[881] in linux-security and linux-alert archive
Re: [linux-security] sudo passwd wrapper
daemon@ATHENA.MIT.EDU (Marek Michalkiewicz)
Fri Jul 5 13:12:27 1996
From: Marek Michalkiewicz <marekm@i17linuxb.ists.pwr.wroc.pl>
To: chris@ferret.lmh.ox.ac.uk (Chris Evans)
Date: Fri, 5 Jul 1996 03:42:21 +0200 (MET DST)
Cc: adam@saucy.shack.com, linux-security@tarsier.cv.nrao.edu,
shadow-list@neptune.cin.net
In-Reply-To: <Pine.LNX.3.91.960704190214.671A-100000@ferret.lmh.ox.ac.uk> from "Chris Evans" at Jul 4, 96 07:08:32 pm
Chris Evans:
> Problems with your program....
[ snip ]
4) strcat(command,ARGV[1]) - no check for buffer overrun
5) "sudo chpw root" won't work, but "sudo chpw '-- root'" will
(if passwd uses getopt - shadow passwd does).
This program was probably a joke (why on 1 July and not 1 April?).
At least the author was right in the "it is probably not secure"
comment. But it's easier to just give the root password to people
who need to change passwords...
The moderator must have been asleep (or really busy with some
other not security-related things) to approve such a short program
with so many obvious holes :-). (sorry, couldn't resist)
Marek
[Mod <chuckle>: As a rule I don't really review code segments that are
posted here, other than to make sure they're relevant to Linux security
in some way. I know that I'll miss things in my review (it's
inevitable), so I normally opt for tossing the code to the wolves here;
as a pack they tend to me more thorough. <grin> --Jeff.]