version 1.3, 2001/11/15 18:15:06
|
version 1.6, 2002/02/19 21:51:09
|
Line 1
|
Line 1
|
#!/usr/bin/perl |
#!/usr/bin/perl |
|
|
# The Learning Online Network |
# The Learning Online Network with CAPA |
# |
# |
# pwchange - setuid script to change unix passwords |
# pwchange - setuid script to change unix passwords |
# |
# |
# YEAR=2001 |
# YEAR=2001 |
# 10/23,11/13,11/15 Scott Harrison |
# 10/23,11/13,11/15 Scott Harrison |
# |
# |
|
# YEAR=2002 |
|
# 02/19 Matthew Hall |
|
# |
# $Id$ |
# $Id$ |
### |
### |
|
|
Line 16 use strict;
|
Line 19 use strict;
|
$ENV{'PATH'}='/bin:/usr/bin'; # Nullify path information. |
$ENV{'PATH'}='/bin:/usr/bin'; # Nullify path information. |
delete @ENV{qw(IFS CDPATH ENV BASH_ENV)}; # nullify potential taints |
delete @ENV{qw(IFS CDPATH ENV BASH_ENV)}; # nullify potential taints |
|
|
# ----------------------------- Make sure this process is running from user=www |
# ---------------------------- Make sure this process is running from user=root |
my $wwwid=getpwnam('www'); |
my $wwwid=getpwnam('www'); |
if ($wwwid!=$<) { |
if (0!=$<) { |
exit 1; |
exit 1; |
} |
} |
# ----------------------------------------------- If not running setuid as root |
# ----------------------------------------------- If not running setuid as root |
Line 37 unless (length($safe) and ($user eq $saf
|
Line 40 unless (length($safe) and ($user eq $saf
|
} |
} |
|
|
my $pbad=0; |
my $pbad=0; |
map {if (($_<32)&&($_>126)){$pbad=1;}} (split(//,$pword)); |
foreach (split(//,$pword)) {if ((ord($_)<32)||(ord($_)>126)){$pbad=1;}} |
exit 3 if $pbad; |
exit 3 if $pbad; |
|
|
# --------------------------------------------------------- Call system command |
# --------------------------------------------------------- Call system command |