loncom/pwchange - diff

Return to pwchange CVS log

Up to [LON-CAPA] / loncom

Diff for /loncom/pwchange between versions 1.6 and 1.7

version 1.6, 2002/02/19 21:51:09	version 1.7, 2002/09/16 13:27:40
Line 14	Line 14
###	###

use strict;	use strict;
	my $noprint = 1;

# ------------------------------------------------------------------ Untainting	# ------------------------------------------------------------------ Untainting
$ENV{'PATH'}='/bin:/usr/bin'; # Nullify path information.	$ENV{'PATH'}='/bin:/usr/bin'; # Nullify path information.
Line 22 delete @ENV{qw(IFS CDPATH ENV BASH_ENV)}	Line 23 delete @ENV{qw(IFS CDPATH ENV BASH_ENV)}
# ---------------------------- Make sure this process is running from user=root	# ---------------------------- Make sure this process is running from user=root
my $wwwid=getpwnam('www');	my $wwwid=getpwnam('www');
if (0!=$<) {	if (0!=$<) {
	print "Username not www" unless $noprint;
exit 1;	exit 1;
}	}
# ----------------------------------------------- If not running setuid as root	# ----------------------------------------------- If not running setuid as root
if ($>!=0) {	if ($>!=0) {
	print "Not setuid to root" unless $noprint;
exit 1;	exit 1;
}	}

Line 33 if ($>!=0) {	Line 36 if ($>!=0) {
my $user=shift @ARGV;	my $user=shift @ARGV;
$user=~/^(\w+)$/;	$user=~/^(\w+)$/;
my $safe=$1;	my $safe=$1;
	print "Save user = $safe" unless $noprint;

my $pword=<>;	my $pword=<>;
chomp $pword;	chomp $pword;
unless (length($safe) and ($user eq $safe) and ($safe=~/^[A-Za-z]/)) {	unless (length($safe) and ($user eq $safe) and ($safe=~/^[A-Za-z]/)) {
exit 2;	exit 2;
}	}
	print "Password = $pword" unless $noprint;
my $pbad=0;	my $pbad=0;
foreach (split(//,$pword)) {if ((ord($_)<32)\|\|(ord($_)>126)){$pbad=1;}}	foreach (split(//,$pword)) {if ((ord($_)<32)\|\|(ord($_)>126)){$pbad=1;}}
exit 3 if $pbad;	exit 3 if $pbad;

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>

Removed from v.1.6
changed lines
	Added in v.1.7