[876] in linux-security and linux-alert archive
[linux-security] sudo passwd wrapper
daemon@ATHENA.MIT.EDU (Adam Solesby)
Wed Jul 3 17:06:48 1996
From: Adam Solesby <adam@saucy.shack.com>
To: linux-security@tarsier.cv.nrao.edu
Date: Mon, 1 Jul 1996 13:41:54 -0500 (CDT)
I implemented a program to disallow changing of passwords of specified users.
It is meant to be used with sudo for people that need to change passwords.
Please email me suggestions because I'm not too security savvy. --Adam.
chpw.c:
------------------------------------------------------------------------
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include <syslog.h>
/*
chpw.c by Adam Solesby <adam@shack.com> copyright 1996
This program doesn't allow passwords of usernames to be
changed. It is meant to be a wrapper for use with sudo and
your normal passwd program. It is probably not secure.
Please email me if you use this and especially if you find
errors or security holes.
*/
#define NUM_NOCHANGE 2
main( int argc, char ** ARGV )
{
/* array of users that should not be changed */
char * NOCHANGE[NUM_NOCHANGE] = { "root", "adam" };
/* full path to passwd program */
char command[100] = "/bin/passwd ";
char * sudouser;
int i, illegal=0;
openlog(ARGV[0], LOG_PID, LOG_AUTH );
sudouser = getenv("USER"); /* sudo should pass the environment */
/* simple test for people testing the system */
if ( sudouser == NULL || strcmp(sudouser,"") == 0 )
{
printf("You cannot change passwords.\n");
syslog( LOG_AUTH , "UNKNOWN USER attempted to change a password.");
}
else if (argc == 2)
{
/* test for illegal usernames */
for (i=0; i<NUM_NOCHANGE; i++)
{
if (strcmp(ARGV[1],NOCHANGE[i])==0) illegal=1;
}
if ( illegal )
{
printf("You cannot change %s's password.\n",ARGV[1]);
syslog( LOG_AUTH , "%s attempted to change %s's password.", sudouser, ARGV[1] );
}
else
{
strcat(command,ARGV[1]);
system( command ); /* not safe */
}
}
else printf("Usage: %s <username>\n", ARGV[0]);
}
------------------------------------------------------------------------
--
=============================================================================
Adam Solesby adam@shack.com 615.269.7836 [home]
http://www.shack.com solesby@telalink.net 615.817.9900 [pager]
=============================================================================