i was reading about shell scripting today and found a warning against using the 'passwd' command in an automated script. i don't understand how this would be a security risk, can someone please explain?

Interesting... One would assume the fact that you would have to apply a password
within the script that it could be a way of revealing passwords unnecessarily.

Another thing may be that you may create a script that has relaxed attributes allowing
someone to abuse the passwd command as an escalated user within the script using
clever parsing.

i don't see how the script could reveal a password if i don't put it anywhere in the script (that would be an obvious security flaw as the script file is unencrypted). i simply send the command and wait for the user to type a new password. it should be just as secure as typing 'passwd' from the command prompt, right?

i did think about the permissions and i set it so that it can only be run by root.

to me this seems like a perfectly secure situation, but then again, i am a

i simply send the command and wait for the user to type a new password.

What you suggest is commpn practice with may secure shell scripts. With that
I mean the calling of another program in a secure manor to carry out a function.

I have not read the article you mentioned therefore I cannot comment on its
content.

From what you describe, a simple call for passwd to interact with a user much in
the same way as if they were to initiate it themselves doesn't 'seem' to prove
insecure in itself.

Saying that, with the right set of circumstances "surrounding" the request for
that function within a script may prove to be hazzardous to security. But then
that can be said of any function being misused. This would then be an issue with
the way the author of the script constructed it and not with passwd itself.

If passwd has a flaw in the way it executes from within a script then that is
something I am unaware of and a quick visit to any good security website would
answer that question for you.

I'd be interested to read this article you mentioned.

G

Just guessing here as the OP didn't include a reference to the material he/she was reading, but they're probably talking about silly things like piping the new password to passwd on stdin. A crafty attacker could get the password from the process list if you did something like that.

hehe, okay, that's kind of what i figured... and yes, i realized it would be VERY silly to put the actual password in the script file!

i read this advice from a shell-scripting guide (the link to which i've now lost) but it wasn't even an article really, just a piece of advice stuck in against using 'passwd' in scripts with no evidence to back up the claim. just thought i'd check with you guys to make sure i wasn't missing something silly!

thanks all!