Red Hat Bugzilla – Bug 44757
smrsh is useless with procmail as LDA
Last modified: 2017-05-12 21:16:21 EDT
As shipped, sendmail is configured to use procmail as the local delivery agent. It is also configured to use the sendmail restricted shell, smrsh, for program deliveries. Configuring smrsh when procmail is the LDA is pointless. Any restrictions that are set up with smrsh as to what programs users can run from their .forward files can easily be circumvented with a .procmailrc as simple as :0 * . | $HOME/someprogram As long as procmail is the LDA, configuring sendmail to use smrsh is nothing but an annoyance and cause for confusion for people not familiar with smrsh.
Providing smrsh allows to change the configuration to a more restrictive one than shipped by default with Red Hat Linux. I think the current setup is ok, but agree that this point could be added to some Red Hat README about sendmail. Thanks for this report, Florian La Roche
I'm not saying that smrsh shouldn't be provided, just that the default sendmail.cf should not use smrsh since procmail is also used. This can be confusing and misleading (some may think that have more security than they really do since smrsh is rendered useless by procmail).
Commit pushed to master at https://github.com/openshift/origin https://github.com/openshift/origin/commit/8b7ba774dced535d99c8f805edde700f0f6b5120 UPSTREAM: 44760: Fix issue #44757: Flaky Test_AttachDetachControllerRecovery