Re: change unix password with cgi-script

FYI, You can also use the Perl Expect module to drive shell commands if just using backticks or system calls is not working out for you. But this whole thing is a bad idea, especially given your your level of coding experience.

Not only are you shelling out far, far too much but you have at least one huge security hole: 'echo "$passwordnew"'. Imagine if someone entered `/bin/rm -rf /` for the password!! Use single ticks in the echo command instead. (Update: added the bold italics)

But really, I think you should bail on this. It's a bad idea. Maybe tell us why it has to be a web page --there might be another way to do this.

Elda Taluta; Sarks Sark; Ark Arks
My deviantART gallery

Comment on Re: change unix password with cgi-script

Replies are listed 'Best First'.
Re^2: change unix password with cgi-script by jellisii2 (Hermit) on Jun 08, 2011 at 17:12 UTC
Ding! It does sound like an XY Problem	[reply]
Re^2: change unix password with cgi-script by duelafn (Parson) on Jun 09, 2011 at 15:45 UTC
Single ticks are insufficient, passing to the shell at all is trouble. merlyn has a post (feeding text to a process, and capturing its output, safely) which shows a safe way to `echo $INPUT \| Some Command` (if the OP insists on pursuing this approach). Good Day, Dean	[reply] [d/l]