Re: passwd by WWW
On Mon, 22 Apr 2002 22:35:53 +1000
Ian Cumming <ian@ids.org.au> wrote:
>
> Marcin,
>
> I've come across this problem too. I think i searched freshmeat.net, and
> found a few scripts which did the trick - however I wasn't confident
> enough to put them into place.
>
> Is www a priority? You could write a simple perl script which securely
> launched passwd, and set the script to be the user's shell. This is what
> I do on my server.
>
> rgds,
> Ian.
>
> ps: if anyone *does* have a good cgi for changing passwords, please send
> it to me :)
Have a look at cgipasswd on freshmeat.net
You need a suid cgi script, it's important to filter the form inputs
against a list of valid characters.
Alain
--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: