Re: lug-bg: passwd i chfn prez web?
On Sat, Jun 05, 2004 at 09:06:22PM +0300, Anton Zinoviev wrote: 2.VI.2004 19:48 (+0300) Peter Pentchev : , : http://devel.ringlet.net/sysutils/passwdif/passwdif.pl , : username, old password, new password, username old password ,new password. , . , - (gpasswd) , -- .. , security audit ;-). -:) , , , all-singing, all-dancing , - , , portability. ... , , , , , .. CGI , C, setuid , , , - (30-35 ). exploitable buffer overflows, DoS-able ,, exploitable :( , -- Peter Pentchev [EMAIL PROTECTED][EMAIL PROTECTED][EMAIL PROTECTED] PGP key:http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 If this sentence didn't exist, somebody would have invented it. pgpMK61YY5M0O.pgp Description: PGP signature
Re: lug-bg: passwd i chfn prez web?
2.VI.2004 19:48 (+0300) Peter Pentchev : , : http://devel.ringlet.net/sysutils/passwdif/passwdif.pl , : username, old password, new password, username old password ,new password. , . , - (gpasswd) , -- .. , security audit ;-). A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
Re: lug-bg: passwd i chfn prez web?
, -, .. . - cgi-. , ;-), -. http://sarg.sourceforge.net/chetcpasswd.php A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
Re: lug-bg: passwd i chfn prez web?
On Tuesday 01 June 2004 19:59, Peter Pentchev wrote: On Tue, Jun 01, 2004 at 07:46:35PM +0300, George Danchev wrote: On Tuesday 01 June 2004 18:40, Peter Pentchev wrote: --cut-- ( -p), , expect ;) . command-line argument , ps awwwfux . , , ... :) , /proc per user basis ? grsec, rsbac, exec-shield, NSA, FBI, , ;-) , apachenobody www, (malicious ),nobody www? :) , - . , , ;-) , per user basis , , ( root == God, ;-). / / ;-) ... , , userspace util-, ... . BSD pw(8) useradd/usermod , ., local patch, David Malone commit-, pw usermod -H 0,-h -H :) . command line environment , (-h, -H) , , . pipe ( ?) usermod ( file descr) ... , stdin usermod ? , pw usermod -h 0 stdin ( -, -h fdnum fdnum, command line). ( , David Malone commit- FreeBSD) -H 0, ** stdin, ,open(|-), system(echo bfh20dj4u32u | pw usermod -n tanj -H 0) ps awwwfux, echo. , echo ( ), ... , ps... , : cat lll.c #include stdio.h main() { system (echo kriptiranaparola | pw usermod -n -tanj -H 0) ; } -, , : while i=j; do ps aux |grep usermod ; done : root 30507 0.0 0.4 2696 1200 pts/2R+ 22:54 0:00 sh -c echo kriptiranaparola | pw usermod -n -tanj -H 0 root 30508 0.0 0.4 2696 1200 pts/2R+ 22:54 0:00 sh -c echo kriptiranaparola | pw usermod -n -tanj -H 0 kriptiranaparola command line arg... . ... , ... local patch ;-) -- pub 4096R/0E4BD0AB 2003-03-18 keyserver.bu.edu ; pgp.mit.edu fingerprint 1AE7 7C66 0A26 5BFF DF22 5D55 1C57 0C89 0E4B D0AB A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
Re: lug-bg: passwd i chfn prez web?
