From owner-freebsd-security Mon Jun 24 16:47:33 2002 Delivered-To: freebsd-security@freebsd.org Received: from hyperreal.org (taz3.hyperreal.org [209.133.83.22]) by hub.freebsd.org (Postfix) with SMTP id 498D637B400 for ; Mon, 24 Jun 2002 16:47:31 -0700 (PDT) Received: (qmail 29235 invoked from network); 24 Jun 2002 23:47:22 -0000 Received: from localhost.hyperreal.org (HELO yez.hyperreal.org) (127.0.0.1) by localhost.hyperreal.org with SMTP; 24 Jun 2002 23:47:22 -0000 Received: (qmail 4394 invoked by uid 1000); 24 Jun 2002 23:49:23 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 24 Jun 2002 23:49:23 -0000 Date: Mon, 24 Jun 2002 16:49:23 -0700 (PDT) From: Brian Behlendorf To: security@freebsd.org Subject: UseLogin and openssh-portable priv separation Message-ID: <20020624164234.E10398-100000@yez.hyperreal.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Spam-Rating: localhost.hyperreal.org 1.6.2 0/1000/N Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I prefer to use UseLogin in sshd_config so I can pick some login.conf settings. It appears I needed to turn that off in order to get the privilege separation in openssh 3.3 to work, where there's a much smaller segment of code that runs root rather than the whole sshd child. Anyone know whether it's possible to reconcile the two? Or a reliable way to set the MAIL variable for all users, independent of the shells they're using, which is all I care about at this point. Brian To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message