Date: Mon, 23 Aug 1999 09:26:28 -0300 (GMT) From: Fernando Schapachnik <fpscha@via-net-works.net.ar> To: colinj@cs.unm.edu (Colin Eric Johnson) Cc: freebsd-security@FreeBSD.ORG Subject: Re: getting passwored data via a perl cgi Message-ID: <199908231226.JAA05046@ns1.sminter.com.ar> In-Reply-To: <Pine.LNX.4.10.9908220956330.5398-100000@portico.cs.unm.edu> from Colin Eric Johnson at "Aug 22, 99 09:57:31 am"
next in thread | previous in thread | raw e-mail | index | archive | help
En un mensaje anterior, Colin Eric Johnson escribió: > > I'm in the process of writing a cgi script in perl that should verify > people against the machines password file. The problem that I am running > into is that if the script is run by anyone other then root I get an > empty encrypted password field. > > I don't want to run the cgi SUID root as this doesn't seem safe. > > Is there a way to allow other users access to complete password database? > I understand, basically, why this is restricted but I'm not sure how else > to solve this given FreeBSDs restrictions. For a similar problem I decided to use the SuExec feature of Apache. Basically you create a wrapper that talks to a suid program exchanging minimun (and because of this, easily veryfied) information. SuExec performs a *lot* of security checks. You can read more about SuExec in the Apache documentation. Good luck! Fernando P. Schapachnik Administración de la red VIA Net Works Argentina SA Diagonal Roque Sáenz Peña 971, 4º y 5º piso. 1035 - Capital Federal, Argentina. (54-11) 4323-3333 http://www.via-net-works.net.ar To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199908231226.JAA05046>