From owner-freebsd-security Thu Jun 7 9:23:10 2001 Delivered-To: freebsd-security@freebsd.org Received: from slis-two.lis.fsu.edu (slis-two.lis.fsu.edu [128.186.72.102]) by hub.freebsd.org (Postfix) with ESMTP id 054AC37B401 for ; Thu, 7 Jun 2001 09:23:05 -0700 (PDT) (envelope-from david@slis-two.lis.fsu.edu) Received: from localhost (david@localhost) by slis-two.lis.fsu.edu (8.11.1/8.11.1) with ESMTP id f57GOVG62834; Thu, 7 Jun 2001 12:24:32 -0400 (EDT) (envelope-from david@slis-two.lis.fsu.edu) Date: Thu, 7 Jun 2001 12:24:31 -0400 (EDT) From: David Miner To: Olivier Nicole Cc: Subject: Re: Encrypted passwords In-Reply-To: <200106070159.IAA25340@banyan.cs.ait.ac.th> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Olivier, I will try these things. I am not running NIS. The script is not setuid. I run it as root under my c-shell. Which may part of the problem as you point out. I keep the script in the root directory with 700 permissions. I'll get back to you with the results of the "print" testing. Thanks. David On Thu, 7 Jun 2001, Olivier Nicole wrote: > David, > > >I changed it to a system call from perl and went on. > > As a first step I would try to make sure the system call is what I > really want: replace system' with print' and carefull check for any > strange character. I'd be specially suspicious about the contents of > that variable that holds the password. > > Second I would consider that the system call is made under bourne > shell, it may have a different environment than the shell you use for > every day work, and it may simply be missing some environment > variable. > > I understood you run the scrip as root, it is not a setuid script? > Else you'd need to untaint the variables. > > As a last resort, I'd copy the script, remove all the fancy interface > and keep onlythe system call. Try to split it, addsome print, some pw > usershow, etc. > > Is your system running NIS? It could be a problem that the new user > has not yet propagated through NIS and then the password cannot be > set... > > Olivier > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > --------------------------------------------------------------------- David R. Miner miner@lis.fsu.edu Systems Integrator voice: 850-644-8107 School of Information Studies fax: 850-644-6253 Florida State University Tallahassee, FL 32306-2100 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message