I have the same "problem" and don't see an issue with opieinfo being setuid
root if opiepasswd is:
The information retrieved by opieinfo is not sensitive at all, sequence number
and seed are publicly shown to anyone who wants to login as the specified user.
The only sensitive data in the OPIE system is the user's passphrase and the
keyfile /etc/opiekeys, which should never be world-readable.
** Changed in: opie (Ubuntu)
Status: Invalid => Confirmed
--
opieinfo isn't setuid, whilst opiepasswd is
https://bugs.launchpad.net/bugs/61335
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to opie in ubuntu.
--
Ubuntu-server-bugs mailing list
[email protected]
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
