Again, opiepasswd does _not_ check the user id and act appropriately, so
it should _not_ be made setuid, unless that issue is addressed, as it
would allow any user to modify any other user's keys, AFAICT.
However, to address Thomas's comment: opiepasswd modifies an individual
user's opie keys,
I have the same problem and don't see an issue with opieinfo being setuid
root if opiepasswd is:
The information retrieved by opieinfo is not sensitive at all, sequence number
and seed are publicly shown to anyone who wants to login as the specified user.
The only sensitive data in the OPIE
I'm having a problem where running opieinfo doesn't work, and I think it's
because it isn't root (and /etc/opiekeys is only readable by root). When I run
opieinfo, I get:
Error opening database! (errno = 13)
--
opieinfo isn't setuid, whilst opiepasswd is
https://bugs.launchpad.net/bugs/61335
continued
And when I run sudo opieinfo username, it correctly gives me my sequence
number and seed.
--
opieinfo isn't setuid, whilst opiepasswd is
https://bugs.launchpad.net/bugs/61335
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to opie