[879] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

Re: [linux-security] sudo passwd wrapper

daemon@ATHENA.MIT.EDU (Chris Evans)
Thu Jul 4 15:59:34 1996

Date: Thu, 4 Jul 1996 19:08:32 +0100 (BST)
From: Chris Evans <chris@ferret.lmh.ox.ac.uk>
To: Adam Solesby <adam@saucy.shack.com>
cc: linux-security@tarsier.cv.nrao.edu, shadow-list@neptune.cin.net
In-Reply-To: <199607011841.NAA09666@saucy.shack.com>

On Mon, 1 Jul 1996, Adam Solesby wrote:

> I implemented a program to disallow changing of passwords of specified users.
> It is meant to be used with sudo for people that need to change passwords.
> Please email me suggestions because I'm not too security savvy. --Adam.
> chpw.c:

[snip..]

Problems with your program....

1) Using system() with user-supplied arguements (check for shell 
metacharacters)

2) Using system() without clobbering the environment (lots of nasty 
variables users can set).

3) Relying on USER environment variable to report the user who isn't 
allowed to change passwords (you really want getpwuid(getuid())->pw_name)

A better solution is to look at the ongoing shadow password suite 
development, I'm about to release a simple patch to allow certain 
privileged users to change certain passwords (ie ban changes to system 
accounts). The patch will eventually mutate in a config file capable of 
allowing certain users to expire passwords, change expiry info, lock 
accounts etc.

Chris.

[Mod: Also worth watching, for eventual solutions, is the PAM project.
See http://www.redhat.com/pam/ for more info.  --Jeff.]

home help back first fref pref prev next nref lref last post