From owner-freebsd-security Mon Aug 23 13:12:49 1999 Delivered-To: freebsd-security@freebsd.org Received: from iaehv.iae.nl (iaehv.IAE.nl [194.151.64.2]) by hub.freebsd.org (Postfix) with ESMTP id 7938A1504B for ; Mon, 23 Aug 1999 13:12:43 -0700 (PDT) (envelope-from wjw@iae.nl) Received: from wjw (wjw.digiware.nl [212.61.27.68]) by iaehv.iae.nl (Postfix) with SMTP id 2635F20F85; Mon, 23 Aug 1999 22:09:58 +0200 (CEST) Message-ID: <05d801beeda4$8765ae80$441b3dd4@wjw.digiware.nl> From: "Willem Jan Withagen" To: "Ollivier Robert" Cc: Subject: Re: getting passwored data via a perl cgi Date: Mon, 23 Aug 1999 22:17:30 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.2106.4 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.2106.4 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I did it the other way around: I wrote a Apache security module which takes usercode/password and then veryfies it at the POP-port. If you don't want POP outside the box, use tcpwrappers or a firewall to hide them. The advantage is that this code is very unlikely to be stored in a cache/proxy, whilest I've found plenty of "pages" in many Win'95/OS2 caches containing usercode/password combinations --WjW PS: code is available, but RAW -----Original Message----- From: Ollivier Robert To: freebsd-security@freebsd.org Date: zondag 22 augustus 1999 23:00 Subject: Re: getting passwored data via a perl cgi >According to Colin Eric Johnson: >> Is there a way to allow other users access to complete password database? >> I understand, basically, why this is restricted but I'm not sure how else >> to solve this given FreeBSDs restrictions. > >Either you make it setuid root or you wipe up a daemon that runs as root and >make your script discuss with the daemon. The daemon could cache entries for >example (although pwd lookups should be fast thanks to the DB files). >-- >Ollivier ROBERT -=- FreeBSD: The Power to Serve! -=- roberto@keltia.freenix.fr >FreeBSD keltia.freenix.fr 4.0-CURRENT #73: Sat Jul 31 15:36:05 CEST 1999 > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message