Print some warnings if root invokes chpass and sets the

shell to one of the following:

- a non-existent file
- a non-regular file
- a file without any execute bits set

The shell is still set to whatever they entered even if the above
conditions exist (hey, it is the super user doing this after all :-),
but this might give the admin. some warning that they are about to screw
themselves and give them a chance to fix it before it is too late.

Inspired by: some new FreeBSD user on USENET who set his root shell
  to a shell that doesn't exist and now can't gain access to root (don't
  worry, I sent him some mail on how to recover from this).

1 files changed, 19 insertions, 0 deletions

diff --git a/usr.bin/chpass/field.c b/usr.bin/chpass/field.c
index 6229e42..73fa479 100644
--- a/usr.bin/chpass/field.c
+++ b/usr.bin/chpass/field.c
@@ -36,6 +36,7 @@ static char sccsid[] = "@(#)field.c	8.4 (Berkeley) 4/2/94";
 #endif /* not lint */
 
 #include <sys/param.h>
+#include <sys/stat.h>
 
 #include <ctype.h>
 #include <err.h>
@@ -242,6 +243,7 @@ p_shell(p, pw, ep)
 	ENTRY *ep;
 {
 	char *t, *ok_shell();
+	struct stat sbuf;
 
 	if (!*p) {
 		pw->pw_shell = _PATH_BSHELL;
@@ -264,5 +266,22 @@ p_shell(p, pw, ep)
 		warnx("can't save entry");
 		return (1);
 	}
+	if (stat(pw->pw_shell, &sbuf) < 0) {
+		if (errno == ENOENT)
+			warnx("WARNING: shell '%s' does not exist",
+			    pw->pw_shell);
+		else
+			warn("WARNING: can't stat shell '%s'",  pw->pw_shell);
+		return (0);
+	}
+	if (!S_ISREG(sbuf.st_mode)) {
+		warnx("WARNING: shell '%s' is not a regular file", 
+			pw->pw_shell);
+		return (0);
+	}
+	if ((sbuf.st_mode & (S_IXOTH | S_IXGRP | S_IXUSR)) == 0) {
+		warnx("WARNING: shell '%s' is not executable", pw->pw_shell);
+		return (0);
+	}
 	return (0);
 }