[LON-CAPA-cvs] cvs: loncom / lond
foxr
lon-capa-cvs@mail.lon-capa.org
Wed, 07 Apr 2004 10:02:11 -0000
foxr Wed Apr 7 06:02:11 2004 EDT
Modified files:
/loncom lond
Log:
Close security hole in account creation... log attempts to exploit too!
Index: loncom/lond
diff -u loncom/lond:1.185 loncom/lond:1.186
--- loncom/lond:1.185 Tue Mar 16 15:57:49 2004
+++ loncom/lond Wed Apr 7 06:02:11 2004
@@ -2,7 +2,7 @@
# The LearningOnline Network
# lond "LON Daemon" Server (port "LOND" 5663)
#
-# $Id: lond,v 1.185 2004/03/16 20:57:49 albertel Exp $
+# $Id: lond,v 1.186 2004/04/07 10:02:11 foxr Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -53,7 +53,7 @@
my $status='';
my $lastlog='';
-my $VERSION='$Revision: 1.185 $'; #' stupid emacs
+my $VERSION='$Revision: 1.186 $'; #' stupid emacs
my $remoteVERSION;
my $currenthostid;
my $currentdomainid;
@@ -3141,6 +3141,16 @@
}
} elsif ($umode eq 'unix') {
{
+ #
+ # Don't allow the creation of privileged accounts!!! that would
+ # be real bad!!!
+ #
+ my $uid = getpwnam($uname);
+ if((defined $uid) && ($uid == 0)) {
+ &logthis(">>>Attempted to create privilged account blocked");
+ return "no_priv_account_error\n";
+ }
+
my $execpath="$perlvar{'lonDaemons'}/"."lcuseradd";
{
&Debug("Executing external: ".$execpath);