From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1FnHnq-0006Vb-OA for garchives@archives.gentoo.org; Mon, 05 Jun 2006 16:19:43 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.13.6/8.13.6) with SMTP id k55GHiMq005637; Mon, 5 Jun 2006 16:17:44 GMT Received: from mail01.emarketsouth.com (mail01.emarketsouth.com [208.247.233.6]) by robin.gentoo.org (8.13.6/8.13.6) with SMTP id k55GHhNA028920 for ; Mon, 5 Jun 2006 16:17:43 GMT Received: (qmail 22973 invoked by uid 399); 5 Jun 2006 16:21:12 -0000 Received: from unknown (HELO onyx) (64.192.54.4) by mail01.emarketsouth.com with SMTP; 5 Jun 2006 16:21:12 -0000 Subject: Re: [gentoo-embedded] script that changes password for busybox From: Ned Ludd To: gentoo-embedded@lists.gentoo.org In-Reply-To: <1149518744.20770.7.camel@localhost> References: <1149445959.15475.12.camel@localhost> <1149517732.32083.3.camel@onyx> <1149518744.20770.7.camel@localhost> Content-Type: text/plain Organization: Gentoo Linux Date: Mon, 05 Jun 2006 12:17:42 -0400 Message-Id: <1149524262.3315.22.camel@onyx> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-embedded@gentoo.org Reply-to: gentoo-embedded@lists.gentoo.org Mime-Version: 1.0 X-Mailer: Evolution 2.2.3 Content-Transfer-Encoding: 7bit X-Archives-Salt: debdd463-e64a-41ff-9978-9cfa127bcf8f X-Archives-Hash: a85ce6851c2cf53e28007d3fe7e0893f On Mon, 2006-06-05 at 16:45 +0200, Natanael Copa wrote: > On Mon, 2006-06-05 at 10:28 -0400, Ned Ludd wrote: > > On Sun, 2006-06-04 at 20:32 +0200, Natanael Copa wrote: > > > Hi! > > > > > > I'm trying to port a LEAF bering based project to gentoo-embedded. There > > > is a web based UI (using haserl.sourceforge.net) to change password. The > > > code to change the root password looks something like this: > > > > > > newrootpw=$(crypt sN "$root1") > > > awk ' > > > BEGIN{ > > > FS=":"; > > > OFS=":"; > > > } > > > /^root:/{ > > > $2="'"$newrootpw"'"; > > > } > > > {print;} > > > ' /etc/shadow > /tmp/shadow > > > > > > mv /tmp/shadow /etc/shadow > > > > > > Despite all of the security problems with the above I think > > a ~20 line custom c program for this would be ideal. > > I was hoping for a solution without any coding, but yes, I'll probably > end up with a custom c program. (I think somebody already did actually - > just to get going) the vchangepw util might be able to work on system auth. > about the security problems, any suggestion how to change passwords > securely from web interface? (https) I have no idea what auth system you are using so it's hard to say. But clearly the problem with the above awk script other than the obvious /tmp race condition is that it would leave the shadow file as mode 644 vs 600 > -- > Natanael Copa > -- Ned Ludd Gentoo Linux -- gentoo-embedded@gentoo.org mailing list