On Tue, Jun 01, 2004 at 08:24:03PM +0300, Anton Zinoviev wrote: 1.VI.2004 19:53 (+0300) Peter Pentchev : ..- :(, passwd(1) - - , tty , . , Samba , smb.conf: ; For Unix password sync. to work on a Debian GNU/Linux system, the following ; parameters must be set (thanks to Augustin Luton ; [EMAIL PROTECTED] for sending the correct chat script for ; the passwd program in Debian Potato). passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . , , Samba , , :( : parse- , , , ** , :( , setup- / . C,, , ... expect ( - ), ... : shell injection. - - :) , -, passwd(1); .sudo -. . , , : sudo ( ** ,, ), , - chpass,malicious . ! :) , , , , : http://devel.ringlet.net/sysutils/passwdif/passwdif.pl , : username, old password, new password, username old password ,new password. ,chpass/usermod/chpasswd/pw/whatever ( , , ),** , getpwent() crypt() , ,, . - , , :) , root, , :) sudo, passwdif suidperl (! :) , -- Peter Pentchev [EMAIL PROTECTED][EMAIL PROTECTED][EMAIL PROTECTED] PGP key:http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 If this sentence didn't exist, somebody would have invented it. pgp6nrnit9h97.pgp Description: PGP signature
Re: lug-bg: passwd i chfn prez web?
, 2004-06-01 17:26, Peter Pentchev : drug_account ALL=(root) NOPASSWD: /usr/bin/chfn, /usr/bin/passwd /usr/bin/passwd, /usr/sbin/chpasswd , . signature.asc Description: This is a digitally signed message part
Re: lug-bg: passwd i chfn prez web?
Vasil Kolev wrote: , 2004-06-01 17:26, Peter Pentchev : drug_account ALL=(root) NOPASSWD: /usr/bin/chfn, /usr/bin/passwd /usr/bin/passwd, /usr/sbin/chpasswd , . , support :) A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
Re: lug-bg: passwd i chfn prez web?
, 2004-06-01 17:51, Dean Stoeff : , support :) , expect, ? signature.asc Description: This is a digitally signed message part
Re: lug-bg: passwd i chfn prez web?
On Tue, Jun 01, 2004 at 05:51:05PM +0300, Dean Stoeff wrote: Vasil Kolev wrote: , 2004-06-01 17:26, Peter Pentchev : drug_accountALL=(root) NOPASSWD: /usr/bin/chfn, /usr/bin/passwd /usr/bin/passwd, /usr/sbin/chpasswd , . , support :) ///whatever :) , -- Peter Pentchev [EMAIL PROTECTED][EMAIL PROTECTED][EMAIL PROTECTED] PGP key:http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 If this sentence were in Chinese, it would say something else. pgpbprXc35Pm9.pgp Description: PGP signature
Re: lug-bg: passwd i chfn prez web?
On Tue, Jun 01, 2004 at 05:40:14PM +0300, Vasil Kolev wrote: , 2004-06-01 17:26, Peter Pentchev : drug_accountALL=(root) NOPASSWD: /usr/bin/chfn, /usr/bin/passwd /usr/bin/passwd, /usr/sbin/chpasswd , . ... , ,chpasswd. clickety-click , FreeBSD passwd , printf 'blah\nblah\n' | sudo passwd tanj ... FreeBSD : echo blah | /usr/local/bin/sudo /usr/sbin/pw usermod tanj -h 0 .., , : open(PW, | /usr/local/bin/sudo /usr/sbin/pw usermod tanj -h 0); print PW blah\n; close(PW); .. - (untested): if (!defined($pid = open(|-)) { die(fork: $!\n); } elsif ($pid == 0) { exec('/usr/local/bin/sudo', '/usr/sbin/pw', 'usermod', $username, '-h', '0'); die(exec(pw): $!); } print PW blah\n; close(PW); , -- Peter Pentchev [EMAIL PROTECTED][EMAIL PROTECTED][EMAIL PROTECTED] PGP key:http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 You have, of course, just begun reading the sentence that you have just finished reading. pgp8GLiJRonBt.pgp Description: PGP signature
Re: lug-bg: passwd i chfn prez web?
Vasil Kolev wrote: , 2004-06-01 17:51, Dean Stoeff : , support :) , expect, ? my $newsalt = join '',('.','/',0..9,'A'..'Z','a'..'z')[rand 64, rand 64]; my $newpass = crypt ($pass1,$newsalt); exec echo $user:$newpass|chpasswd -e; A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
Re: lug-bg: passwd i chfn prez web?
