@ limits the set of programs that he or she can execute. Briefly, .I smrsh limits programs to be in the directory -/usr/adm/sm.bin, +/usr/libexec/sm.bin, allowing the system administrator to choose the set of acceptable commands. It also rejects any commands with the characters `\`', `<', `>', `|', `;', `&', `$', `(', `)', `\r' (carriage return), @@ -67,16 +67,15 @@ or `\n' (newline) on the command line to prevent ``end run'' attacks. .PP Initial pathnames on programs are stripped, -so forwarding to ``/usr/ucb/vacation'', -``/usr/bin/vacation'', +so forwarding to ``/usr/bin/vacation'', ``/home/server/mydir/bin/vacation'', and ``vacation'' all actually forward to -``/usr/adm/sm.bin/vacation''. +``/usr/libexec/sm.bin/vacation''. .PP System administrators should be conservative about populating -/usr/adm/sm.bin. +/usr/libexec/sm.bin. Reasonable additions are .IR vacation (1), .IR procmail (1), @@ -95,11 +94,11 @@ it simply disallows execution of arbitrary programs. Compilation should be trivial on most systems. You may need to use \-DPATH=\e"\fIpath\fP\e" to adjust the default search path -(defaults to ``/bin:/usr/bin:/usr/ucb'') +(defaults to ``/bin:/usr/bin'') and/or \-DCMDBIN=\e"\fIdir\fP\e" to change the default program directory -(defaults to ``/usr/adm/sm.bin''). +(defaults to ``/usr/libexec/sm.bin''). .SH FILES -/usr/adm/sm.bin \- directory for restricted programs +/usr/libexec/sm.bin \- directory for restricted programs .SH SEE ALSO sendmail(8) diff --git a/usr.sbin/sendmail/smrsh/smrsh.c b/usr.sbin/sendmail/smrsh/smrsh.c index 662ec828302b..49201e9acd0b 100644 --- a/usr.sbin/sendmail/smrsh/smrsh.c +++ b/usr.sbin/sendmail/smrsh/smrsh.c @@ -58,8 +58,8 @@ static char sccsid[] = "@(#)smrsh.c 8.4 (Berkeley) 11/11/95"; ** This is more restrictive than strictly necessary. ** ** To use this, edit /etc/sendmail.cf, search for ^Mprog, and -** change P=/bin/sh to P=/usr/local/etc/smrsh, where this compiled -** binary is installed /usr/local/etc/smrsh. +** change P=/bin/sh to P=/usr/libexec/smrsh, where this compiled +** binary is installed /usr/libexec/smrsh. ** ** This can be used on any version of sendmail. ** @@ -79,7 +79,7 @@ static char sccsid[] = "@(#)smrsh.c 8.4 (Berkeley) 11/11/95"; /* directory in which all commands must reside */ #ifndef CMDDIR -# define CMDDIR "/usr/adm/sm.bin" +# define CMDDIR "/usr/libexec/sm.bin" #endif /* characters disallowed in the shell "-c" argument */ @@ -87,7 +87,7 @@ static char sccsid[] = "@(#)smrsh.c 8.4 (Berkeley) 11/11/95"; /* default search path */ #ifndef PATH -# define PATH "/bin:/usr/bin:/usr/ucb" +# define PATH "/bin:/usr/bin" #endif main(argc, argv)