From owner-freebsd-security  Tue Aug  5 02:18:00 1997
Return-Path: <owner-freebsd-security>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id CAA02114
          for security-outgoing; Tue, 5 Aug 1997 02:18:00 -0700 (PDT)
Received: from foo.primenet.com (ip193.sjc.primenet.com [206.165.96.193])
          by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id CAA02105
          for <security@FreeBSD.ORG>; Tue, 5 Aug 1997 02:17:57 -0700 (PDT)
Received: (from bkogawa@localhost) by foo.primenet.com (8.8.6/8.6.12) id CAA14803; Tue, 5 Aug 1997 02:22:41 -0700 (PDT)
Date: Tue, 5 Aug 1997 02:22:41 -0700 (PDT)
Message-Id: <199708050922.CAA14803@foo.primenet.com>
To: rewt@i-Plus.net
Subject: Re: SetUID
Newsgroups: localhost.freebsd.security
References: <> <199708050642.CAA19412@radford.i-plus.net>
From: "Bryan K. Ogawa" <bkogawa@primenet.com>
Cc: <security@FreeBSD.ORG>
X-Newsreader: NN version 6.5.0 #1 (NOV)
Sender: owner-freebsd-security@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk


In localhost.freebsd.security you write:

>Ok, this SetUID thread has brought a question to mind.

>I'm the sysadmin for a small ISP, and have created a perl script for user
>management.  The script is basically a menu with options to create/delete/di
>sable/enable accounts and change passwords.  I've got safeguards in place
>that will only allow user accounts to be modified.

>In my script, I'm using:
>- hacked up code from /usr/bin/adduser to create accounts
>- a call to /usr/sbin/pw to disable and delete accounts
>- a call to /usr/bin/passwd to change user passwords and re-enable
>accounts

Depending on how you call the above, they may or may not show info
(say, the account's password) in the ps listings.

Another thing you can do if you don't trust the staff (or the security
of the staff's accounts) is to run perl in taint mode (-t , I
believe).  Then, perl will become paranoid and refuse to do a lot of
things which may potentially be unsafe.

>My staff is allowed to run this script using the sudo utility, and all
>seems to work well.  The script itself is owned by root, and has 0500 for
>permissions, and is using /usr/local/bin/perl (perl 5.003) as the
>interpreter.

>Is this safe?  Is there anything I should watch out for?

>Any comments/suggestions are welcome.  I'm willing to share my script if
>anyone is willing to suffer through poor coding :^)

>Troy Settle <st@i-Plus.net>
>Network Administrator, iPlus Internet Services
>http://www.i-Plus.net



-- 
bryan k ogawa  <bkogawa@primenet.com>   http://www.primenet.com/~bkogawa/