Beefy Boxes and Bandwidth Generously Provided by pair Networks
go ahead... be a heretic

Re: Public Access Linux Box

by CukiMnstr (Deacon)
on Mar 15, 2003 at 05:28 UTC ( #243254=note: print w/replies, xml ) Need Help??

in reply to Public Access Linux Box

the call to system() looks fine. The first thing that pops into my mind is: are you running the script as root? if not, do you have it setuid root? /usr/sbin/useradd needs write access to /etc/passwd, and this means root privileges in unix. You want to check the return value of system().
Since this code needs root privileges, you have to make sure your code is safe. You will want to run this under taint mode. (check perlsec for info, taint mode will be turned on for setuid or setgid scripts.) You want to make sure that any user input is safe to pass on to system().
debian's adduser program is written in perl, maybe you could check it for some ideas.

One last thing: are you aware that exec never returns? You probably want a call to system (since it does a fork and waits for the external command to finish) when working with /usr/bin/passwd.

just my 2 cents,

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://243254]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others browsing the Monastery: (3)
As of 2020-02-25 22:05 GMT
Find Nodes?
    Voting Booth?
    What numbers are you going to focus on primarily in 2020?

    Results (113 votes). Check out past polls.