, 2004-06-01 18:06, Dean Stoeff : my $newsalt = join '',('.','/',0..9,'A'..'Z','a'..'z')[rand 64, rand 64]; my $newpass = crypt ($pass1,$newsalt); exec echo $user:$newpass|chpasswd -e; , , passwd , chpasswd :) signature.asc Description: This is a digitally signed message part
Re: lug-bg: passwd i chfn prez web?
Vasil Kolev wrote: , , passwd , chpasswd :) :)! sudo, , A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
Re: lug-bg: passwd i chfn prez web?
1.V.2004 17:26 (+0300) Peter Pentchev : : sudo :) , , : sudo, etc/sudoers, NOPASSWD :) . :-) , -, .. . - cgi-. , ;-), -. A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
Re: lug-bg: passwd i chfn prez web?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tuesday 01 June 2004 17:58, Peter Pentchev wrote: On Tue, Jun 01, 2004 at 05:40:14PM +0300, Vasil Kolev wrote: , 2004-06-01 17:26, Peter Pentchev : drug_account ALL=(root) NOPASSWD: /usr/bin/chfn, /usr/bin/passwd /usr/bin/passwd, /usr/sbin/chpasswd , . ... , ,chpasswd. clickety-click , FreeBSD passwd , printf 'blah\nblah\n' | sudo passwd tanj ... FreeBSD : echo blah | /usr/local/bin/sudo /usr/sbin/pw usermod tanj -h 0 .., , : open(PW, | /usr/local/bin/sudo /usr/sbin/pw usermod tanj -h 0); print PW blah\n; close(PW); .. - (untested): if (!defined($pid = open(|-)) { die(fork: $!\n); } elsif ($pid == 0) { exec('/usr/local/bin/sudo', '/usr/sbin/pw', 'usermod', $username, '-h', '0'); die(exec(pw): $!); } print PW blah\n; close(PW); , /usr/sbin/usermod usage: usermod [-u uid [-o]] [-g group] [-G group,...] [-d home [-m]] [-s shell] [-c comment] [-l new_name] [-f inactive] [-e expire ] [-p passwd] [-L|-U] name ( -p),, expect ;) . - -- Vladimir Smolensky System Administrator, Ancient Media Ltd. -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFAvKCcWK2Tr8wzGisRAhyCAJ9psh8LkpOwWVtmyjbQQKZuvpKt0gCfejQ8 WOZeUNpyfDoBVgvwFHvkfoo= =fIGD -END PGP SIGNATURE- A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
Re: lug-bg: passwd i chfn prez web?
Anton Zinoviev wrote: 1.V.2004 17:26 (+0300) Peter Pentchev : : sudo :) , , : sudo, etc/sudoers, NOPASSWD :) . :-) , -, .. . - cgi-. , ;-), -. :) A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
Re: lug-bg: passwd i chfn prez web?
On Tue, Jun 01, 2004 at 06:31:19PM +0300, Anton Zinoviev wrote: 1.V.2004 17:26 (+0300) Peter Pentchev : : sudo :) , , : sudo, etc/sudoers, NOPASSWD :) . :-) , -, .. . - cgi-. , ;-), -. .. : , ,, , ? , : . , getpwent() , checkpassword djb. , .. , -; :) , -- Peter Pentchev [EMAIL PROTECTED][EMAIL PROTECTED][EMAIL PROTECTED] PGP key:http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 because I didn't think of a good beginning of it. pgpHsPvLDQG1v.pgp Description: PGP signature
Re: lug-bg: passwd i chfn prez web?
