Date: Sun, 22 Aug 1999 17:17:58 -0700 (PDT) From: "Rodney W. Grimes" <freebsd@gndrsh.dnsmgr.net> To: roberto@keltia.freenix.fr (Ollivier Robert) Cc: freebsd-security@FreeBSD.ORG Subject: Re: getting passwored data via a perl cgi Message-ID: <199908230017.RAA33539@gndrsh.dnsmgr.net> In-Reply-To: <19990822223619.B11240@keltia.freenix.fr> from Ollivier Robert at "Aug 22, 1999 10:36:19 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
> According to Colin Eric Johnson: > > Is there a way to allow other users access to complete password database? > > I understand, basically, why this is restricted but I'm not sure how else > > to solve this given FreeBSDs restrictions. > > Either you make it setuid root or you wipe up a daemon that runs as root and wip? > make your script discuss with the daemon. The daemon could cache entries for > example (although pwd lookups should be fast thanks to the DB files). You can find a program used by cyrus for just what you are trying to do in ports/mail/cyrus, it's called pwcheck. There are probably some others around, this is just one that I ran accross recently. IMHO making your cgi script suid root would be asking for a security breach some day, probably sooner than latter. Cyrus is a a large daemon, but it took this route for dealing with this problem for good reasons. -- Rod Grimes - KD7CAX - (RWG25) rgrimes@gndrsh.dnsmgr.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199908230017.RAA33539>