Date: Thu, 3 Jun 1999 11:02:14 -0700 From: "Jan B. Koum " <jkb@best.com> To: Bill Fumerola <billf@jade.chc-chimes.com>, Unknow User <kernel@tdnet.com.br> Cc: Matthew Hunt <mph@astro.caltech.edu>, freebsd-security@FreeBSD.ORG Subject: Re: SSH2 (in FreeBSD-Questions) Message-ID: <19990603110213.B19566@best.com> In-Reply-To: <Pine.BSF.3.96.990603133742.8776C-100000@jade.chc-chimes.com>; from Bill Fumerola on Thu, Jun 03, 1999 at 01:38:26PM -0400 References: <375690E3.4BC9BB94@tdnet.com.br> <Pine.BSF.3.96.990603133742.8776C-100000@jade.chc-chimes.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Jun 03, 1999 at 01:38:26PM -0400, Bill Fumerola <billf@jade.chc-chimes.com> wrote: > On Thu, 3 Jun 1999, Unknow User wrote: > > > No, i never use ports (Due to security problem)! > > i always get the source! > > > > Any tips? > > Manually apply the patch or use the source and figure it out for yourself. > > Stop doing things the hard way just for a false sense of security. Ports will install ssh client suid, where I am 99% sure you don't need the client to be suid. I always do '--disable-suid-ssh' when rolling out new ssh. Most of the software can be tweaked to be more secure during the build time .. sudo can be tweaked to switch to non-root user by default, for example. (So you can create user 'blah' to which people can _only_ sudo and hence work in a sandbox of a single user). -- yan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990603110213.B19566>