Re: [Devel] Re: CVS update: skolelinux/src/webmin-ldap-skolelinux index.cgi

[Maximilian Wilhelm <max@xxxxxxxxxxx>]

Am Donnerstag, den 28 August hub Petter Reinholdtsen folgendes in die Tasten:

> >   @@ -85,6 +85,11 @@
> >            if ($in{'editpw'}){
> >    	    ldap_mod_user ($in{'userUid'}, $rootpw,$rootdn,
> >    			   $basedn, 'userPassword', "{crypt}" .&gen_crypt($in{'editpw'})) ;
> >   +            if ($config{'sambasync'})
> >   +            {
> >   +             # update samba password, too
> >   +             run_script("smb_create.pl", latin1($in{'userUid'})->utf8, $in{'editpw'}, $rootpw);
> >   +            }
 
> Programs should never give password on the command line when starting
> other programs.  The arguments are visible to other users (using ps,
> top, reading /proc/*, etc), so any user on the system can read the
> passwords.  The password arguments should be passed on using the
> environment or stdin.

I know that.
I just copied that piece of code from another place in the same file...

(I just wanted a working solution at that moment and I hope the next
version of the WLS does not contain something like that :-))

Ciao
Max