#!/usr/bin/perl
# The Learning Online Network
#
# pwchange - setuid script to change unix passwords
#
# YEAR=2001
# 10/23,11/13,11/15 Scott Harrison
#
# $Id: pwchange,v 1.2 2001/11/15 18:13:32 harris41 Exp $
###
use strict;
my $VERSION = 1.1;
# ------------------------------------------------------------------ Untainting
$ENV{'PATH'}='/bin:/usr/bin'; # Nullify path information.
delete @ENV{qw(IFS CDPATH ENV BASH_ENV)}; # nullify potential taints
# ----------------------------- Make sure this process is running from user=www
my $wwwid=getpwnam('www');
if ($wwwid!=$<) {
exit 1;
}
# ----------------------------------------------- If not running setuid as root
if ($>!=0) {
exit 1;
}
# ----------------------------------------------- Make sure arguments are valid
my $user=shift @ARGV;
$user=~/^(\w+)$/;
my $safe=$1;
my $pword=<>;
chomp $pword;
unless (length($safe) and ($user eq $safe) and ($safe=~/^[A-Za-z]/)) {
exit 2;
}
my $pbad=0;
map {if (($_<32)&&($_>126)){$pbad=1;}} (split(//,$pword));
exit 3 if $pbad;
# --------------------------------------------------------- Call system command
open OUT,"|passwd --stdin $safe >/dev/null";
print OUT $pword;
print OUT "\n";
close OUT;
# --------------------------------------- exit with status of command execution
exit $?/256;
=head1 NAME
pwchange - setuid script to change unix passwords
=head1 DESCRIPTION
Setuid script to change unix passwords.
=head1 README
Setuid script to change unix passwords.
=head1 PREREQUISITES
=head1 COREQUISITES
=pod OSNAMES
linux
=pod SCRIPT CATEGORIES
LONCAPA/Administrative
=cut
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/back.gif){kind=icon}
Return to pwchange CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [LON-CAPA] / loncom