From owner-freebsd-security Wed Aug 2 23: 6:35 2000 Delivered-To: freebsd-security@freebsd.org Received: from amazhan.bitstream.net (amazhan.bitstream.net [216.243.128.132]) by hub.freebsd.org (Postfix) with SMTP id 889E437B6F1 for ; Wed, 2 Aug 2000 23:06:30 -0700 (PDT) (envelope-from airboss@bitstream.net) Received: (qmail 45435 invoked from network); 3 Aug 2000 06:06:28 -0000 Received: from unknown (HELO dmitri.bitstream.net) (206.144.236.191) by mail with SMTP; 3 Aug 2000 06:06:28 -0000 Date: Thu, 3 Aug 2000 01:15:23 -0500 (CDT) From: airboss@bitstream.net To: Andre Albsmeier Cc: freebsd-security@freebsd.org Subject: Re: What will I lose if ssh is no more suid root? In-Reply-To: <20000803074228.A1682@curry.mchp.siemens.de> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, 3 Aug 2000, Andre Albsmeier wrote: > As the subject says: What functionality will I lose when ssh > in 4.1-STABLE is not setuid root anymore? The setuid SSH uses low ephemeral ports -- starting around 1000 for ordinary SSH, and at 950 or so for OpenSSH -- instead of the ordinary 1024-65535. Apparently, the intent is that one "proves" one's authenticity by binding to a low port. All this really proves (IMHO) is that you have a setuid binary on your machine ;). Removing the setuid bit may (as stated by others) break rhosts authentication, but is otherwise harmless, AFAIK. There's plenty of comment on this subject on the OpenSSH mailing list. ~Dan D. -- __________________________________________________________________ -- I feel the earth move. -- I feel the tumbling down, the tumbling down. ++ Dan Debertin ++ Senior Systems Administrator ++ Bitstream Underground, LLC ++ airboss@bitstream.net ++ (612)321-9290 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message