[Bug 61335] Re: opieinfo isn't setuid, whilst opiepasswd is
Micah Cowan
micah at cowan.name
Sat May 29 07:42:26 BST 2010
Again, opiepasswd does _not_ check the user id and act appropriately, so
it should _not_ be made setuid, unless that issue is addressed, as it
would allow any user to modify any other user's keys, AFAICT.
However, to address Thomas's comment: opiepasswd modifies an individual
user's opie keys, and that user shouldn't necessarily be expected to
have sudo access. opiepasswd ought to work analogously to passwd, and
allow a user to change his own (opie)passwd information without becoming
root.
--
opieinfo isn't setuid, whilst opiepasswd is
https://bugs.launchpad.net/bugs/61335
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to opie in ubuntu.
More information about the Ubuntu-server-bugs
mailing list