[878] in linux-security and linux-alert archive
Re: [linux-security] sudo passwd wrapper
daemon@ATHENA.MIT.EDU (spew)
Thu Jul 4 15:59:30 1996
Date: Wed, 3 Jul 1996 21:39:54 -0400 (EDT)
From: spew <spew@j51.com>
To: Adam Solesby <adam@saucy.shack.com>
cc: linux-security@tarsier.cv.nrao.edu
In-Reply-To: <199607011841.NAA09666@saucy.shack.com>
On Mon, 1 Jul 1996, Adam Solesby wrote:
> I implemented a program to disallow changing of passwords of specified users.
> It is meant to be used with sudo for people that need to change passwords.
> Please email me suggestions because I'm not too security savvy. --Adam.
It shows. :)
[snip]
> {
> strcat(command,ARGV[1]);
Bug 1: Stack overwrite. Values of argv[1] greater than
100 - strlen("/bin/passwd ") in length can overwrite the stack and be
used to obtain root.
> system( command ); /* not safe */
Bug 2: Do I even have to explain this one?