From owner-freebsd-security Thu Jun 3 11: 3:11 1999 Delivered-To: freebsd-security@freebsd.org Received: from shell6.ba.best.com (shell6.ba.best.com [206.184.139.137]) by hub.freebsd.org (Postfix) with ESMTP id 1FAAE14CFF for ; Thu, 3 Jun 1999 11:03:08 -0700 (PDT) (envelope-from jkb@shell6.ba.best.com) Received: (from jkb@localhost) by shell6.ba.best.com (8.9.3/8.9.2/best.sh) id LAA24109; Thu, 3 Jun 1999 11:02:14 -0700 (PDT) Message-ID: <19990603110213.B19566@best.com> Date: Thu, 3 Jun 1999 11:02:14 -0700 From: "Jan B. Koum " To: Bill Fumerola , Unknow User Cc: Matthew Hunt , freebsd-security@FreeBSD.ORG Subject: Re: SSH2 (in FreeBSD-Questions) References: <375690E3.4BC9BB94@tdnet.com.br> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.93.2i In-Reply-To: ; from Bill Fumerola on Thu, Jun 03, 1999 at 01:38:26PM -0400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, Jun 03, 1999 at 01:38:26PM -0400, Bill Fumerola wrote: > On Thu, 3 Jun 1999, Unknow User wrote: > > > No, i never use ports (Due to security problem)! > > i always get the source! > > > > Any tips? > > Manually apply the patch or use the source and figure it out for yourself. > > Stop doing things the hard way just for a false sense of security. Ports will install ssh client suid, where I am 99% sure you don't need the client to be suid. I always do '--disable-suid-ssh' when rolling out new ssh. Most of the software can be tweaked to be more secure during the build time .. sudo can be tweaked to switch to non-root user by default, for example. (So you can create user 'blah' to which people can _only_ sudo and hence work in a sandbox of a single user). -- yan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message