Re: lug-bg: passwd i chfn prez web?
On Sat, Jun 05, 2004 at 09:06:22PM +0300, Anton Zinoviev wrote: 2.VI.2004 19:48 (+0300) Peter Pentchev : , : http://devel.ringlet.net/sysutils/passwdif/passwdif.pl , : username, old password, new password, username old password ,new password. , . , - (gpasswd) , -- .. , security audit ;-). -:) , , , all-singing, all-dancing , - , , portability. ... , , , , , .. CGI , C, setuid , , , - (30-35 ). exploitable buffer overflows, DoS-able ,, exploitable :( , -- Peter Pentchev [EMAIL PROTECTED][EMAIL PROTECTED][EMAIL PROTECTED] PGP key:http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 If this sentence didn't exist, somebody would have invented it. pgpMK61YY5M0O.pgp Description: PGP signature
Re: lug-bg: passwd i chfn prez web?
2.VI.2004 19:48 (+0300) Peter Pentchev : , : http://devel.ringlet.net/sysutils/passwdif/passwdif.pl , : username, old password, new password, username old password ,new password. , . , - (gpasswd) , -- .. , security audit ;-). A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
Re: lug-bg: passwd i chfn prez web?
, -, .. . - cgi-. , ;-), -. http://sarg.sourceforge.net/chetcpasswd.php A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
Re: lug-bg: passwd i chfn prez web?
On Tuesday 01 June 2004 19:59, Peter Pentchev wrote:
On Tue, Jun 01, 2004 at 07:46:35PM +0300, George Danchev wrote:
On Tuesday 01 June 2004 18:40, Peter Pentchev wrote:
--cut--
( -p),
, expect ;) .
command-line argument
, ps awwwfux .
, , ... :)
,
/proc per user basis ? grsec, rsbac,
exec-shield, NSA, FBI, , ;-)
, apachenobody www,
(malicious ),nobody
www? :) , -
.
, , ;-) ,
per user basis ,
, ( root ==
God, ;-). /
/ ;-)
... ,
,
userspace util-,
... .
BSD pw(8) useradd/usermod ,
.,
local patch, David Malone commit-,
pw usermod -H 0,-h -H
:)
. command line
environment ,
(-h, -H) ,
,
. pipe ( ?)
usermod ( file descr) ...
, stdin usermod ?
, pw usermod -h 0 stdin ( -, -h fdnum
fdnum, command line).
( , David Malone commit- FreeBSD)
-H 0, ** stdin,
,open(|-),
system(echo bfh20dj4u32u | pw usermod -n tanj -H 0)
ps awwwfux, echo.
,
echo ( ), ...
, ps...
, :
cat lll.c
#include stdio.h
main() {
system (echo kriptiranaparola | pw usermod -n -tanj -H 0) ;
}
-, ,
:
while i=j; do ps aux |grep usermod ; done
:
root 30507 0.0 0.4 2696 1200 pts/2R+ 22:54 0:00 sh -c echo
kriptiranaparola | pw usermod -n -tanj -H 0
root 30508 0.0 0.4 2696 1200 pts/2R+ 22:54 0:00 sh -c echo
kriptiranaparola | pw usermod -n -tanj -H 0
kriptiranaparola command line arg...
. ...
, ...
local patch ;-)
--
pub 4096R/0E4BD0AB 2003-03-18 keyserver.bu.edu ; pgp.mit.edu
fingerprint 1AE7 7C66 0A26 5BFF DF22 5D55 1C57 0C89 0E4B D0AB
A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers).
http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora
To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
Re: lug-bg: passwd i chfn prez web?
