Hromadne pridavani uzivatelu do Samby

[Pavel Kankovsky]

On Sun, 20 May 2001, Petr Tomasek wrote:

> On Sun, May 20, 2001 at 12:10:54AM +0200, Pavel Kankovsky wrote:
> > On Fri, 18 May 2001, Janek wrote:
> > 
> > > $pass = shift;
> > > $result = `echo "$pass" | passwd $user --stdin`;
> > > $result = `smbpasswd -a $user $pass`;
> > 
> > Hlavne ale tenhle skript nepouzivejte, kdyz bude nejaky zly uzivatel na
> > tom pocitaci spoustet ps, protoze by se mohl docist zajimave veci (cizi
> > hesla).
> > 
> 
> Hmm... a co delat?

V zasade nejnebezpecnejsi jsou veci predavane jako parametry. Ty vidi
v standardne nastavenem systemu kazdy uzivatel. Mene nebezpecne jsou
env. promenne. Nejmene rizikova je pak komunikace pres roury a podobne
veci. Cili napr. misto "$result = `echo "$pass" | passwd $user --stdin`"
pouzit zhruba neco jako

  open(ROURA, "| passwd $user --stdin");
  print(ROURA "$pass\n");
  $result = close(ROURA);

(pochopitelne to chce lepe osetrit chybove stavy).

--Pavel Kankovsky aka Peak  [ Boycott Microsoft--http://www.vcnet.com/bms ]
"Resistance is futile. Open your source code and prepare for assimilation."