diff options
| author | alec <alec@208e9e7b-5314-0410-a742-e7e81cd9613c> | 2010-09-10 08:09:10 +0000 |
|---|---|---|
| committer | alec <alec@208e9e7b-5314-0410-a742-e7e81cd9613c> | 2010-09-10 08:09:10 +0000 |
| commit | feb968189cd74903e653e9e0a657bebcf22e3991 (patch) | |
| tree | b9d63656e7984b6d2e5c1fb97bed42e637e635db | |
| parent | dafdf25a59ada82149c016ab6cc5f93bf1e53ece (diff) | |
- Security improvements for chpasswd driver (#1486987)
git-svn-id: https://svn.roundcube.net/trunk@3955 208e9e7b-5314-0410-a742-e7e81cd9613c
| -rw-r--r-- | plugins/password/README | 3 | ||||
| -rw-r--r-- | plugins/password/drivers/chpasswd.php | 15 | ||||
| -rw-r--r-- | plugins/password/package.xml | 8 |
3 files changed, 16 insertions, 10 deletions
diff --git a/plugins/password/README b/plugins/password/README index 2e3a59509..8cb568db1 100644 --- a/plugins/password/README +++ b/plugins/password/README @@ -223,6 +223,9 @@ Driver that adds functionality to change the systems user password via the 'chpasswd' command. See config.inc.php file. + Attached wrapper script (chpass-wrapper.py) restricts password changes + to uids >= 1000 and can deny requests based on a blacklist. + 2.12. LDAP - no PEAR (ldap_simple) ----------------------------------- diff --git a/plugins/password/drivers/chpasswd.php b/plugins/password/drivers/chpasswd.php index ed15a054e..5c6bde2d2 100644 --- a/plugins/password/drivers/chpasswd.php +++ b/plugins/password/drivers/chpasswd.php @@ -11,15 +11,16 @@ * @version 1.0 * @author Alex Cartwright <acartwright@mutinydesign.co.uk) */ - + function password_save($currpass, $newpass) { - $cmd = sprintf('echo \'%1$s:%2$s\' | %3$s; echo $?', - addcslashes($_SESSION['username'], "'"), - addcslashes($newpass, "'"), - rcmail::get_instance()->config->get('password_chpasswd_cmd')); + $cmd = rcmail::get_instance()->config->get('password_chpasswd_cmd'); + $username = $_SESSION['username']; + + $handle = popen($cmd, "w"); + fwrite($handle, "$username:$newpass"); - if (exec($cmd) == 0) { + if (pclose($handle) == 0) { return PASSWORD_SUCCESS; } else { @@ -33,5 +34,3 @@ function password_save($currpass, $newpass) return PASSWORD_ERROR; } - -?> diff --git a/plugins/password/package.xml b/plugins/password/package.xml index a106c8917..433280980 100644 --- a/plugins/password/package.xml +++ b/plugins/password/package.xml @@ -15,8 +15,8 @@ <email>alec@alec.pl</email> <active>yes</active> </lead> - <date></date> - <time></time> + <date>2010-09-10</date> + <time>09:00:00</time> <version> <release>1.7</release> <api>1.5</api> @@ -28,6 +28,8 @@ <license uri="http://www.gnu.org/licenses/gpl-2.0.html">GNU GPLv2</license> <notes> - Added XMail driver +- Improve security of chpasswd driver using popen instead of exec+echo (#1486987) +- Added chpass-wrapper.py script to improve security (#1486987) </notes> <contents> <dir baseinstalldir="/" name="/"> @@ -81,6 +83,8 @@ <file name="drivers/sasl.php" role="php"></file> <file name="drivers/virtualmin.php" role="php"></file> <file name="drivers/ximss.php" role="php"></file> + <file name="drivers/xmail.php" role="php"></file> + <file name="drivers/chpass-wrapper.py" role="data"></file> <file name="config.inc.php.disc" role="data"></file> </dir> |