[876] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] sudo passwd wrapper

daemon@ATHENA.MIT.EDU (Adam Solesby)
Wed Jul 3 17:06:48 1996

From: Adam Solesby <adam@saucy.shack.com>
To: linux-security@tarsier.cv.nrao.edu
Date: Mon, 1 Jul 1996 13:41:54 -0500 (CDT)

I implemented a program to disallow changing of passwords of specified users.
It is meant to be used with sudo for people that need to change passwords.
Please email me suggestions because I'm not too security savvy. --Adam.
chpw.c:
------------------------------------------------------------------------
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include <syslog.h>

/*
	chpw.c by Adam Solesby <adam@shack.com> copyright 1996

	This program doesn't allow passwords of usernames to be
	changed. It is meant to be a wrapper for use with sudo and
	your normal passwd program. It is probably not secure.
	Please email me if you use this and especially if you find
	errors or security holes.
*/

#define NUM_NOCHANGE 2

main( int argc, char ** ARGV )
{
	/* array of users that should not be changed */
	char * NOCHANGE[NUM_NOCHANGE] = { "root", "adam" };

	/* full path to passwd program */
	char command[100] = "/bin/passwd ";

	char * sudouser;
	int i, illegal=0;

 	openlog(ARGV[0], LOG_PID, LOG_AUTH );

	sudouser = getenv("USER"); /* sudo should pass the environment */

	/* simple test for people testing the system */
	if ( sudouser == NULL || strcmp(sudouser,"") == 0 )
	{
		printf("You cannot change passwords.\n");
		syslog( LOG_AUTH , "UNKNOWN USER attempted to change a password.");
	}

	else if (argc == 2)
	{
		/* test for illegal usernames */
		for (i=0; i<NUM_NOCHANGE; i++)
		{
			if (strcmp(ARGV[1],NOCHANGE[i])==0) illegal=1;
		}

		if ( illegal )
		{
			printf("You cannot change %s's password.\n",ARGV[1]);
			syslog( LOG_AUTH , "%s attempted to change %s's password.", sudouser, ARGV[1] );
		}
		else
		{
			strcat(command,ARGV[1]);
 			system( command ); /* not safe */
		}
	}
	else printf("Usage: %s <username>\n", ARGV[0]);
}
------------------------------------------------------------------------
-- 
=============================================================================
Adam Solesby                    adam@shack.com           615.269.7836  [home]
http://www.shack.com         solesby@telalink.net        615.817.9900 [pager]
=============================================================================

home help back first fref pref prev next nref lref last post