On Tue, Jun 01, 2004 at 06:28:28PM +0300, Vladimir Smolensky wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tuesday 01 June 2004 17:58, Peter Pentchev wrote: On Tue, Jun 01, 2004 at 05:40:14PM +0300, Vasil Kolev wrote: , 2004-06-01 17:26, Peter Pentchev : drug_accountALL=(root) NOPASSWD: /usr/bin/chfn, /usr/bin/passwd /usr/bin/passwd, /usr/sbin/chpasswd , . ... , ,chpasswd. clickety-click , FreeBSD passwd , printf 'blah\nblah\n' | sudo passwd tanj ... FreeBSD : echo blah | /usr/local/bin/sudo /usr/sbin/pw usermod tanj -h 0 .., , : open(PW, | /usr/local/bin/sudo /usr/sbin/pw usermod tanj -h 0); print PW blah\n; close(PW); .. - (untested): if (!defined($pid = open(|-)) { die(fork: $!\n); } elsif ($pid == 0) { exec('/usr/local/bin/sudo', '/usr/sbin/pw', 'usermod', $username, '-h', '0'); die(exec(pw): $!); } print PW blah\n; close(PW); , /usr/sbin/usermod usage: usermod [-u uid [-o]] [-g group] [-G group,...] [-d home [-m]] [-s shell] [-c comment] [-l new_name] [-f inactive] [-e expire ] [-p passwd] [-L|-U] name ( -p),, expect ;) . command-line argument , ps awwwfux . , , ... :) BSD pw(8) useradd/usermod , ., local patch, David Malone commit-, pw usermod -H 0,-h -H :) , -- Peter Pentchev [EMAIL PROTECTED][EMAIL PROTECTED][EMAIL PROTECTED] PGP key:http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 This sentence claims to be an Epimenides paradox, but it is lying. pgp64DkGjxYHw.pgp Description: PGP signature
Re: lug-bg: passwd i chfn prez web?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 , -, .. . - cgi-. , ;-), -. [cut] ?php if($_REQUEST[pass1] != $_REQUEST[pass2] ) { echo passwords do not match; exit; } // drugi prowerki $crypted_pass = crypt($_REQUEST[pass1]); system ( sudo. usermod -p $crypted_pass $_SESSION[username], $result); if($result) { echo blabla greshka; } ? form action=?=$PHP_SELF? METHOD=POST Smqna na parola Nowata parolainput name=pass1 type=password Parolata pak input name=pass2 type=password input type=submit /form [cut] twa sega go drasnah taka che sigurno nqma trygne otma... :) dofixni si greshkite, inache principno neshto takowa ;) - -- Vladimir Smolensky System Administrator, Ancient Media Ltd. -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFAvKaHWK2Tr8wzGisRAp1yAKCYYm/xNLnPQ3IpUEV5wmA5dWvBPQCg6G98 37IlgBMPlRECKGLiHXxInHI= =LjfW -END PGP SIGNATURE- A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
Re: lug-bg: passwd i chfn prez web?
On Tue, Jun 01, 2004 at 06:53:43PM +0300, Vladimir Smolensky wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 , -, .. . - cgi-. , ;-), -. [cut] ?php if($_REQUEST[pass1] != $_REQUEST[pass2] ) { echo passwords do not match; exit; } // drugi prowerki $crypted_pass = crypt($_REQUEST[pass1]); system ( sudo. usermod -p $crypted_pass $_SESSION[username], $result); ... , , lusername ... , lusernames? :) , Perl ... , CGI, ;) , -- Peter Pentchev [EMAIL PROTECTED][EMAIL PROTECTED][EMAIL PROTECTED] PGP key:http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 If this sentence were in Chinese, it would say something else. changepass.pl Description: Perl program pgpcoLHSFwU4v.pgp Description: PGP signature
Re: lug-bg: passwd i chfn prez web?