On Tue, Jun 01, 2004 at 08:24:03PM +0300, Anton Zinoviev wrote: 1.VI.2004 19:53 (+0300) Peter Pentchev : ..- :(, passwd(1) - - , tty , . , Samba , smb.conf: ; For Unix password sync. to work on a Debian GNU/Linux system, the following ; parameters must be set (thanks to Augustin Luton ; [EMAIL PROTECTED] for sending the correct chat script for ; the passwd program in Debian Potato). passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . , , Samba , , :( : parse- , , , ** , :( , setup- / . C,, , ... expect ( - ), ... : shell injection. - - :) , -, passwd(1); .sudo -. . , , : sudo ( ** ,, ), , - chpass,malicious . ! :) , , , , : http://devel.ringlet.net/sysutils/passwdif/passwdif.pl , : username, old password, new password, username old password ,new password. ,chpass/usermod/chpasswd/pw/whatever ( , , ),** , getpwent() crypt() , ,, . - , , :) , root, , :) sudo, passwdif suidperl (! :) , -- Peter Pentchev [EMAIL PROTECTED][EMAIL PROTECTED][EMAIL PROTECTED] PGP key:http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 If this sentence didn't exist, somebody would have invented it. pgp6nrnit9h97.pgp Description: PGP signature
Re: lug-bg: passwd i chfn prez web?
, 2004-06-01 17:26, Peter Pentchev : drug_account ALL=(root) NOPASSWD: /usr/bin/chfn, /usr/bin/passwd /usr/bin/passwd, /usr/sbin/chpasswd , . signature.asc Description: This is a digitally signed message part
Re: lug-bg: passwd i chfn prez web?
Vasil Kolev wrote: , 2004-06-01 17:26, Peter Pentchev : drug_account ALL=(root) NOPASSWD: /usr/bin/chfn, /usr/bin/passwd /usr/bin/passwd, /usr/sbin/chpasswd , . , support :) A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
Re: lug-bg: passwd i chfn prez web?
, 2004-06-01 17:51, Dean Stoeff : , support :) , expect, ? signature.asc Description: This is a digitally signed message part
Re: lug-bg: passwd i chfn prez web?
On Tue, Jun 01, 2004 at 05:51:05PM +0300, Dean Stoeff wrote: Vasil Kolev wrote: , 2004-06-01 17:26, Peter Pentchev : drug_accountALL=(root) NOPASSWD: /usr/bin/chfn, /usr/bin/passwd /usr/bin/passwd, /usr/sbin/chpasswd , . , support :) ///whatever :) , -- Peter Pentchev [EMAIL PROTECTED][EMAIL PROTECTED][EMAIL PROTECTED] PGP key:http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 If this sentence were in Chinese, it would say something else. pgpbprXc35Pm9.pgp Description: PGP signature
Re: lug-bg: passwd i chfn prez web?
On Tue, Jun 01, 2004 at 05:40:14PM +0300, Vasil Kolev wrote:
, 2004-06-01 17:26, Peter Pentchev :
drug_accountALL=(root) NOPASSWD: /usr/bin/chfn, /usr/bin/passwd
/usr/bin/passwd, /usr/sbin/chpasswd ,
.
... , ,chpasswd.
clickety-click , FreeBSD passwd
, printf 'blah\nblah\n' | sudo passwd tanj ...
FreeBSD :
echo blah | /usr/local/bin/sudo /usr/sbin/pw usermod tanj -h 0
.., , :
open(PW, | /usr/local/bin/sudo /usr/sbin/pw usermod tanj -h 0);
print PW blah\n;
close(PW);
.. - (untested):
if (!defined($pid = open(|-)) {
die(fork: $!\n);
} elsif ($pid == 0) {
exec('/usr/local/bin/sudo', '/usr/sbin/pw', 'usermod', $username,
'-h', '0');
die(exec(pw): $!);
}
print PW blah\n;
close(PW);
,
--
Peter Pentchev [EMAIL PROTECTED][EMAIL PROTECTED][EMAIL PROTECTED]
PGP key:http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553
You have, of course, just begun reading the sentence that you have just finished
reading.
pgp8GLiJRonBt.pgp
Description: PGP signature
Re: lug-bg: passwd i chfn prez web?
Vasil Kolev wrote:
, 2004-06-01 17:51, Dean Stoeff :
, support
:)
, expect,
?
my $newsalt = join '',('.','/',0..9,'A'..'Z','a'..'z')[rand 64, rand 64];
my $newpass = crypt ($pass1,$newsalt);
exec echo $user:$newpass|chpasswd -e;
A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers).
http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora
To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
Re: lug-bg: passwd i chfn prez web?
