squirrelmail and passwd pluging. How safe is it?

[dreamer]

Hi,

Due to several complaining users, i think about installing the passwd plugin for squirrelmail. This plugin will allow them to change their password's any time they like.
This is fine to me. however, i am wondering if this will have any impact on my server's security. After all, installing this plugin enables the possibility to alter /etc/passwd and /etc/shadow from the internet. And i don't like this.

Am i being (too) paranoid? And does anyone have experience with this plugin?

thnx!

[georwell]

Can't help you out because none of my mail users actually have user accounts on the system. If this is really bothering you then you should switch mail servers so that email users don't actually correspond to system users. (Are you using SASL?) That said, browse through the code and look for anything obvious. I imagine it is using some form of chpasswd or something similar. You are using SSL right?

[dreamer]

i use ssl indeed.
The source is pretty straigthforward, it calls passwd and forwards it's output to the webinterface. Seems safe to me.

it's just, i don't like the feeling, maybe i should get over it

[afabbro]

[dreamer]

injection might be a danger indeed. In fact, after looking a little bit deeper into the code, i've decided to rewrite the plugin.
e.g. the current one uses its own implementation of chpasswd, allowing the user to submit passwords of only one character!

I'm not sure if the plugin maintainer is still around, but i try to reach him. Your "ssh solution" is nice as well, maybe i use that for the time being.

[fleed]

Or you could also make it all much more secure by using virtual users instead of system ones (as suggested by georwell.)

[dreamer]

[fleed]

Could you use samba to change your passwords instead of squirrelmail? If all the users use both then that might be a more viable (and secure, and better integrated) option!

[dreamer]

wouldn;t that only change the file smbpasswd ?