force.c
Paul Summers
paul at wjvax.UUCP
Wed Dec 11 04:51:53 AEST 1985
With the rash of un-secure programs that turn the average user into
root without the courtesy of using su, I felt that I should post a
program that we have been using fairly successfully here at wjvax.
The main difference between this program and 'asroot' and its spiritual
bretheren is that it keeps a copy of the encrypted root password,
and prompts for it before letting the casual terminal snatcher get
away with murder or worse.
I make no guarantees about portability (we're running bsd 4.2) or
security. The main point that I am stressing is the password. A little time
is sacrificed to make sure that only super user privilidged people can use
this program.
(I know of a particular system that has 'chown' set userid root...)
The main idea is to save time.
Have any of you tried the '-f' option on su?
---------------------cut here-------------------------------------
/*
* force.c: execute $* as user root.
*
* A relatively secure program that executes its arguments
* as the super user. A small speed sacrifice is made to prompt
* for a password. Install the program with mode 4750, owner
* root, group root (or operator).
*
* Written by: Paul M. Summers (wjvax!paul)
* 10/85
*
* Compile: cc -o /usr/local/bin/force force.c
* chmod 4750 /usr/local/bin/force
*/
#include <pwd.h>
/*
* Modify the next 2 lines as appropriate.
*/
#define SA "System Administrator's name"
#define ROOTPW "Encrypted root password from /etc/passwd"
main(argc,argv)
int argc;
char *argv[];
{
char *pwd,*cpwd,*crypt(),*getpass(),salt[2];
struct passwd *getpwuid(),*pwdent;
pwd = getpass("Password: ");
strncpy(salt,ROOTPW,2);
cpwd = crypt(pwd,salt);
if (strcmp(ROOTPW,cpwd) == 0) {
setuid(0);
/* nice(-5); /* Overdrive... */
execvp(argv[1],&argv[1]);
printf("%s: command not found\n",argv[1]);
exit(1);
}
/*
* Check for changed root password.
*/
setpwent();
pwdent = getpwuid(0);
if (strcmp(pwdent->pw_passwd,ROOTPW) != 0) {
printf("Root password has changed to %s\n",pwdent->pw_passwd);
printf("Notify %s that force must be changed\n",SA);
}
else
printf("Bad password.\n");
}
More information about the Comp.sources.unix
mailing list