SUMMARY - Disable chfn under 3.2A from Brian Weaver on 1995-07-20 (tru64-unix-managers)

From: Brian Weaver <weaver_at_pr1.k12.co.us>
Date: Wed, 19 Jul 1995 12:05:27 -0600 (MDT)

Well, once again, this mailing list has proved very useful. I
received about 10 answers back with different solutions to this problem.
The most popular, and IMHO the best solution was to use a wrap another
program around passwd to detect the -f and -s flags. It was also
mentioned that if you run nfs you can disable chfn, but I would
rather live with people using chfn than running nis since I have
no need for it.

Anyway here are some of the responses, I'm going to omit responses
that basically said the same thing..

-- Brian

-------

>From shollen_at_valhalla.cs.wright.edu Wed Jul 19 11:35:42 1995
Received: from valhalla.cs.wright.edu by alpha.pr1.k12.co.us; (5.65/1.1.8.2/16Ju
l95-0251PM)
        id AA28821; Wed, 19 Jul 1995 11:35:41 -0600
Received: by valhalla.cs.wright.edu; id AA24410; Wed, 19 Jul 1995 13:34:36 -0400
Date: Wed, 19 Jul 1995 13:34:36 -0400
From: Sheila Hollenbaugh <shollen_at_valhalla.cs.wright.edu>
Message-Id: <9507191734.AA24410_at_valhalla.cs.wright.edu>
To: weaver_at_pr1.k12.co.us
Subject: Re: Disable chfn under 3.2A?
Status: RO
X-Status:

If you are running NIS, you can run yppasswdd with the -nogecos flag.
This is not a well-documented flag, but does work to keep anyone
from changing finger info.

--------

>From rjackson_at_portal.gmu.eduWed Jul 19 12:01:08 1995
Date: Wed, 19 Jul 1995 08:58:07 -0400 (EDT)
From: Richard L Jackson Jr <rjackson_at_portal.gmu.edu>
Reply to: Richard L Jackson Jr <rjackson_at_gmu.edu>
To: weaver_at_pr1.k12.co.us
Subject: Re: Disable chfn under 3.2A?

I had to do this because sendmail fuzzy logic was causing email to
be misdirected. I had to develop a small passwd.c that disabled
-f. I am including my notes and code for passwd.c.

- osf1: install passwd wrapper and disable chfn capability
disable 'chfn' and 'passwd -f'. Reason -
  "chfn has been disabled since its use may adversely
  affect email delivery. Finger information changes are not
  permitted. Use a .plan file in your home area as an
  alternative method."
  1. cd /usr/bin
  2. mv passwd passwd.dist
  3. chmod 4710 passwd.dist (from 4711 root.bin)
     chown root.system passwd.dist
  4. mv ~/util/passwd/passwd .
  5. chmod 2711 passwd
     chown root.system passwd
  6. rm chsh chfn
  7. ln passwd chfn
  8. ln passwd chsh

----------------------------------------------
/**********************************************************************/
/* */
/* NAME: passwd.c */
/* */
/* PROGRAMMER: Richard Jackson DATE: 940509 */
/* */
/* PURPOSE: Wrapper for passwd to prevent 'passwd -f' invocation. */
/* Of course, chfn will have to be disabled. */
/* */
/* NOTES: */
/* To execute: */
/* 1. passwd [...] */
/* */
/* To build under ULTRIX: */
/* 1. cc -O -mips3 -o passwd passwd.c (ULTRIX 4.3a) */
/* 1. cc -O -non_shared -o passwd passwd.c (OSF/1 3.0) */
/* 2. strip passwd */
/* 3. mv passwd /usr/bin/ (755 root.system) */
/* */
/* */
/* MODIFICATION HISTORY: */
/* DATE MOD NAME DESCRIPTION */
/* */
/* 940509 AAA rjackson initial version */
/* 940831 AAB rjackson check if TRUE and FALSE are defined first*/
/* */
/**********************************************************************/

#include <limits.h> /* ARG_MAX */
#include <stdio.h> /* sprintf() */
#include <string.h> /* strcmp() */
#include <stdlib.h> /* exit() */

#define PASSWD "/usr/bin/passwd.dist" /* real passwd command */
#ifndef TRUE
#define TRUE 1;
#endif
#ifndef FALSE
#define FALSE 0;
#endif

main(int argc, char *argv[])
{
  int i, j; /* counter */
  int len; /* length of argument */
  int good; /* flag for good argument */
  char cmd[ARG_MAX]; /* command for real passwd */

/*
* setup for appropriate command.
*/
  if (strstr(argv[0], "chfn") != (char *) NULL)
  {
    printf("Sorry, chfn has been disabled since its use may adversely\n");
    printf(" affect email delivery. Finger information changes are not\n");
    printf(" permitted. Use a .plan file in your home area as an\n");
    printf(" alternative method.\n");
    exit(1);
  }
  else if (strstr(argv[0], "chsh") != (char *) NULL)
    sprintf(cmd, "%s -s ", PASSWD);
  else
    sprintf(cmd, "%s ", PASSWD); /* assume passwd command */

  for (i = 1; i < argc; i++) /* construct real command */
  {
    if (strcmp(argv[i], "-f") == 0) /* disable -f */
    {
      printf("Sorry, -f has been disabled since its use may adversely\n");
      printf(" affect email delivery. Finger information changes are not\n");
      printf(" permitted. Use a .plan file in your home area as an\n");
      printf(" alternative method.\n");
      exit(1);
    }
    else /* append arg[i] to command */
    {
      len = strlen(argv[i]);
      good = TRUE;
      for (j = 0; j < len; j++) /* check for safe system call */
        if (!(isalnum(argv[i][j]) || argv[i][j] == '-'))
        {
          good = FALSE;
          break;
        }

      if (good) /* check if argument is ok */
      {
        strcat(cmd, argv[i]); /* concat argument */
        strcat(cmd, " ");
      }
    }