On Tue, Jun 01, 2004 at 07:21:39PM +0300, Peter Pentchev wrote: On Tue, Jun 01, 2004 at 06:53:43PM +0300, Vladimir Smolensky wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 , -, .. . - cgi-. , ;-), -. [cut] ?php if($_REQUEST[pass1] != $_REQUEST[pass2] ) { echo passwords do not match; exit; } // drugi prowerki $crypted_pass = crypt($_REQUEST[pass1]); system ( sudo. usermod -p $crypted_pass $_SESSION[username], $result); ... , , lusername ... , lusernames? :) , Perl ... , CGI, ;) ... : , .pl mail :(( ,inline, :) , -- Peter Pentchev [EMAIL PROTECTED][EMAIL PROTECTED][EMAIL PROTECTED] PGP key:http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 When you are not looking at it, this sentence is in Spanish. #!/usr/bin/perl -wT =pod =head1 NAME changepass.pl - a trivial CGI script for changing passwords $Ringlet: perl/www/changepass/changepass.pl,v 1.1 2004/06/01 16:21:13 roam Exp $ =head1 DESCRIPTION Makes an attempt to change a system user's password. =cut use strict; sub get_vars($); sub change_pass(%); =pod =head1 FUNCTIONS =over 4 =item MAIN The main routine - examines the parameter string, and if the requireed parameters are passed in, invokes Cchange_pass(), otherwise invokes Cdisplay_form(). =cut MAIN: { my ($q, %q); $q = $ENV{'QUERY_STRING'}; %q = (); %q = get_vars($q) if (defined($q) $q ne ''); if (defined($q{'username'}) defined($q{'password'}) defined($q{'submit'})) { change_pass(%q); } else { display_form(); } exit(0); } =pod =item get_vars($query_string) Parses a CGI query string into a hash of var/val pairs. =cut sub get_vars($) { my $s = $_[0]; my %h = (); my ($key, $val); foreach my $v (split(//, $s)) { $v =~ s/[+|]/ /g; ($key, $val) = split(/=/, $v); $key =~ s/%([[:xdigit:]]{2})/pack(c,hex($1))/ge; $val =~ s/%([[:xdigit:]]{2})/pack(c,hex($1))/ge; $h{$key} = $val; } return %h; } =pod =item display_form() Display the info entry form. =cut sub display_form() { print EOF Content-type: text/html; charset=us-ascii html head meta http-equiv=Content-Type content=text/html; charset=us-ascii titlePassword changer/title /head body h1Password changer/h1 form method=GET table border=0 tr tdUsername:/td tdinput type=text name=username/td /tr tr tdPassword:/td tdinput type=text name=password/td /tr tr tdinput type=submit name=submit value=Change it/td tdnbsp;/td /tr /table /form /body /html EOF } =pod =item change_pass(%data) Invokes Isudo(8) and Ipw(8) to change the user's password. Expects C$data{'username'} and C$data{'password'} to be defined. =cut sub change_pass(%) { my %h = @_; my $pid; if ($h{'username'} =~ /^([\w\d_.-]+)$/) { $h{'username'} = $1; } else { $h{'username'} = ''; } delete @ENV{'PATH', 'IFS', 'CDPATH', 'ENV', 'BASHENV'}; if (!defined($pid = open(PW, '|-'))) { die(fork(): $!\n); } elsif ($pid == 0) { exec('/usr/local/bin/sudo', '/usr/sbin/pw', 'usermod', '-n', $h{'username'}, '-h', '0'); die(exec(): $!\n); } print PW $h{password}\n; close(PW); print EOF Content-type: text/html; charset=us-ascii html head meta http-equiv=Content-Type content=text/html; charset=us-ascii titlePassword changer/title /head body h1Password changer/h1 pAn attempt was made to change the password. No idea whether we made it :)/p /html EOF } =pod =back =head1 BUGS =over 4 =item * no attempt is made to handle or even detect password change errors; =item * no attempt is made to authenticate the user before changing the password; =item * the I/usr/local/bin/sudo and I/usr/sbin/pw locations are hard-coded; =item * I believe Anton wanted Ichfn(1), too, but oh well ;) =back =cut pgp30XB6wtkkA.pgp Description: PGP signature
Re: lug-bg: passwd i chfn prez web?
1.V.2004 18:34 (+0300) Dean Stoeff : :) , , , . :-) A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
Re: lug-bg: passwd i chfn prez web?