, 2004-06-01 18:06, Dean Stoeff :
my $newsalt = join '',('.','/',0..9,'A'..'Z','a'..'z')[rand 64, rand 64];
my $newpass = crypt ($pass1,$newsalt);
exec echo $user:$newpass|chpasswd -e;
, , passwd
,
chpasswd :)
signature.asc
Description: This is a digitally signed message part
Re: lug-bg: passwd i chfn prez web?
Vasil Kolev wrote: , , passwd , chpasswd :) :)! sudo, , A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
Re: lug-bg: passwd i chfn prez web?
1.V.2004 17:26 (+0300) Peter Pentchev : : sudo :) , , : sudo, etc/sudoers, NOPASSWD :) . :-) , -, .. . - cgi-. , ;-), -. A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
Re: lug-bg: passwd i chfn prez web?
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tuesday 01 June 2004 17:58, Peter Pentchev wrote:
On Tue, Jun 01, 2004 at 05:40:14PM +0300, Vasil Kolev wrote:
, 2004-06-01 17:26, Peter Pentchev :
drug_account ALL=(root) NOPASSWD: /usr/bin/chfn, /usr/bin/passwd
/usr/bin/passwd, /usr/sbin/chpasswd ,
.
... , ,chpasswd.
clickety-click , FreeBSD passwd
, printf 'blah\nblah\n' | sudo passwd tanj ...
FreeBSD :
echo blah | /usr/local/bin/sudo /usr/sbin/pw usermod tanj -h 0
.., , :
open(PW, | /usr/local/bin/sudo /usr/sbin/pw usermod tanj -h 0);
print PW blah\n;
close(PW);
.. - (untested):
if (!defined($pid = open(|-)) {
die(fork: $!\n);
} elsif ($pid == 0) {
exec('/usr/local/bin/sudo', '/usr/sbin/pw', 'usermod', $username,
'-h', '0');
die(exec(pw): $!);
}
print PW blah\n;
close(PW);
,
/usr/sbin/usermod
usage: usermod [-u uid [-o]] [-g group] [-G group,...]
[-d home [-m]] [-s shell] [-c comment] [-l new_name]
[-f inactive] [-e expire ] [-p passwd] [-L|-U] name
( -p),, expect
;)
.
- --
Vladimir Smolensky
System Administrator, Ancient Media Ltd.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFAvKCcWK2Tr8wzGisRAhyCAJ9psh8LkpOwWVtmyjbQQKZuvpKt0gCfejQ8
WOZeUNpyfDoBVgvwFHvkfoo=
=fIGD
-END PGP SIGNATURE-
A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers).
http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora
To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
Re: lug-bg: passwd i chfn prez web?
Anton Zinoviev wrote: 1.V.2004 17:26 (+0300) Peter Pentchev : : sudo :) , , : sudo, etc/sudoers, NOPASSWD :) . :-) , -, .. . - cgi-. , ;-), -. :) A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
Re: lug-bg: passwd i chfn prez web?
On Tue, Jun 01, 2004 at 06:31:19PM +0300, Anton Zinoviev wrote: 1.V.2004 17:26 (+0300) Peter Pentchev : : sudo :) , , : sudo, etc/sudoers, NOPASSWD :) . :-) , -, .. . - cgi-. , ;-), -. .. : , ,, , ? , : . , getpwent() , checkpassword djb. , .. , -; :) , -- Peter Pentchev [EMAIL PROTECTED][EMAIL PROTECTED][EMAIL PROTECTED] PGP key:http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 because I didn't think of a good beginning of it. pgpHsPvLDQG1v.pgp Description: PGP signature
Re: lug-bg: passwd i chfn prez web?
On Tue, Jun 01, 2004 at 06:28:28PM +0300, Vladimir Smolensky wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tuesday 01 June 2004 17:58, Peter Pentchev wrote:
On Tue, Jun 01, 2004 at 05:40:14PM +0300, Vasil Kolev wrote:
, 2004-06-01 17:26, Peter Pentchev :
drug_accountALL=(root) NOPASSWD: /usr/bin/chfn, /usr/bin/passwd
/usr/bin/passwd, /usr/sbin/chpasswd ,
.
