Hi all --
I'm trying to write a setuid script to change passwords on a machine via
the web. I am not trying to change the local passwords (i.e. *not*
modifying /etc/password), but I do need the script to be run as root so
it can call another password-changing utility which is doing the actual
work.
When run from the command line as root, the script works fine. However,
when run as myself (after setting the script to be setuid root) I get
the following error generated from the script's system call:
"Insecure dependency in system while running setuid at ./chpass_web.pl
line 159."
Perl is installed on this system to use suid emulation, so it's calling
the 'suidperl' binary. The problem originates from the following line
of code:
system "/bin/echo $new_password1 | /usr/local/sbin/saslpasswd -p
$in_username";
The documentation I've seen implies that variables can't be passed
directly into the shell, as they are above, but I couldn't reword the
system call in any way that still enabled it to work.
Can anyone help with this? Or lead me to any pointers on suidperl?
I've already read the perlsec manpage, and searched through the mailing
list archives...
Thanks!
Andria
--
----------------------------------------------
Andria Thomas [EMAIL PROTECTED]
System Administrator -- Tovaris, Inc.
(434) 245-5309 x 105
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
