#!/usr/bin/perl # The Learning Online Network with CAPA # # pwchange - setuid script to change unix passwords # # YEAR=2001 # # YEAR=2002 # 02/19 Matthew Hall # # $Id: pwchange,v 1.10 2009/07/17 02:20:59 raeburn Exp $ ### use strict; my $noprint = 1; print "In pwchange\n" unless $noprint; print "Real uid = $< effective uid = $> \n" unless $noprint; # ------------------------------------------------------------------ Untainting $ENV{'PATH'}='/bin:/usr/bin'; # Nullify path information. delete @ENV{qw(IFS CDPATH ENV BASH_ENV)}; # nullify potential taints # ---------------------------- Make sure this process is running from user=root if (0 != $<) { print "Username not root" unless $noprint; exit 1; } # ----------------------------------------------- If not running setuid as root if ($>!=0) { print "Not setuid to root" unless $noprint; exit 1; } # ----------------------------------------------- Make sure arguments are valid my $user=shift @ARGV; $user=~/^(\w+)$/; my $safe=$1; print "Save user = $safe" unless $noprint; my $pword=<>; chomp $pword; unless (length($safe) and ($user eq $safe) and ($safe=~/^[A-Za-z]/)) { exit 2; } print "Password = $pword" unless $noprint; my $pbad=0; foreach (split(//,$pword)) {if ((ord($_)<32)||(ord($_)>126)){$pbad=1;}} exit 3 if $pbad; # --------------------------------------------------------- Call system command my $distro; if (open(PIPE,"perl distprobe|")) { $distro = ; close(PIPE); } if ($distro =~ /^ubuntu|debian/) { open(OUT,"|/usr/sbin/usermod -p `mkpasswd $pword` $safe"); close(OUT); } else { open(OUT,"|passwd --stdin $safe >/dev/null"); print OUT $pword; print OUT "\n"; close(OUT); } # --------------------------------------- exit with status of command execution exit $?/256; =head1 NAME pwchange - setuid script to change unix passwords =head1 DESCRIPTION Setuid script to change unix passwords. =head1 README Setuid script to change unix passwords. =head1 PREREQUISITES =head1 COREQUISITES =pod OSNAMES linux =pod SCRIPT CATEGORIES LONCAPA/Administrative =cut