conf/84221: Wrong permissions on /etc/opiekeys
Eygene A.Ryabinkin
rea at rea.mbslab.kiae.ru
Thu Jul 28 13:00:25 GMT 2005
>Number: 84221
>Category: conf
>Synopsis: Wrong permissions on /etc/opiekeys
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Thu Jul 28 13:00:24 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator: Eygene A. Ryabinkin
>Release: FreeBSD 5.4-STABLE i386
>Organization:
Code Labs
>Environment:
System: FreeBSD **************** 5.4-STABLE FreeBSD 5.4-STABLE #6: Wed Jul 27 10:22:02 MSD 2005 root@****************:/usr/obj/usr/src/sys/TWINS i386
>Description:
The permissions on /etc/opiekeys are wrong: 0644 instead of 0600. It does not
make any sense to give the read permission without the write one, just due to
the design of OPIE: if one should read and authenticate using /etc/opiekeys,
then precisely that being thould write the new hash to that file. Thanks to
Peter Jeremy for giving me this argument!
There were the same bug for S/Key a long time ago, but at that times FreeBSD
was maintaining 0600 permissions on the /etc/skeykeys file.
>How-To-Repeat:
ls -l /etc/opiekeys
>Fix:
First, chmod 0600 /etc/opiekeys. The fix the OPIE sources to create that file
with right permissions.
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list