--- loncom/pwchange	2001/10/23 03:43:02	1.1
+++ loncom/pwchange	2001/11/15 18:13:32	1.2
@@ -1,14 +1,34 @@
 #!/usr/bin/perl
 
+# The Learning Online Network
+#
+# pwchange - setuid script to change unix passwords
+#
+# YEAR=2001
+# 10/23,11/13,11/15 Scott Harrison
+#
+# $Id: pwchange,v 1.2 2001/11/15 18:13:32 harris41 Exp $
+###
+
 use strict;
 
+my $VERSION = 1.1;
+
+# ------------------------------------------------------------------ Untainting
 $ENV{'PATH'}='/bin:/usr/bin'; # Nullify path information.
-$ENV{'BASH_ENV'}=''; # Nullify shell environment information.
+delete @ENV{qw(IFS CDPATH ENV BASH_ENV)}; # nullify potential taints
 
+# ----------------------------- Make sure this process is running from user=www
+my $wwwid=getpwnam('www');
+if ($wwwid!=$<) {
+   exit 1;
+}
+# ----------------------------------------------- If not running setuid as root
 if ($>!=0) {
     exit 1;
 }
 
+# ----------------------------------------------- Make sure arguments are valid
 my $user=shift @ARGV;
 $user=~/^(\w+)$/;
 my $safe=$1;
@@ -22,9 +42,37 @@ my $pbad=0;
 map {if (($_<32)&&($_>126)){$pbad=1;}} (split(//,$pword));
 exit 3 if $pbad;
 
+# --------------------------------------------------------- Call system command
 open OUT,"|passwd --stdin $safe >/dev/null";
 print OUT $pword;
 print OUT "\n";
 close OUT;
 
+# --------------------------------------- exit with status of command execution
 exit $?/256;
+
+=head1 NAME
+
+pwchange - setuid script to change unix passwords
+
+=head1 DESCRIPTION
+
+Setuid script to change unix passwords.
+
+=head1 README
+
+Setuid script to change unix passwords.
+
+=head1 PREREQUISITES
+
+=head1 COREQUISITES
+
+=pod OSNAMES
+
+linux
+
+=pod SCRIPT CATEGORIES
+
+LONCAPA/Administrative
+
+=cut