[LON-CAPA-cvs] cvs: loncom / lond

foxr lon-capa-cvs@mail.lon-capa.org
Wed, 07 Apr 2004 10:02:11 -0000


foxr		Wed Apr  7 06:02:11 2004 EDT

  Modified files:              
    /loncom	lond 
  Log:
  Close security hole in account creation... log attempts to exploit too!
  
  
  
Index: loncom/lond
diff -u loncom/lond:1.185 loncom/lond:1.186
--- loncom/lond:1.185	Tue Mar 16 15:57:49 2004
+++ loncom/lond	Wed Apr  7 06:02:11 2004
@@ -2,7 +2,7 @@
 # The LearningOnline Network
 # lond "LON Daemon" Server (port "LOND" 5663)
 #
-# $Id: lond,v 1.185 2004/03/16 20:57:49 albertel Exp $
+# $Id: lond,v 1.186 2004/04/07 10:02:11 foxr Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -53,7 +53,7 @@
 my $status='';
 my $lastlog='';
 
-my $VERSION='$Revision: 1.185 $'; #' stupid emacs
+my $VERSION='$Revision: 1.186 $'; #' stupid emacs
 my $remoteVERSION;
 my $currenthostid;
 my $currentdomainid;
@@ -3141,6 +3141,16 @@
 	}
     } elsif ($umode eq 'unix') {
 	{
+	    #
+	    #  Don't allow the creation of privileged accounts!!! that would
+	    #  be real bad!!!
+	    #
+	    my $uid = getpwnam($uname);
+	    if((defined $uid) && ($uid == 0)) {
+		&logthis(">>>Attempted to create privilged account blocked");
+		return "no_priv_account_error\n";
+	    }
+
 	    my $execpath="$perlvar{'lonDaemons'}/"."lcuseradd";
 	    {
 		&Debug("Executing external: ".$execpath);