From owner-freebsd-hackers@FreeBSD.ORG Thu Jul 14 10:14:45 2005 Return-Path: X-Original-To: hackers@freebsd.org Delivered-To: freebsd-hackers@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8043416A41C for ; Thu, 14 Jul 2005 10:14:45 +0000 (GMT) (envelope-from freebsd@rea.mbslab.kiae.ru) Received: from rea.mbslab.kiae.ru (rea.mbslab.kiae.ru [144.206.177.25]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0052043D45 for ; Thu, 14 Jul 2005 10:14:43 +0000 (GMT) (envelope-from freebsd@rea.mbslab.kiae.ru) Received: by rea.mbslab.kiae.ru (Postfix, from userid 1000) id 57039BED6; Thu, 14 Jul 2005 14:14:42 +0400 (MSD) Date: Thu, 14 Jul 2005 14:14:42 +0400 From: "Eygene A. Ryabinkin" To: hackers@freebsd.org Message-ID: <20050714101442.GI16608@rea.mbslab.kiae.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline User-Agent: Mutt/1.5.9i Cc: Subject: /etc/opiekeys permissions? X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Jul 2005 10:14:45 -0000 Good day. Playing with OPIE I've noticed that the /etc/opiekeys have mode 644. As I remember there was a vulnurability related to this permissions for S/Key. But at that times that file was named /etc/skeykeys and it was created with permissions 600, so FreeBSD was not vulnerable to the disctionary attack. But now it seems to be vulnurable again. Are there any programs that are run in non-root mode and they do want to use OPIE? If there is no such programs, why the permissions are so strange? -- rea