[net.sources] force.c

paul@wjvax.UUCP (Paul Summers) (12/10/85)

With the rash of un-secure programs that turn the average user into
root without the courtesy of using su,  I felt that I should post a 
program that we have been using fairly successfully here at wjvax.
The main difference between this program and 'asroot' and its spiritual
bretheren is that it keeps a copy of the encrypted root password,
and prompts for it before letting the casual terminal snatcher get
away with murder or worse.

I make no guarantees about portability (we're running bsd 4.2) or
security.  The main point that I am stressing is the password.  A little time
is sacrificed to make sure that only super user privilidged people can use
this program.
(I know of a particular system that has 'chown' set userid root...)

The main idea is to save time. 
Have any of you tried the '-f' option on su?

---------------------cut here-------------------------------------
/*
 *	force.c:  execute $* as user root.
 *
 *	A relatively secure program that executes its arguments
 *	as the super user.  A small speed sacrifice is made to prompt
 *	for a password.  Install the program with mode 4750, owner
 *	root, group root (or operator).
 *
 *	Written by:	Paul M. Summers		(wjvax!paul)
 *			10/85
 *
 *	Compile: cc -o /usr/local/bin/force force.c
 *		 chmod 4750 /usr/local/bin/force
 */
#include	<pwd.h>
/*
 *	Modify the next 2 lines as appropriate.
 */
#define SA	"System Administrator's name"
#define	ROOTPW	"Encrypted root password from /etc/passwd"

main(argc,argv)
int argc;
char *argv[];
{
char *pwd,*cpwd,*crypt(),*getpass(),salt[2];
struct passwd *getpwuid(),*pwdent;

pwd = getpass("Password: ");

strncpy(salt,ROOTPW,2);
cpwd = crypt(pwd,salt);

if (strcmp(ROOTPW,cpwd) == 0) {
	setuid(0);
/*	nice(-5);	/* Overdrive... */
	execvp(argv[1],&argv[1]);
	printf("%s: command not found\n",argv[1]);
	exit(1);
}

/*
 *	Check for changed root password.
 */

setpwent();
pwdent = getpwuid(0);

if (strcmp(pwdent->pw_passwd,ROOTPW) != 0) {
	printf("Root password has changed to %s\n",pwdent->pw_passwd);
	printf("Notify %s that force must be changed\n",SA);
}
else
	printf("Bad password.\n");
}

tom@rsch.wisc.edu (Thomas Scott Christiansen) (12/14/85)

isn't this the same as saying:

	su -f root -c "some commands here"

why reinvent the wheel?    plus this doens't have to be recompiled when
there is a new root passwd.  

i find that most unix programs get written again and again and again,
when the one you wanted was already there in the first place.

tom
-- 

Tom Christiansen
University of Wisconsin
Computer Science Systems Lab 
...!{allegra,heurikon,ihnp4,seismo,uwm-evax}!uwvax!tom
tom@wisc-crys.arpa