Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 31 May 1999 13:55:00 +0200
From:      Ladavac Marino <mladavac@metropolitan.at>
To:        'Doug White' <dwhite@resnet.uoregon.edu>, Gustavo Lozano Ibarra <glozano@academ02.maz.itesm.mx>
Cc:        freebsd-questions@FreeBSD.ORG
Subject:   RE: checking a password when I am not root
Message-ID:  <55586E7391ACD211B9730000C110027617962D@r-lmh-wi-100.corpnet.at>

next in thread | raw e-mail | index | archive | help
> -----Original Message-----
> From:	Doug White [SMTP:dwhite@resnet.uoregon.edu]
> Sent:	Saturday, May 29, 1999 1:21 AM
> To:	Gustavo Lozano Ibarra
> Cc:	freebsd-questions@FreeBSD.ORG
> Subject:	Re: checking a password when I am not root
> 
> Make the tcl script suid root too?
	[ML]  I would advise against it (you cannot make a script suid
under FreeBSD, and suid root tclsh is a suicide.  suidperl is something
else :)

	You can make a suid root executable which checks a password (it
should expect a password on stdin and exit success if it matched,
otherwise fail--do not use arguments for password passing as ps will
show them) and call this script from tcl library.  This way you do not
even have to code the actual tcl lib part in C--tcl will do.

> You can always drop privileges once you have your password check.
	[ML]  It is way better to delegate this to an external
executable.  tcl does not do the perl kind of taint checking.
Furthermore, there will be no possibility for a cracker to harvest
encripted passwords from the memory image which could possibly be done
with suid tclsh.

> Doug White                               
> Internet:  dwhite@resnet.uoregon.edu    | FreeBSD: The Power to Serve
> http://gladstone.uoregon.edu/~dwhite    | www.freebsd.org
> 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?55586E7391ACD211B9730000C110027617962D>