[881] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

Re: [linux-security] sudo passwd wrapper

daemon@ATHENA.MIT.EDU (Marek Michalkiewicz)
Fri Jul 5 13:12:27 1996

From: Marek Michalkiewicz <marekm@i17linuxb.ists.pwr.wroc.pl>
To: chris@ferret.lmh.ox.ac.uk (Chris Evans)
Date: Fri, 5 Jul 1996 03:42:21 +0200 (MET DST)
Cc: adam@saucy.shack.com, linux-security@tarsier.cv.nrao.edu,
        shadow-list@neptune.cin.net
In-Reply-To: <Pine.LNX.3.91.960704190214.671A-100000@ferret.lmh.ox.ac.uk> from "Chris Evans" at Jul 4, 96 07:08:32 pm

Chris Evans:
> Problems with your program....

[ snip ]

4) strcat(command,ARGV[1]) - no check for buffer overrun

5) "sudo chpw root" won't work, but "sudo chpw '-- root'" will
   (if passwd uses getopt - shadow passwd does).

This program was probably a joke (why on 1 July and not 1 April?).
At least the author was right in the "it is probably not secure"
comment.  But it's easier to just give the root password to people
who need to change passwords...

The moderator must have been asleep (or really busy with some
other not security-related things) to approve such a short program
with so many obvious holes :-).  (sorry, couldn't resist)

Marek

[Mod <chuckle>: As a rule I don't really review code segments that are
posted here, other than to make sure they're relevant to Linux security
in some way.  I know that I'll miss things in my review (it's
inevitable), so I normally opt for tossing the code to the wolves here;
as a pack they tend to me more thorough.  <grin> --Jeff.]

home help back first fref pref prev next nref lref last post