opieinfo isn't setuid, whilst opiepasswd is
Bug #61335 reported by
Micah Cowan
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
opie (Ubuntu) |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
opieinfo isn't setuid, even though opiepasswd is. This leads to a situation where any user may change or set his passphrase, seed and sequence number, but is unable to use opieinfo to check what the seed and sequence number are (even though he could use opiepasswd to see this).
To post a comment you must log in.
When I submitted this bug, I was under the mistaken impression that opieinfo would check its real uid to determine who should be able to read whose info. It doesn't do this, and so setuid would be completely inappropriate. Rejecting.