[sudo-users] adduser via web (cgi script)
Jim Horwath
jim.horwath at rcn.com
Wed Jul 28 20:57:37 EDT 2004
I think your playing with fire allowing users to be added
from a cgi script. That is a security incident waiting to
happen. A person can add a user then through privledge
escalation become root on your machine, install rootkits,
etc. Or the person can grabn the cgi source monkey with the
tags and add a user with privledge. Sorry for being a party
pooper, but it seems like a poor idea.
Regards,
Jim
---- Original message ----
>Date: Wed, 28 Jul 2004 17:03:40 -0700 (PDT)
>From: "Erickson N. Jacob" <ericj at edigitalweb.com>
>Subject: [sudo-users] adduser via web (cgi script)
>To: sudo-users at sudo.ws
>
>
>hi all
>
>i have a cgi scipt to add user accounts via web
>
>system ("/usr/bin/sudo /usr/sbin/useradd", $user);
>
>my problem is that it wont create the user. i have already
added the user
>nobody in the /etc/sudoers file to permit nobody to execute
the useradd
>command
>
>any advice on this
>
>
>thanks
>
>
>____________________________________________________________
>sudo-users mailing list <sudo-users at sudo.ws>
>For list information, options, or to unsubscribe, visit:
>http://www.sudo.ws/mailman/listinfo/sudo-users
More information about the sudo-users
mailing list