... , ,chpasswd.
clickety-click , FreeBSD passwd
, printf 'blah\nblah\n' | sudo passwd tanj ...
FreeBSD :
echo blah | /usr/local/bin/sudo /usr/sbin/pw usermod tanj -h 0
.., , :
open(PW, | /usr/local/bin/sudo /usr/sbin/pw usermod tanj -h 0);
print PW blah\n;
close(PW);
.. - (untested):
if (!defined($pid = open(|-)) {
die(fork: $!\n);
} elsif ($pid == 0) {
exec('/usr/local/bin/sudo', '/usr/sbin/pw', 'usermod', $username,
'-h', '0');
die(exec(pw): $!);
}
print PW blah\n;
close(PW);
,
/usr/sbin/usermod
usage: usermod [-u uid [-o]] [-g group] [-G group,...]
[-d home [-m]] [-s shell] [-c comment] [-l new_name]
[-f inactive] [-e expire ] [-p passwd] [-L|-U] name
( -p),, expect
;)
.
command-line argument
, ps awwwfux .
, , ... :)
BSD pw(8) useradd/usermod ,
.,
local patch, David Malone commit-,
pw usermod -H 0,-h -H
:)
,
--
Peter Pentchev [EMAIL PROTECTED][EMAIL PROTECTED][EMAIL PROTECTED]
PGP key:http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553
This sentence claims to be an Epimenides paradox, but it is lying.
pgp64DkGjxYHw.pgp
Description: PGP signature
Re: lug-bg: passwd i chfn prez web?
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
, -, ..
. - cgi-.
, ;-),
-.
[cut]
?php
if($_REQUEST[pass1] != $_REQUEST[pass2] ) {
echo passwords do not match;
exit;
}
// drugi prowerki
$crypted_pass = crypt($_REQUEST[pass1]);
system ( sudo. usermod -p $crypted_pass $_SESSION[username], $result);
if($result) {
echo blabla greshka;
}
?
form action=?=$PHP_SELF? METHOD=POST
Smqna na parola
Nowata parolainput name=pass1 type=password
Parolata pak input name=pass2 type=password
input type=submit
/form
[cut]
twa sega go drasnah taka che sigurno nqma trygne otma... :) dofixni si greshkite,
inache principno neshto takowa ;)
- --
Vladimir Smolensky
System Administrator, Ancient Media Ltd.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFAvKaHWK2Tr8wzGisRAp1yAKCYYm/xNLnPQ3IpUEV5wmA5dWvBPQCg6G98
37IlgBMPlRECKGLiHXxInHI=
=LjfW
-END PGP SIGNATURE-
A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers).
http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora
To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
Re: lug-bg: passwd i chfn prez web?
On Tue, Jun 01, 2004 at 06:53:43PM +0300, Vladimir Smolensky wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
, -, ..
. - cgi-.
, ;-),
-.
[cut]
?php
if($_REQUEST[pass1] != $_REQUEST[pass2] ) {
echo passwords do not match;
exit;
}
// drugi prowerki
$crypted_pass = crypt($_REQUEST[pass1]);
system ( sudo. usermod -p $crypted_pass $_SESSION[username], $result);
... , , lusername
... ,
lusernames? :)
, Perl ... ,
CGI, ;)
,
--
Peter Pentchev [EMAIL PROTECTED][EMAIL PROTECTED][EMAIL PROTECTED]
PGP key:http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553
If this sentence were in Chinese, it would say something else.
changepass.pl
Description: Perl program
pgpcoLHSFwU4v.pgp
Description: PGP signature
Re: lug-bg: passwd i chfn prez web?
On Tue, Jun 01, 2004 at 07:21:39PM +0300, Peter Pentchev wrote:
On Tue, Jun 01, 2004 at 06:53:43PM +0300, Vladimir Smolensky wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
, -, ..
. - cgi-.
, ;-),
-.
