Date: Thu, 7 Jun 2001 08:59:56 +0700 (ICT) From: Olivier Nicole <on@cs.ait.ac.th> To: david@slis-two.lis.fsu.edu Cc: freebsd-security@FreeBSD.ORG Subject: Re: Encrypted passwords Message-ID: <200106070159.IAA25340@banyan.cs.ait.ac.th> In-Reply-To: <Pine.BSF.4.30_heb2.09.0106061256090.51404-100000@slis-two.lis.fsu.edu> (message from David Miner on Wed, 6 Jun 2001 12:58:26 -0400 (EDT)) References: <Pine.BSF.4.30_heb2.09.0106061256090.51404-100000@slis-two.lis.fsu.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
David, >I changed it to a system call from perl and went on. As a first step I would try to make sure the system call is what I really want: replace system' with print' and carefull check for any strange character. I'd be specially suspicious about the contents of that variable that holds the password. Second I would consider that the system call is made under bourne shell, it may have a different environment than the shell you use for every day work, and it may simply be missing some environment variable. I understood you run the scrip as root, it is not a setuid script? Else you'd need to untaint the variables. As a last resort, I'd copy the script, remove all the fancy interface and keep onlythe system call. Try to split it, add some print, some pw usershow, etc. Is your system running NIS? It could be a problem that the new user has not yet propagated through NIS and then the password cannot be set... Olivier To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200106070159.IAA25340>