  } /* for */

  system(cmd);

} /* main() */

-- 
Regards,
Richard Jackson                                George Mason University
UNIX Systems Engineer                          UCIS / ISO
                                               Computer Systems Engineering
----------
>From mcrowley_at_mhc.mtholyoke.eduWed Jul 19 12:02:07 1995
Date: Wed, 19 Jul 1995 06:20:04 -0400 (EDT)
From: "Michael A. Crowley" <mcrowley_at_mhc.mtholyoke.edu>
To: Brian Weaver <weaver_at_pr1.k12.co.us>
Subject: Re: Disable chfn under 3.2A?
Write a wrapper program for the passwd program that will not
allow the -f option to be passed along.  You can put the real
passwd program somewhere else.  
There are a couple of choices:  you can simply put the passwd
program in an obscure place which the wrapper program can find.
Smart users might find this.  You could run the wrapper program
as sgid for some group that you put the original passwd program
in and remove the other execute permissions from the original.
The original is suid to root anyway.
We took another route here -- we let the people change their
finger information, but when we create accounts, the original
passwd information is put into another file that users can't change.
Mike
----------
>From zen_at_bf.rmit.edu.auWed Jul 19 12:02:49 1995
Date: Wed, 19 Jul 1995 17:20:09 +1000 (EST)
From: Stuart 'Zen' Bishop <zen_at_bf.rmit.edu.au>
To: Brian Weaver <weaver_at_pr1.k12.co.us>
Cc: OSF managers <alpha-osf-managers_at_ornl.gov>
Subject: Re: Disable chfn under 3.2A?
On Tue, 18 Jul 1995, Brian Weaver wrote:
> I need to stop users from changing their finger information on
> our server running OSF 3.2A. The problem is chfn and passwd are
> the same program, linked together, so I can get rid of chfn, but
> passwd -f still works. We are running enhanced security so I cannot
> simply use another passwd program, unless you know of one that works
> with enhanced security. Any ideas? So far digital tech support is
> stumped on this one..
Password needs to be run as root to work. You write a password replacement
(like the one included below) that simply makes sure that the -f option
has not ben passed, and then calls the real password. The replacement
password is work executable and suid root. The passwd program that
came with osf/1 is set to executable to root only, and is no longer suid.
 _____                 
//  //    __          For a good time call    http://www.bf.rmit.edu.au/~zen //
   //    /  \   I\ I    zen_at_rmit.edu.au                                     //
  //    (--     I \I                          Unix Systems Administrator   //
 //      \__/   I  I  alias Stuart Bishop     Business Faculty, RMIT      //
((_______________________________________________________________________//
/*
 * Written by Michael Barnett, 8/11/94.
 *
 * There is no simple way to stop users from running the standard
 * /bin/passwd binary with the -f option, so use this as a wrapper.
 *
 * gcc -s -o passwd.no-f passwd.no-f.c
 * mv /bin/passwd /bin/passwd.with-f	<- DO ONCE ONLY!
 * cp passwd.no-f /bin
 * chmod 4711 /bin/passwd.no-f
 * ln /bin/passwd.no-f /bin/passwd
 */
#include <stdio.h>
#include <string.h>
#include <unistd.h>
#include <stdlib.h>
main(int argc, char *argv[])
{
	if ( argc > 1 )
		if ( ! strcmp(argv[1], "-f") )
		{
			fprintf(stderr, "This feature has been disabled.\n");
			fprintf(stderr, "Contact the system administrator if you need to change your account details.\n");
			exit(1);
		}
	execv("/bin/passwd.with-f", argv);
}
----------
Date: Tue, 18 Jul 1995 23:01:59 -0700
From: Mike Iglesias <iglesias_at_draco.acs.uci.edu>
To: Brian Weaver <weaver_at_pr1.k12.co.us>
Subject: Re: Disable chfn under 3.2A? 
You might try editing the passwd binary with emacs and searching for
'fs'.  I did, and found it shortly after the "usage" message in the
binary.  Change it to 's\0' and see if that prevents people from using
-f.
We did something similar on our student systems (suns) that keeps them
from messing with their passwd gecos field.
Mike
-- Brian
------------------------------------------------------------------------
Brian Weaver					weaver_at_pr1.k12.co.us
System Administrator				970-490-3683
PoudreR1
PGP key available.
Key fingerprint =  1D 9A 5F 9C 2D B3 D0 45  85 70 B5 4E E0 80 25 42
My opinions are my own and not that of the Poudre R1 School District.

Received on Wed Jul 19 1995 - 20:29:45 NZST

This archive was generated by hypermail 2.4.0 : Wed Nov 08 2023 - 11:53:45 NZDT