Article 11661 at 08/01/05 04:19:47 From: bq (at mark) solarspeed.net Subject: [coba-e:11661] Re: Change password via php.

Index: [Article Count Order] [Thread]
Date:  Fri, 4 Jan 2008 20:19:17 +0100
From:  Michael Stauber <bq (at mark) solarspeed.net>
Subject:  [coba-e:11661] Re: Change password via php.
To:  coba-e (at mark) bluequartz.org
Message-Id:  <200801042019.18020.bq (at mark) solarspeed.net>
In-Reply-To:  <477E6892.9030504 (at mark) serverrack.net>
References:  <477E6892.9030504 (at mark) serverrack.net>
X-Mail-Count: 11661

Hi Matthew,

> I'm looking for a way to change passwords via PHP. I want to avoid using
> the admin web interface.

Why? :o)

The GUI does it in a fashion that's easy to use and secure.

> I was initially thinking of an interface which would prompt the user for
> the old password and new password, then open a shell to 'passwd
> username'. However, only root can change another users password and
> apache of course does not run as root.
>
> I figure that if it can be done both through the admhttp and OpenWebMail
> (via perl) that there must be a way to do it through PHP. I've read some
> about using some PAM PHP module or something to that effect. Anybody
> tackle this yet?

OpenWebmail uses Perl and either a SUID-wrapper, or SUID-Perl. Means: Either 
OpenWebmail itself or parts of it that need "root" access to perform such 
actions run as user "root", group "root". It's not a security hole by itself, 
but it sure is weak security by design.  

It's not wise to tear safety restrictions and security precaustions down to 
allow an application to do things that it shouldn't do. If you have to do it, 
you'll have to go great length to make sure that it won't bit you back in the 
long haul by taking every effort to prevent the weakness getting exploited.

The way AdmServ and CCE work on BlueQuartz the web accessible PHP scripts of 
the GUI run as unprivileged user. If a user accesses the GUI, he has to be 
authenticated and based on the levels of access (user, siteAdmin, 
serverAdmin) he gets different levels of access.

If an authorized user performs an action that requires "root" access to be 
executed on the system level, then CCE handlers (scripts designed to do only 
a specific task and nothing else) are run with "root" privileges by CCE to 
perform that task.

As long as a few precautionary steps are taken, this is pretty secure and can 
hardly be exploited. Even if a user has unprivileged shell access to a 
BlueQuartz server, he'll have a pretty hard time to trick CCE into performing 
actions as "root".

Having said all that I'm pointing out a way that you can do it, but I STRONGLY 
advise AGAINST doing it:

You can use "sudo" to get PHP to execute commands as "root" on the server. But 
that will only work if "Safe_Mode" is turned off. 

So you'll not only have to willingly disable one serious security precaution, 
but two. That's really not a good idea.

-- 
With best regards,

Michael Stauber