[EMAIL PROTECTED] wrote:
Hello,
I am trying to write a password changing program.
this article by Lincoln Stein should resolve most of your problems:
http://www.samag.com/documents/s=1286/sam03020006/
and no, don't try to disable the taint mode,
instead read the perlsec manpage to learn
Thanks a lot. That really does help.
regards,
-Tushar
-Original Message-
From: Stas Bekman [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, July 30, 2002 6:36 AM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: apache mod_perl + suid question
[EMAIL PROTECTED] wrote:
Hello,
I
20:13
Para: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Assunto: RE: apache mod_perl + suid question
Thanks Vitor...
I have something very similar to what you mention below..only
that I am taking the username and passwd from the apache gui.
Then I encrypt the passwd and send that to wrapper(i.e
PROTECTED]; [EMAIL PROTECTED]
Assunto: RE: apache mod_perl + suid question
Vitor,
The thing is also that I can run the wrapper from the command line without
the
-T switch, and I do succeed, i.e. the password does get changed. Seems like
mod_perl by default has the taint mode on.
How do I get rid
: Vitor [mailto:[EMAIL PROTECTED]]
Sent: Friday, July 26, 2002 8:31 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: RES: apache mod_perl + suid question
Tushar,
It's not recommeded to run apache as root. (Security issues).
I have some applications that uses system command under mod_perl
26, 2002 8:31 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: RES: apache mod_perl + suid question
Tushar,
It's not recommeded to run apache as root. (Security issues).
I have some applications that uses system command under mod_perl without
problems.
Try to execute you wrapper script
PROTECTED]
Subject: RE: apache mod_perl + suid question
Thanks Vitor...
I have something very similar to what you mention below..only
that I am taking the username and passwd from the apache gui.
Then I encrypt the passwd and send that to wrapper(i.e. suid_file)
script.
So I have something like
Message-
From: Vitor [mailto:[EMAIL PROTECTED]]
Sent: Friday, July 26, 2002 7:04 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: RES: apache mod_perl + suid question
Hello Tushar,
Try this :
$suid_file = file_path/suidfile.pl;
$user = nobody;
$passwd = kdsak;
(system($suid_file,$user
6:50 PM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: apache mod_perl + suid question
On Fri, Jul 26, 2002 at 06:40:31PM -0400, [EMAIL PROTECTED] wrote:
1: The usermod command doesn't get executed. I have tried debugging
this...by having a log file(/usr/local/apache/logs
Hello,
I am trying to write a password changing program. For this I have a mod_perl
subroutine
from where I am trying to execute a perl script(with suid permissions 4711),
which is a wrapper and
in turn calls the usermod command on linux with the old and new passwords.
The problem I am having:
On Fri, Jul 26, 2002 at 06:40:31PM -0400, [EMAIL PROTECTED] wrote:
1: The usermod command doesn't get executed. I have tried debugging
this...by having a log file(/usr/local/apache/logs) and the mod_perl
process does open the wrapper script..but then does nothing. It does
not execute the
PROTECTED]; [EMAIL PROTECTED]
Assunto: RE: apache mod_perl + suid question
Thanks Vitor...
I have something very similar to what you mention below..only
that I am taking the username and passwd from the apache gui.
Then I encrypt the passwd and send that to wrapper(i.e. suid_file)
script.
So I
12 matches
Mail list logo