1.V.2004 18:38 (+0300) Peter Pentchev : .. : , ,, , ? , sudo. : . cgi- passwd. pehcno, su,passwdpencho (su). passwd pehcho,, . chfn. apt-cache search unstable. , usermin-changepass, , , Debian stable . ,. , , . :-) A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
Re: lug-bg: passwd i chfn prez web?
On Tuesday 01 June 2004 18:40, Peter Pentchev wrote: --cut-- ( -p),, expect ;) . command-line argument , ps awwwfux . , , ... :) , /proc per user basis ? grsec, rsbac, exec-shield, NSA, FBI, , ;-) BSD pw(8) useradd/usermod , ., local patch, David Malone commit-, pw usermod -H 0,-h -H :) . command line environment , (-h, -H) , ,. pipe ( ?)usermod ( file descr) ... , stdin usermod ? -- pub 4096R/0E4BD0AB 2003-03-18 keyserver.bu.edu ; pgp.mit.edu fingerprint 1AE7 7C66 0A26 5BFF DF22 5D55 1C57 0C89 0E4B D0AB A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
Re: lug-bg: passwd i chfn prez web?
On Tue, Jun 01, 2004 at 07:43:06PM +0300, Anton Zinoviev wrote: 1.V.2004 18:38 (+0300) Peter Pentchev : .. : , ,, , ? , sudo. : . cgi- passwd. pehcno, su,passwdpencho (su). passwd pehcho,, . chfn. ..- :(, passwd(1) - - , tty , . , parse- ... , :(( - checkpassword, - http://cr.yp.to/checkpwd.html - : , , system(), shell injection. ,sudo checkpassword true, exit code, : file descriptor 3 sudo checkpassword true username NUL oldpass NUL timestamp NUL3 exit code checkpassword , sudo usermod -p encryptedpass , , . , -, passwd(1); - passwd(1) :) apt-cache search unstable. , usermin-changepass, , , Debian stable . - - usermin? :) ,. , , . :-) ,- sudo, chpass/usermod/pw, checkpassword, CGI.pm, perl taint mode - , , , :P , -- Peter Pentchev [EMAIL PROTECTED][EMAIL PROTECTED][EMAIL PROTECTED] PGP key:http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 I am the meaning of this sentence. pgpX3ISm0ntpT.pgp Description: PGP signature
Re: lug-bg: passwd i chfn prez web?
On Tue, Jun 01, 2004 at 07:46:35PM +0300, George Danchev wrote: On Tuesday 01 June 2004 18:40, Peter Pentchev wrote: --cut-- ( -p),, expect ;) . command-line argument , ps awwwfux . , , ... :) , /proc per user basis ? grsec, rsbac, exec-shield, NSA, FBI, , ;-) , apachenobody www, (malicious ),nobody www? :) , - . BSD pw(8) useradd/usermod , ., local patch, David Malone commit-, pw usermod -H 0,-h -H :) . command line environment , (-h, -H) , ,. pipe ( ?)usermod ( file descr) ... , stdin usermod ? , pw usermod -h 0 stdin ( -, -h fdnum fdnum, command line). ( , David Malone commit- FreeBSD) -H 0, ** stdin, ,open(|-), system(echo bfh20dj4u32u | pw usermod -n tanj -H 0) ps awwwfux, echo. , , :) , :) , -- Peter Pentchev [EMAIL PROTECTED][EMAIL PROTECTED][EMAIL PROTECTED] PGP key:http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 because I didn't think of a good beginning of it. pgptQWknNgGMB.pgp Description: PGP signature
Re: lug-bg: passwd i chfn prez web?
1.VI.2004 19:53 (+0300) Peter Pentchev : ..- :(, passwd(1) - - , tty , . , Samba , smb.conf: ; For Unix password sync. to work on a Debian GNU/Linux system, the following ; parameters must be set (thanks to Augustin Luton ; [EMAIL PROTECTED] for sending the correct chat script for ; the passwd program in Debian Potato). passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . , -, passwd(1); .sudo -. - - usermin? :) - . A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html