Bug 20996

Summary: permissions on /usr/bin/opiepasswd
Product: Base System Reporter: rene <rene>
Component: binAssignee: Kris Kennaway <kris>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: 4.1-STABLE   
Hardware: Any   
OS: Any   

Description rene 2000-09-02 21:10:01 UTC 
Using opiepasswd as a user is not possible, because the installed binary
has wrong permissions (must be set SUID)

Fix: 

rene:ole[~]>sudo chmod 4555 `which opiepasswd`
rene:ole[~]>ls -la `which opiepasswd`
How-To-Repeat: 
rene:ole[~]>opiepasswd -c                                              (0)22:05
Error: Can't update key database.
Comment 1 Sheldon Hearn freebsd_committer freebsd_triage 2000-09-04 14:54:24 UTC 
Responsible Changed
From-To: freebsd-bugs->kris

Over to maintainer.
Comment 2 Kris Kennaway freebsd_committer freebsd_triage 2000-09-04 23:14:09 UTC 
On Mon, 4 Sep 2000 sheldonh@FreeBSD.org wrote:

> Synopsis: permissions on /usr/bin/opiepasswd

Thanks - I've known about this for some time, but wanted to do a source
code audit of opiepasswd before giving it the setuid bit. I'll try and get
to it soon.

Kris

--
In God we Trust -- all others must submit an X.509 certificate.
    -- Charles Forsythe <forsythe@alum.mit.edu>
Comment 3 Alex Vasylenko 2002-03-21 09:53:58 UTC 
http://www.w00w00.org/advisories/skey.html

When opiepasswd(1) is used, the libopie function opieopen() is called. The
two functions which call opieopen are opiereadrec() and opiewriterec().
Both functions call opieopen and specify a mode of 644. If the /etc/opiekeys
database is not present, a file is created with this mode, resulting in a
world-readable file.
Comment 4 Kris Kennaway freebsd_committer freebsd_triage 2002-08-24 04:34:17 UTC 
State Changed
From-To: open->closed

Fixed in rev 1.4.2.2 of usr.bin/opiepasswd/Makefile by des