From rene@cyrus.eyep.net  Sat Sep  2 13:08:23 2000
Return-Path: <rene@cyrus.eyep.net>
Received: from cyrus.sativa.de (p3E9D0C88.dip.t-dialin.net [62.157.12.136])
	by hub.freebsd.org (Postfix) with ESMTP id 4A8A637B424
	for <FreeBSD-gnats-submit@freebsd.org>; Sat,  2 Sep 2000 13:08:19 -0700 (PDT)
Received: from ole.sativa.de (ole.sativa.de [192.168.17.43])
	by cyrus.sativa.de (8.9.3/8.9.3) with ESMTP id WAA07288
	for <FreeBSD-gnats-submit@freebsd.org>; Sat, 2 Sep 2000 22:08:07 +0200 (CEST)
	(envelope-from rene@ole.sativa.de)
Received: (from rene@localhost)
	by ole.sativa.de (8.9.3/8.9.3) id WAA11275;
	Sat, 2 Sep 2000 22:08:12 +0200 (CEST)
	(envelope-from rene)
Message-Id: <200009022008.WAA11275@ole.sativa.de>
Date: Sat, 2 Sep 2000 22:08:12 +0200 (CEST)
From: rene@cyrus.eyep.net
Reply-To: rene@cyrus.eyep.net
To: FreeBSD-gnats-submit@freebsd.org
Subject: permissions on /usr/bin/opiepasswd 
X-Send-Pr-Version: 3.2

>Number:         20996
>Category:       bin
>Synopsis:       permissions on /usr/bin/opiepasswd
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    kris
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Sat Sep 02 13:10:01 PDT 2000
>Closed-Date:    Fri Aug 23 20:36:11 PDT 2002
>Last-Modified:  Fri Aug 23 20:36:11 PDT 2002
>Originator:     Rene Scholz
>Release:        FreeBSD 4.1-STABLE i386
>Organization:
>Environment:


>Description:

Using opiepasswd as a user is not possible, because the installed binary
has wrong permissions (must be set SUID)

>How-To-Repeat:

rene:ole[~]>opiepasswd -c                                              (0)22:05
Error: Can't update key database.

>Fix:
 
rene:ole[~]>sudo chmod 4555 `which opiepasswd`
rene:ole[~]>ls -la `which opiepasswd`


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->kris 
Responsible-Changed-By: sheldonh 
Responsible-Changed-When: Mon Sep 4 06:54:24 PDT 2000 
Responsible-Changed-Why:  
Over to maintainer. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=20996 

From: Kris Kennaway <kris@FreeBSD.org>
To: Cc: freebsd-bugs@FreeBSD.org, freebsd-gnats-submit@freebsd.org
Subject: Re: bin/20996: permissions on /usr/bin/opiepasswd
Date: Mon, 4 Sep 2000 15:14:09 -0700 (PDT)

 On Mon, 4 Sep 2000 sheldonh@FreeBSD.org wrote:
 
 > Synopsis: permissions on /usr/bin/opiepasswd
 
 Thanks - I've known about this for some time, but wanted to do a source
 code audit of opiepasswd before giving it the setuid bit. I'll try and get
 to it soon.
 
 Kris
 
 --
 In God we Trust -- all others must submit an X.509 certificate.
     -- Charles Forsythe <forsythe@alum.mit.edu>
 
 

From: Alex Vasylenko <lxv@omut.org>
To: freebsd-gnats-submit@FreeBSD.org
Cc: Kris Kennaway <kris@FreeBSD.org>
Subject: Re: bin/20996: permissions on /usr/bin/opiepasswd
Date: Thu, 21 Mar 2002 01:53:58 -0800

 http://www.w00w00.org/advisories/skey.html
 
 When opiepasswd(1) is used, the libopie function opieopen() is called. The
 two functions which call opieopen are opiereadrec() and opiewriterec().
 Both functions call opieopen and specify a mode of 644. If the /etc/opiekeys
 database is not present, a file is created with this mode, resulting in a
 world-readable file.
State-Changed-From-To: open->closed 
State-Changed-By: kris 
State-Changed-When: Fri Aug 23 20:34:17 PDT 2002 
State-Changed-Why:  
Fixed in rev 1.4.2.2 of usr.bin/opiepasswd/Makefile by des 

http://www.freebsd.org/cgi/query-pr.cgi?pr=20996 
>Unformatted:
