LinuxSecurity.com: Multiple vulnerabilities have been fixed in shadow, which can be exploited by malicious people to inject newlines into the /etc/passwd file.
So I have this PHP script that takes info from HTML form and saves the info to a txt file.
Here is the code
<?php
$input = $_POST;
$dateposted = date("m-d-Y-His");
$fp = fopen("/some/location/public_html/sh/$dateposted.txt", "w");
fwrite($fp, $input.).' ';
fclose($fp);... (16 Replies)
pwconv(1M) System Administration Commands pwconv(1M)NAME
pwconv - installs and updates /etc/shadow with information from /etc/passwd
SYNOPSIS
pwconv
DESCRIPTION
The pwconv command creates and updates /etc/shadow with information from /etc/passwd.
pwconv relies on a special value of 'x' in the password field of /etc/passwd. This value of 'x' indicates that the password for the user is
already in /etc/shadow and should not be modified.
If the /etc/shadow file does not exist, this command will create /etc/shadow with information from /etc/passwd. The command populates
/etc/shadow with the user's login name, password, and password aging information. If password aging information does not exist in
/etc/passwd for a given user, none will be added to /etc/shadow. However, the last changed information will always be updated.
If the /etc/shadow file does exist, the following tasks will be performed:
Entries that are in the /etc/passwd file and not in the /etc/shadow file will be added to the /etc/shadow file.
Entries that are in the /etc/shadow file and not in the /etc/passwd file will be removed from /etc/shadow.
Password attributes (for example, password and aging information) that exist in an /etc/passwd entry will be moved to the corre-
sponding entry in /etc/shadow.
The pwconv command can only be used by the super-user.
FILES
/etc/opasswd
/etc/oshadow
/etc/passwd
/etc/shadow
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|Availability |SUNWcsu |
+-----------------------------+-----------------------------+
SEE ALSO passwd(1), passmgmt(1M), usermod(1M), passwd(4), attributes(5)DIAGNOSTICS
pwconv exits with one of the following values:
0 SUCCESS.
1 Permission denied.
2 Invalid command syntax.
3 Unexpected failure. Conversion not done.
4 Unexpected failure. Password file(s) missing.
5 Password file(s) busy. Try again later.
6 Bad entry in /etc/shadow file.
SunOS 5.10 9 Mar 1993 pwconv(1M)