Enable proper installation of sendmail restricted shell smrsh(8).

This program is a wrapper for the prog mailer in sendmail.  It does shell
meta character masking and restricts the list of executables to those found
in /usr/libexec/sm.bin.

The default sendmail.cf file does not use this tool, however you can enable
it by either changing /bin/sh to /usr/libexec/smrsh or adding the line
FEATURE(smrsh) into your sendmail .mc file and rebuilding your .cf file.

For more info, RTFMP.

secure/usr.sbin/sendmail/Makefile

@@ -1,7 +1,7 @@
 #       @(#)Makefile	8.12 (Berkeley) 5/29/95
 
 VER=	XX
-SUBDIR= src mailstats makemap praliases cf/cf
+SUBDIR= src mailstats makemap praliases shmrsh cf/cf
 FTPDIR=	mastodon:/disks/barad-dur/ftp/sendmail/.
 DISTFILES=sendmail.${VER}.tar.Z sendmail.${VER}.tar.gz \
 	RELEASE_NOTES FAQ KNOWNBUGS

usr.sbin/sendmail/Makefile

@@ -1,7 +1,7 @@
 #       @(#)Makefile	8.12 (Berkeley) 5/29/95
 
 VER=	XX
-SUBDIR= src mailstats makemap praliases cf/cf
+SUBDIR= src mailstats makemap praliases shmrsh cf/cf
 FTPDIR=	mastodon:/disks/barad-dur/ftp/sendmail/.
 DISTFILES=sendmail.${VER}.tar.Z sendmail.${VER}.tar.gz \
 	RELEASE_NOTES FAQ KNOWNBUGS

usr.sbin/sendmail/smrsh/Makefile

@@ -1,8 +1,8 @@
 #	@(#)Makefile	8.1 (Berkeley) 7/2/95
 
 PROG=	smrsh
-MAN8=	smrsh.0
+MAN8=	smrsh.8
 CFLAGS+=-I${.CURDIR}/../src -DNDBM -DNEWDB
 
-.include "../../Makefile.inc"
+BINDIR=	/usr/libexec
 .include <bsd.prog.mk>

usr.sbin/sendmail/smrsh/smrsh.8

@@ -59,7 +59,7 @@ limits the set of programs that he or she can execute.
 Briefly,
 .I smrsh
 limits programs to be in the directory
-/usr/adm/sm.bin,
+/usr/libexec/sm.bin,
 allowing the system administrator to choose the set of acceptable commands.
 It also rejects any commands with the characters
 `\`', `<', `>', `|', `;', `&', `$', `(', `)', `\r' (carriage return),
@@ -67,16 +67,15 @@ or `\n' (newline)
 on the command line to prevent ``end run'' attacks.
 .PP
 Initial pathnames on programs are stripped,
-so forwarding to ``/usr/ucb/vacation'',
+so forwarding to ``/usr/bin/vacation'',
-``/usr/bin/vacation'',
 ``/home/server/mydir/bin/vacation'',
 and
 ``vacation''
 all actually forward to
-``/usr/adm/sm.bin/vacation''.
+``/usr/libexec/sm.bin/vacation''.
 .PP
 System administrators should be conservative about populating
-/usr/adm/sm.bin.
+/usr/libexec/sm.bin.
 Reasonable additions are
 .IR vacation (1),
 .IR procmail (1),
@@ -95,11 +94,11 @@ it simply disallows execution of arbitrary programs.
 Compilation should be trivial on most systems.
 You may need to use \-DPATH=\e"\fIpath\fP\e"
 to adjust the default search path
-(defaults to ``/bin:/usr/bin:/usr/ucb'')
+(defaults to ``/bin:/usr/bin'')
 and/or \-DCMDBIN=\e"\fIdir\fP\e"
 to change the default program directory
-(defaults to ``/usr/adm/sm.bin'').
+(defaults to ``/usr/libexec/sm.bin'').
 .SH FILES
-/usr/adm/sm.bin \- directory for restricted programs
+/usr/libexec/sm.bin \- directory for restricted programs
 .SH SEE ALSO
 sendmail(8)

usr.sbin/sendmail/smrsh/smrsh.c

@@ -58,8 +58,8 @@ static char sccsid[] = "@(#)smrsh.c	8.4 (Berkeley) 11/11/95";
 **	This is more restrictive than strictly necessary.
 **
 **	To use this, edit /etc/sendmail.cf, search for ^Mprog, and
-**	change P=/bin/sh to P=/usr/local/etc/smrsh, where this compiled
+**	change P=/bin/sh to P=/usr/libexec/smrsh, where this compiled
-**	binary is installed /usr/local/etc/smrsh.
+**	binary is installed /usr/libexec/smrsh.
 **
 **	This can be used on any version of sendmail.
 **
@@ -79,7 +79,7 @@ static char sccsid[] = "@(#)smrsh.c	8.4 (Berkeley) 11/11/95";
 
 /* directory in which all commands must reside */
 #ifndef CMDDIR
-# define CMDDIR		"/usr/adm/sm.bin"
+# define CMDDIR		"/usr/libexec/sm.bin"
 #endif
 
 /* characters disallowed in the shell "-c" argument */
@@ -87,7 +87,7 @@ static char sccsid[] = "@(#)smrsh.c	8.4 (Berkeley) 11/11/95";
 
 /* default search path */
 #ifndef PATH
-# define PATH		"/bin:/usr/bin:/usr/ucb"
+# define PATH		"/bin:/usr/bin"
 #endif
 
 main(argc, argv)