Comment 5 for bug 61335

Revision history for this message
Micah Cowan (micahcowan) wrote :

Again, opiepasswd does _not_ check the user id and act appropriately, so it should _not_ be made setuid, unless that issue is addressed, as it would allow any user to modify any other user's keys, AFAICT.

However, to address Thomas's comment: opiepasswd modifies an individual user's opie keys, and that user shouldn't necessarily be expected to have sudo access. opiepasswd ought to work analogously to passwd, and allow a user to change his own (opie)passwd information without becoming root.