[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: passwd by WWW

Hi all.

> On Mon, 22 Apr 2002 22:35:53 +1000
> Ian Cumming <ian@ids.org.au> wrote:
> > I've come across this problem too. I think i searched freshmeat.net, and
> > found a few scripts which did the trick - however I wasn't confident
> > enough to put them into place.
> >
> > Is www a priority? You could write a simple perl script which securely
> > launched passwd, and set the script to be the user's shell. This is what
> > I do on my server.

yes. www is a priority (but hmmmmmm....
users does not have shells.
In this fact are any other solutions ?

> > ps: if anyone *does* have a good cgi for changing passwords, please send
> > it to me :)

me too !!! :)

> Have a look at cgipasswd on freshmeat.net
> You need a suid cgi script, it's important to filter the form inputs
> against a list of valid characters.

It is working on suid :( Is it secure ? Probably not.
Maybe if I will have LIDS for Linux it will solve it. But which rules I
must set ?

Marcin Bednarz.

To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: