Subject: Re: pwd_mkdb hook script?
To: Jason R Thorpe <email@example.com>
From: Emmanuel Dreyfus <firstname.lastname@example.org>
Date: 08/18/2001 08:21:17
> > Here is the patch, is it interesting for NetBSD?
> Well, this could be useful for keeping the YP server database in-sync,
> as well...
We might have security issues here. For instance, we need to close
stdin, stdout and stderr, because the script runs setuid root when a
user uses the passwd command. I made an error in my script, and because
stdin was not closed, I was able to supply data to the script running as
root when I was an average user.
Apart from closing stadard file descriptors and voiding environement, is
there anything else that should be done?
UNIX *is* user friendly. It is just a bit selective about his friends