On Tue, Jan 21, 2003 at 05:33:41AM +0000, Ing. Bernardo Lopez wrote: > How secure could be my webserver if i allow some php scripts to modify > the file (directly) /etc/passwd & /etc/shadow but my script will only > allow to modify the line of the loged user (like userid=visitor, then he > only can see/modify visitor's line)?? > > It is secure, if i enforce very enougth the security of the script... or > this stills being a stupid option? > > Also if i use that script only for modify the permisions of ftp's users > it stills unsecure? (if the ftpd runs whit a very unpriviligiated uid?)
To modify the shadow password file, you would need to run the PHP program (in most cases the web server) as root. Which isn't secure (to put it mildly). Or you would need to allow the web server to have read and write access to the shadow file as its regular user, which isn't secure. Though shalt not let network services alter any critical files is the best approach. What is normally done by myself and others I have talked to is a PHP gateway server. You would write a daemon that your PHP code talks to via a Unix domain socket. The protocol you use to talk to your daemon would include a username and password (so the deamon can ensure it is talking to an authorized user). Any PHP script could talk to the daemon (most wouldn't know it exists), but because you have kept the deamon simple, and with a rigid unforgiving protocol the deamon will be much better - safe code wise - than your PHP script could ever hope to be. ----------------------------------------------------------------------- __o Bradley Arlt Security Team Lead _ \<_ [EMAIL PROTECTED] University Of Calgary (_)/(_) I should be biking right now. Computer Science
