Hengky Stevanus wrote:

> does anybody can help me...
> the script below has been change 'chown root.root checklogin.pl'
>
> ## Start Script ###
> $passwdfile = "/etc/shadow";
> open (PASSWD, $passwdfile) or exit 1; # Always exit when we running not as root
> (...)
>
> when i'm running as root it's fine working well
> but when i'm using as nobody or orginary user it's not working...
> it's exit when it open $passwdfile...

Instead of:

    open (PASSWD, $passwdfile) or exit 1;

use:

    open (PASSWD, $passwdfile) or die "$passwdfile: $!\n";

and you'll know why it exits. Ordinary users can't read /ets/shadow (and
that's the only reason why /etc/shadow is more secure than single
/etc/passwd).

If you really have to read /etc/shadow (and you really know what you are
doing), you can set the suid bit (which you probably wanted to do when
you chown'ed your script to root.root), see man chmod, but don't do that
unless you know what does it mean and what security holes does it open.

> how do i check the passwd file to authentication login user...?
> i'm using this script for login user at web browser...

Do you use SSL for transmitting passwords? If you want to send passwords
as plain text than don't use the same passwords as you have in
/etc/shadow. Instead use different passwords in different files, see:

http://search.cpan.org/search?dist=Apache-Htpasswd

Apache::Htpasswd module is great for interaction with Apache .htpasswd
files, but it's also great for manipulating passwords not used by
Apache.

Also use taint mode (-T switch), like this in shebang line:

#!/usr/bin/perl -wT

in your scripts, it will help you to make them safer.

- RaFaL Pocztarski, [EMAIL PROTECTED]



-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to