[cut]
?php
if($_REQUEST[pass1] != $_REQUEST[pass2] ) {
echo passwords do not match;
exit;
}
// drugi prowerki
$crypted_pass = crypt($_REQUEST[pass1]);
system ( sudo. usermod -p $crypted_pass $_SESSION[username], $result);
... , , lusername
... ,
lusernames? :)
, Perl ... ,
CGI, ;)
... : , .pl
mail :((
,inline, :)
,
--
Peter Pentchev [EMAIL PROTECTED][EMAIL PROTECTED][EMAIL PROTECTED]
PGP key:http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553
When you are not looking at it, this sentence is in Spanish.
#!/usr/bin/perl -wT
=pod
=head1 NAME
changepass.pl - a trivial CGI script for changing passwords
$Ringlet: perl/www/changepass/changepass.pl,v 1.1 2004/06/01 16:21:13 roam Exp $
=head1 DESCRIPTION
Makes an attempt to change a system user's password.
=cut
use strict;
sub get_vars($);
sub change_pass(%);
=pod
=head1 FUNCTIONS
=over 4
=item MAIN
The main routine - examines the parameter string, and if the requireed
parameters are passed in, invokes Cchange_pass(), otherwise invokes
Cdisplay_form().
=cut
MAIN:
{
my ($q, %q);
$q = $ENV{'QUERY_STRING'};
%q = ();
%q = get_vars($q) if (defined($q) $q ne '');
if (defined($q{'username'}) defined($q{'password'})
defined($q{'submit'})) {
change_pass(%q);
} else {
display_form();
}
exit(0);
}
=pod
=item get_vars($query_string)
Parses a CGI query string into a hash of var/val pairs.
=cut
sub get_vars($)
{
my $s = $_[0];
my %h = ();
my ($key, $val);
foreach my $v (split(//, $s)) {
$v =~ s/[+|]/ /g;
($key, $val) = split(/=/, $v);
$key =~ s/%([[:xdigit:]]{2})/pack(c,hex($1))/ge;
$val =~ s/%([[:xdigit:]]{2})/pack(c,hex($1))/ge;
$h{$key} = $val;
}
return %h;
}
=pod
=item display_form()
Display the info entry form.
=cut
sub display_form()
{
print EOF
Content-type: text/html; charset=us-ascii
html
head
meta http-equiv=Content-Type content=text/html; charset=us-ascii
titlePassword changer/title
/head
body
h1Password changer/h1
form method=GET
table border=0
tr
tdUsername:/td
tdinput type=text name=username/td
/tr
tr
tdPassword:/td
tdinput type=text name=password/td
/tr
tr
tdinput type=submit name=submit value=Change it/td
tdnbsp;/td
/tr
/table
/form
/body
/html
EOF
}
=pod
=item change_pass(%data)
Invokes Isudo(8) and Ipw(8) to change the user's password. Expects
C$data{'username'} and C$data{'password'} to be defined.
=cut
sub change_pass(%)
{
my %h = @_;
my $pid;
if ($h{'username'} =~ /^([\w\d_.-]+)$/) {
$h{'username'} = $1;
} else {
$h{'username'} = '';
}
delete @ENV{'PATH', 'IFS', 'CDPATH', 'ENV', 'BASHENV'};
if (!defined($pid = open(PW, '|-'))) {
die(fork(): $!\n);
} elsif ($pid == 0) {
exec('/usr/local/bin/sudo', '/usr/sbin/pw', 'usermod', '-n',
$h{'username'}, '-h', '0');
die(exec(): $!\n);
}
print PW $h{password}\n;
close(PW);
print EOF
Content-type: text/html; charset=us-ascii
html
head
meta http-equiv=Content-Type content=text/html; charset=us-ascii
titlePassword changer/title
/head
body
h1Password changer/h1
pAn attempt was made to change the password. No idea whether we made it
:)/p
/html
EOF
}
=pod
=back
=head1 BUGS
=over 4
=item *
no attempt is made to handle or even detect password change errors;
=item *
no attempt is made to authenticate the user before changing the password;
=item *
the I/usr/local/bin/sudo and I/usr/sbin/pw locations are hard-coded;
=item *
I believe Anton wanted Ichfn(1), too, but oh well ;)
=back
=cut
pgp30XB6wtkkA.pgp
Description: PGP signature
Re: lug-bg: passwd i chfn prez web?
