smrsh - Is it really necessary?
I've been thinking about smrsh (ie. the sendmail restricted shell) that is being used for command forwarding in your .forward file, and quite frankly, I don't understand what it's good for. I mean, don't you have to have a shell account to edit your .forward file anyway? In that case, what could you do with that that you couldn't do from the normal shell? Wouldn't cron be just as harmful?
I mean, sure, I can understand it if you're having a dedicated mail server that's using the same home directories that users usually work on. In that case you might want to block users from running anything on the mail server. But isn't that really quite a special case?
The strange thing is that it seems so obvious to the sendmail developers that smrsh should be used in every possible situation. Am I just overlooking something?