From owner-freebsd-arch Sat Sep 2 14:53: 4 2000 Delivered-To: freebsd-arch@freebsd.org Received: from scientia.demon.co.uk (scientia.demon.co.uk [212.228.14.13]) by hub.freebsd.org (Postfix) with ESMTP id 3219937B423; Sat, 2 Sep 2000 14:52:53 -0700 (PDT) Received: from strontium.scientia.demon.co.uk ([192.168.91.36] ident=root) by scientia.demon.co.uk with esmtp (Exim 3.16 #1) id 13VKSv-000C4u-00; Sat, 02 Sep 2000 22:04:41 +0100 Received: (from ben@localhost) by strontium.scientia.demon.co.uk (8.9.3/8.9.3) id WAA30510; Sat, 2 Sep 2000 22:04:41 +0100 (BST) (envelope-from ben) Date: Sat, 2 Sep 2000 22:04:41 +0100 From: Ben Smithurst To: "Jacques A. Vidrine" Cc: Dan Nelson , sthaug@nethelp.no, phk@critter.freebsd.dk, ume@FreeBSD.ORG, arch@FreeBSD.ORG Subject: Re: setuid ssh should die (Re: Request for review: nsswitch) Message-ID: <20000902220441.O72445@strontium.scientia.demon.co.uk> References: <41582.967924374@critter> <62717.967924513@verdi.nethelp.no> <20000902145822.B28852@dan.emsphone.com> <20000902150221.A1263@hamlet.nectar.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2i In-Reply-To: <20000902150221.A1263@hamlet.nectar.com> Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Jacques A. Vidrine wrote: > On Sat, Sep 02, 2000 at 02:58:22PM -0500, Dan Nelson wrote: >> Rather, it's so it can read the host key, which is only readable by >> root. > > We're talking about ssh, not sshd. Yes, ssh needs to read the host key for RhostsRSA authentication to work. If you don't use RhostsRSA, it doesn't need to be setuid. At least, that's my understanding, which may be wrong. Time for a SSH_SETUID knob in make.conf perhaps. -- Ben Smithurst / ben@FreeBSD.org / PGP: 0x99392F7D To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message