Hi,
> i set suid of the vpasswd command in vpopmail/bin direct.
> then i execute this command with script,it works.
> is it correct way.....
Basic rule: If someone has to ask if her/his suid script is sure, it
probably isn't:-)
Also suid scripts, i.e. text files interpreted by a shell, perl or so
have some extra pitfalls regarding security, which a real program
does not have.
You have to make sure, that only persons in need to use the script can
actually use it, by setting the right permissions and performing
necessary tests regarding who calls the script otherwise anyone could
change anybody elses password.
All user input, arguments etc. should be accuratly verified, to make
sure no one can abuse of your program, using specially crafted input to
be able to do more, than you want to allow such a user to do.
claudio
--
Claudio Nieder, Kanalweg 1, CH-8610 Uster, Tel +41 79 357 6743
yahoo messenger: claudionieder aim: claudionieder icq:42315212
mailto:[EMAIL PROTECTED] http://www.claudio.ch
