Programming Forums - View Single Post

mackenga · May 11th, 2006, 3:36 PM

Shelling out and executing login (or su, or setting environment variables) will only have effective changes as long as the shell that ran the commands in question is executing. As soon as that shell terminates and returns to your PHP code, the changes are forgotten.

I'm actually not sure how you'd go about checking if someone has the right password since I've never had to do this from inside a server-side script or similar, but I do know that making /etc/shadow readable by anyone other than root is BAD as it defeats the purpose of using the shadow file, and making a PHP script execute as root is far, far worse.

The shell-out line that you suggested also has a serious flaw; what if someone taps "blah; rm -rf /" in as their username? Anything the webserver has write access to is removed. There are also more imaginative things they might do - suffice it to say they can do pretty much anything unless you do some simple check (e.g. ensuring that there are only alphanumeric / other valid password characters in the username given, etc.).

Like I say, I don't have a great suggestion for how you could check the passwords are valid. I'd probably use separate sign-on details for the web interface rather than trying to reuse the Unix accounts, but that's just me (maybe I'm just lazy). If it's very important to use the Unix accounts to log in to your PHP-based system, I have a very vague idea that something called PAM may be involved - I hope this is a decent starting point for you.

Best of luck!

May 11th, 2006, 3:36 PM	#4
mackenga Professional Programmer Join Date: Mar 2005 Location: Glasgow, Scotland Posts: 317 Rep Power: 4	Shelling out and executing login (or su, or setting environment variables) will only have effective changes as long as the shell that ran the commands in question is executing. As soon as that shell terminates and returns to your PHP code, the changes are forgotten. I'm actually not sure how you'd go about checking if someone has the right password since I've never had to do this from inside a server-side script or similar, but I do know that making /etc/shadow readable by anyone other than root is BAD as it defeats the purpose of using the shadow file, and making a PHP script execute as root is far, far worse. The shell-out line that you suggested also has a serious flaw; what if someone taps "blah; rm -rf /" in as their username? Anything the webserver has write access to is removed. There are also more imaginative things they might do - suffice it to say they can do pretty much anything unless you do some simple check (e.g. ensuring that there are only alphanumeric / other valid password characters in the username given, etc.). Like I say, I don't have a great suggestion for how you could check the passwords are valid. I'd probably use separate sign-on details for the web interface rather than trying to reuse the Unix accounts, but that's just me (maybe I'm just lazy). If it's very important to use the Unix accounts to log in to your PHP-based system, I have a very vague idea that something called PAM may be involved - I hope this is a decent starting point for you. Best of luck! __________________ "I'm not a genius. Why do I have to suffer?"