I'd like to thank all of those who replied to me:
Jonathan Rozes <jrozes_at_gumbo.tcs.tufts.edu>
Winfried Huber <win_at_tukan.ffb.eunet.de>
Brian Weaver <weaver_at_pr1.k12.co.us>
"Michael A. Crowley" <mcrowley_at_mhc.mtholyoke.edu>
"Javier M. Pereira" <javier_at_sobrino.eui.upm.es>
Don Newcomer <newcomer_at_dickinson.edu>
Drew Kramer <drew_at_ny.ox.com>
Kevin Lentin <kevinl_at_cs.monash.edu.au>
Brian Sherwood <sherwood_at_esu.edu>
Richard L Jackson Jr <rjackson_at_portal.gmu.edu>
Basically, the answer is first check the archives!
(
http://www-archive.stanford.edu/mail-archs.html) I don't know why
I didn't do this, I've done it on many previous occasions, but I
think my brain was fried (I dashed off the message on a Friday
afternoon.)
Anyway, there are a few solutions to making chfn unable to be run by
normal users:
1) Run NIS. NIS breaks chfn. I had never worried about chfn on my
Ultrix box because we were running Hesiod, which had the same effect.
2) Unlink passwd and chfn, and protect chfn. This doesn't stop
"passwd -f".
3) Edit the passwd binary (with emacs or whatever) and replace the
"fs" string with nulls.
4) Write an SGID wrapper program to passwd that strips -f and calls
the real passwd, which is protected against world access. Chfn is
protected as well (since they're all linked.)
Here's Richard Jackson's solution, which I used pretty much verbatim:
The following are from my notes:
- osf1: install passwd wrapper and disable chfn capability
disable 'chfn' and 'passwd -f'. Reason -
"chfn has been disabled since its use may adversely
affect email delivery. Finger information changes are not
permitted. Use a .plan file in your home area as an
alternative method."
1. cd /usr/bin
2. mv passwd passwd.dist
3. chmod 4710 passwd.dist (from 4711 root.bin)
chown root.system passwd.dist
4. mv ~/util/passwd/passwd .
5. chmod 2711 passwd
chown root.system passwd
6. rm chsh chfn
7. ln passwd chfn
8. ln passwd chsh
----------------------- passwd.c --------------------
/**********************************************************************/
/* */
/* NAME: passwd.c */
/* */
/* PROGRAMMER: Richard Jackson DATE: 940509 */
/* */
/* PURPOSE: Wrapper for passwd to prevent 'passwd -f' invocation. */
/* Of course, chfn will have to be disabled. */
/* */
/* NOTES: */
/* To execute: */
/* 1. passwd [...] */
/* */
/* To build under ULTRIX: */
/* 1. cc -O -mips3 -o passwd passwd.c (ULTRIX 4.3a) */
/* 1. cc -O -non_shared -o passwd passwd.c (OSF/1 3.0) */
/* 2. strip passwd */
/* 3. mv passwd /usr/bin/ (755 root.system) */
/* */
/* */
/* MODIFICATION HISTORY: */
/* DATE MOD NAME DESCRIPTION */
/* */
/* 940509 AAA rjackson initial version */
/* 940831 AAB rjackson check if TRUE and FALSE are defined first*/
/* */
/**********************************************************************/
#include <limits.h> /* ARG_MAX */
#include <stdio.h> /* sprintf() */
#include <string.h> /* strcmp() */
#include <stdlib.h> /* exit() */
#define PASSWD "/usr/bin/passwd.dist" /* real passwd command */
#ifndef TRUE
#define TRUE 1;
#endif
#ifndef FALSE
#define FALSE 0;
#endif
main(int argc, char *argv[])
{
int i, j; /* counter */
int len; /* length of argument */
int good; /* flag for good argument */
char cmd[ARG_MAX]; /* command for real passwd */
/*
* setup for appropriate command.
*/
if (strstr(argv[0], "chfn") != (char *) NULL)
{
printf("Sorry, chfn has been disabled since its use may adversely\n");
printf(" affect email delivery. Finger information changes are not\n");
printf(" permitted. Use a .plan file in your home area as an\n");
printf(" alternative method.\n");
exit(1);
}
else if (strstr(argv[0], "chsh") != (char *) NULL)
sprintf(cmd, "%s -s ", PASSWD);
else
sprintf(cmd, "%s ", PASSWD); /* assume passwd command */
for (i = 1; i < argc; i++) /* construct real command */
{
if (strcmp(argv[i], "-f") == 0) /* disable -f */
{
printf("Sorry, -f has been disabled since its use may adversely\n");
printf(" affect email delivery. Finger information changes are not\n");
printf(" permitted. Use a .plan file in your home area as an\n");
printf(" alternative method.\n");
exit(1);
}
else /* append arg[i] to command */
{
len = strlen(argv[i]);
good = TRUE;
for (j = 0; j < len; j++) /* check for safe system call */
if (!(isalnum(argv[i][j]) || argv[i][j] == '-'))
{
good = FALSE;
break;
}
if (good) /* check if argument is ok */
{
strcat(cmd, argv[i]); /* concat argument */
strcat(cmd, " ");
}
}
} /* for */
system(cmd);
} /* main() */
----------------------- passwd.c --------------------
From: Anthony D'Atri <aad_at_nwnet.net>
Remove the chfn link, and use an emacs or adb to edit the passwd binary
and replace -f with nulls.
--------------------
Mike Richichi, Systems Manager, Drew University Academic Technology
BC-COMPCEN, Madison, NJ 07940 +1 201 408 3840 FAX: +1 201 408 3816
mrichich_at_drunivac.drew.edu,
http://daniel.drew.edu/~mrichich
Received on Tue Mar 19 1996 - 16:32:14 NZST