PeterJeremy at optushome.com.au
Thu Jul 21 07:34:49 GMT 2005
On Thu, 2005-Jul-14 14:14:42 +0400, Eygene A. Ryabinkin wrote:
> Playing with OPIE I've noticed that the /etc/opiekeys have mode 644.
> But now it seems to be vulnurable again. Are there any programs that are
>run in non-root mode and they do want to use OPIE? If there is no such
>programs, why the permissions are so strange?
Since an OPIE password can only be used once, any program that uses OPIE
needs to be able to read and write /etc/opiekeys. There is no valid reason
for a program to just want to read the file.
More information about the freebsd-hackers