Re: Can't do setuid

[Jeff Licquia <jeff@licquia.org>]

On Fri, 2002-12-13 at 10:36, Charles Menzes wrote:
> Yes, but therein lies my problem. I'm using Passwd::Linux in two cgi 
> scripts to allow intranet users to manage their passwords. Doesnt seem 
> like sudo is going to work for me in this occassion since the script will 
> be called via the webserver. 
> Any idea how to circumvent that type of situation?

You could always use blank passwords for everyone.  That would
"circumvent that type of situation", and would actually provide better
security. :-)

Here's how I would do this:

 - Require SSL for the entire transaction.

 - Have the user enter his/her old password, as well as the new password
twice.

 - Write a program that takes the username, old password, and new
password on stdin.  It should validate that the old password is correct,
and then set the user's password to the new one.  I'd probably write the
helper program in C, but Perl or Python isn't probably too bad as
security risks if you're not comfortable with writing secure C programs.

 - Have your CGI take the username, old password, and two new
passwords.  It should check that the two new passwords match, and then
run your helper program above, passing the username and passwords over
the helper's stdin.  If you wrote the helper program in C, you can make
it setuid; otherwise, you should run it with sudo.

If you know how to do pty programming or you know how to use expect, you
might be able to pull off using /usr/bin/passwd instead of a custom
helper program.  That's ultimately better, since the part of the code
that needs to be secure is external to you and well trusted/highly
audited, but pty/expect can be hairy for some people.  Then again, so
can getpwuid() and PAM.

-- 
Jeff Licquia <jeff@licquia.org>

-
To unsubscribe, send email to majordomo@luci.org with
"unsubscribe luci-discuss" in the body.