Date: Thu, 28 Jul 2005 16:55:22 +0400 (MSD) From: "Eygene A.Ryabinkin" <rea@rea.mbslab.kiae.ru> To: FreeBSD-gnats-submit@FreeBSD.org Subject: conf/84221: Wrong permissions on /etc/opiekeys Message-ID: <20050728125522.1C67FBB60@rea.mbslab.kiae.ru> Resent-Message-ID: <200507281300.j6SD0PDC030760@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 84221 >Category: conf >Synopsis: Wrong permissions on /etc/opiekeys >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Jul 28 13:00:24 GMT 2005 >Closed-Date: >Last-Modified: >Originator: Eygene A. Ryabinkin >Release: FreeBSD 5.4-STABLE i386 >Organization: Code Labs >Environment: System: FreeBSD **************** 5.4-STABLE FreeBSD 5.4-STABLE #6: Wed Jul 27 10:22:02 MSD 2005 root@****************:/usr/obj/usr/src/sys/TWINS i386 >Description: The permissions on /etc/opiekeys are wrong: 0644 instead of 0600. It does not make any sense to give the read permission without the write one, just due to the design of OPIE: if one should read and authenticate using /etc/opiekeys, then precisely that being thould write the new hash to that file. Thanks to Peter Jeremy for giving me this argument! There were the same bug for S/Key a long time ago, but at that times FreeBSD was maintaining 0600 permissions on the /etc/skeykeys file. >How-To-Repeat: ls -l /etc/opiekeys >Fix: First, chmod 0600 /etc/opiekeys. The fix the OPIE sources to create that file with right permissions. >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050728125522.1C67FBB60>