conf/84221: Wrong permissions on /etc/opiekeys

[Eygene A.Ryabinkin]

>Number:         84221
>Category:       conf
>Synopsis:       Wrong permissions on /etc/opiekeys
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Jul 28 13:00:24 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator:     Eygene A. Ryabinkin
>Release:        FreeBSD 5.4-STABLE i386
>Organization:
Code Labs
>Environment:
System: FreeBSD **************** 5.4-STABLE FreeBSD 5.4-STABLE #6: Wed Jul 27 10:22:02 MSD 2005 root@****************:/usr/obj/usr/src/sys/TWINS i386
>Description:
 The permissions on /etc/opiekeys are wrong: 0644 instead of 0600. It does not
make any sense to give the read permission without the write one, just due to
the design of OPIE: if one should read and authenticate using /etc/opiekeys,
then precisely that being thould write the new hash to that file. Thanks to
Peter Jeremy for giving me this argument!
 There were the same bug for S/Key a long time ago, but at that times FreeBSD
was maintaining 0600 permissions on the /etc/skeykeys file.
>How-To-Repeat:
 ls -l /etc/opiekeys
>Fix:
 First, chmod 0600 /etc/opiekeys. The fix the OPIE sources to create that file
with right permissions.
>Release-Note:
>Audit-Trail:
>Unformatted: