[879] in linux-security and linux-alert archive
Re: [linux-security] sudo passwd wrapper
daemon@ATHENA.MIT.EDU (Chris Evans)
Thu Jul 4 15:59:34 1996
Date: Thu, 4 Jul 1996 19:08:32 +0100 (BST)
From: Chris Evans <chris@ferret.lmh.ox.ac.uk>
To: Adam Solesby <adam@saucy.shack.com>
cc: linux-security@tarsier.cv.nrao.edu, shadow-list@neptune.cin.net
In-Reply-To: <199607011841.NAA09666@saucy.shack.com>
On Mon, 1 Jul 1996, Adam Solesby wrote:
> I implemented a program to disallow changing of passwords of specified users.
> It is meant to be used with sudo for people that need to change passwords.
> Please email me suggestions because I'm not too security savvy. --Adam.
> chpw.c:
[snip..]
Problems with your program....
1) Using system() with user-supplied arguements (check for shell
metacharacters)
2) Using system() without clobbering the environment (lots of nasty
variables users can set).
3) Relying on USER environment variable to report the user who isn't
allowed to change passwords (you really want getpwuid(getuid())->pw_name)
A better solution is to look at the ongoing shadow password suite
development, I'm about to release a simple patch to allow certain
privileged users to change certain passwords (ie ban changes to system
accounts). The patch will eventually mutate in a config file capable of
allowing certain users to expire passwords, change expiry info, lock
accounts etc.
Chris.
[Mod: Also worth watching, for eventual solutions, is the PAM project.
See http://www.redhat.com/pam/ for more info. --Jeff.]