1.V.2004 18:34 (+0300) Dean Stoeff : :) , , , . :-) A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
Re: lug-bg: passwd i chfn prez web?
1.V.2004 18:38 (+0300) Peter Pentchev : .. : , ,, , ? , sudo. : . cgi- passwd. pehcno, su,passwdpencho (su). passwd pehcho,, . chfn. apt-cache search unstable. , usermin-changepass, , , Debian stable . ,. , , . :-) A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
Re: lug-bg: passwd i chfn prez web?
On Tuesday 01 June 2004 18:40, Peter Pentchev wrote: --cut-- ( -p),, expect ;) . command-line argument , ps awwwfux . , , ... :) , /proc per user basis ? grsec, rsbac, exec-shield, NSA, FBI, , ;-) BSD pw(8) useradd/usermod , ., local patch, David Malone commit-, pw usermod -H 0,-h -H :) . command line environment , (-h, -H) , ,. pipe ( ?)usermod ( file descr) ... , stdin usermod ? -- pub 4096R/0E4BD0AB 2003-03-18 keyserver.bu.edu ; pgp.mit.edu fingerprint 1AE7 7C66 0A26 5BFF DF22 5D55 1C57 0C89 0E4B D0AB A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
Re: lug-bg: passwd i chfn prez web?
On Tue, Jun 01, 2004 at 07:43:06PM +0300, Anton Zinoviev wrote: 1.V.2004 18:38 (+0300) Peter Pentchev : .. : , ,, , ? , sudo. : . cgi- passwd. pehcno, su,passwdpencho (su). passwd pehcho,, . chfn. ..- :(, passwd(1) - - , tty , . , parse- ... , :(( - checkpassword, - http://cr.yp.to/checkpwd.html - : , , system(), shell injection. ,sudo checkpassword true, exit code, : file descriptor 3 sudo checkpassword true username NUL oldpass NUL timestamp NUL3 exit code checkpassword , sudo usermod -p encryptedpass , , . , -, passwd(1); - passwd(1) :) apt-cache search unstable. , usermin-changepass, , , Debian stable . - - usermin? :) ,. , , . :-) ,- sudo, chpass/usermod/pw, checkpassword, CGI.pm, perl taint mode - , , , :P , -- Peter Pentchev [EMAIL PROTECTED][EMAIL PROTECTED][EMAIL PROTECTED] PGP key:http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 I am the meaning of this sentence. pgpX3ISm0ntpT.pgp Description: PGP signature
Re: lug-bg: passwd i chfn prez web?
On Tue, Jun 01, 2004 at 07:46:35PM +0300, George Danchev wrote: On Tuesday 01 June 2004 18:40, Peter Pentchev wrote: --cut-- ( -p),, expect ;) . command-line argument , ps awwwfux . , , ... :) , /proc per user basis ? grsec, rsbac, exec-shield, NSA, FBI, , ;-) , apachenobody www, (malicious ),nobody www? :) , - . BSD pw(8) useradd/usermod , ., local patch, David Malone commit-, pw usermod -H 0,-h -H :) . command line environment , (-h, -H) , ,. pipe ( ?)usermod ( file descr) ... , stdin usermod ? , pw usermod -h 0 stdin ( -, -h fdnum fdnum, command line). ( , David Malone commit- FreeBSD) -H 0, ** stdin, ,open(|-), system(echo bfh20dj4u32u | pw usermod -n tanj -H 0) ps awwwfux, echo. , , :) , :) , -- Peter Pentchev [EMAIL PROTECTED][EMAIL PROTECTED][EMAIL PROTECTED] PGP key:http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 because I didn't think of a good beginning of it. pgptQWknNgGMB.pgp Description: PGP signature
Re: lug-bg: passwd i chfn prez web?
1.VI.2004 19:53 (+0300) Peter Pentchev : ..- :(, passwd(1) - - , tty , . , Samba , smb.conf: ; For Unix password sync. to work on a Debian GNU/Linux system, the following ; parameters must be set (thanks to Augustin Luton ; [EMAIL PROTECTED] for sending the correct chat script for ; the passwd program in Debian Potato). passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . , -, passwd(1); .sudo -. - - usermin? :) - . A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
