Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 7 Jun 2001 12:24:31 -0400 (EDT)
From:      David Miner <david@slis-two.lis.fsu.edu>
To:        Olivier Nicole <on@cs.ait.ac.th>
Cc:        <freebsd-security@FreeBSD.ORG>
Subject:   Re: Encrypted passwords
Message-ID:  <Pine.BSF.4.30_heb2.09.0106071222150.62777-100000@slis-two.lis.fsu.edu>
In-Reply-To: <200106070159.IAA25340@banyan.cs.ait.ac.th>
next in thread | previous in thread | raw e-mail | index | archive | help 
Olivier,

I will try these things.  I am not running NIS.  The script is not setuid.
I run it as root under my c-shell.  Which may part of the problem as you
point out.  I keep the script in the root directory with 700 permissions.

I'll get back to you with the results of the "print" testing.

Thanks.

David

On Thu, 7 Jun 2001, Olivier Nicole wrote:

> David,
>
> >I changed it to a system call from perl and went on.
>
> As a first step I would try to make sure the system call is what I
> really want: replace system' with print' and carefull check for any
> strange character. I'd be specially suspicious about the contents of
> that variable that holds the password.
>
> Second I would consider that the system call is made under bourne
> shell, it may have a different environment than the shell you use for
> every day work, and it may simply be missing some environment
> variable.
>
> I understood you run the scrip as root, it is not a setuid script?
> Else you'd need to untaint the variables.
>
> As a last resort, I'd copy the script, remove all the fancy interface
> and keep onlythe system call. Try to split it, addsome print, some pw
> usershow, etc.
>
> Is your system running NIS? It could be a problem that the new user
> has not yet propagated through NIS and then the password cannot be
> set...
>
> Olivier
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>

---------------------------------------------------------------------
David R. Miner                                   miner@lis.fsu.edu
Systems Integrator                               voice: 850-644-8107
School of Information Studies                    fax:   850-644-6253
Florida State University
Tallahassee, FL  32306-2100



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.30_heb2.09.0106071222150.62777-100000>