Re: Special setuid wrapper for Mango



On Thu, Jul 30, 2009 at 02:42:41PM +0200, Olav Vitters wrote:
> Could someone write a setuid wrapper for me?
> 
> I'd like people to be able to reset their Mango LDAP password. For this
> I'd like to have it work by allowing people to do:
>   ssh -l $USERID mango.gnome.org mango
> 
> The fake mango command would call the setuid mango (not setuid root!)
> script named:

Ehr.. to be clear: /usr/local/bin/mango-reset is a C program, which
calls /usr/local/bin/mango-reset.py

> /usr/local/bin/mango-reset (or something)
> which calls:
> /usr/local/bin/mango-reset.py $ORIGINAL_ID (or something, ENV variable
> is also ok, at long as everything stays secure)
> 
> 
> So I need a secure /usr/local/bin/mango-reset.c which checks which user
> called it (so e.g. if someone logs in, I'd like to have my Python script
> *securely* know which password / uid to reset.
> Note: I prefer a number for the userid, e.g. 7810 or something. Think
> that is more secure.
> 
> Could someone write above for me, securely?
> 
> Note: We already have something for signal-ftp-sync. Can't reuse it as I
> want to know who called the setuid wrapper.
> 
> -- 
> Regards,
> Olav

-- 
Regards,
Olav


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]