Date: Thu, 3 Aug 2000 01:15:23 -0500 (CDT) From: airboss@bitstream.net To: Andre Albsmeier <andre.albsmeier@mchp.siemens.de> Cc: freebsd-security@freebsd.org Subject: Re: What will I lose if ssh is no more suid root? Message-ID: <Pine.LNX.4.20.0008030108130.607-100000@dmitri.bitstream.net> In-Reply-To: <20000803074228.A1682@curry.mchp.siemens.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 3 Aug 2000, Andre Albsmeier wrote: > As the subject says: What functionality will I lose when ssh > in 4.1-STABLE is not setuid root anymore? The setuid SSH uses low ephemeral ports -- starting around 1000 for ordinary SSH, and at 950 or so for OpenSSH -- instead of the ordinary 1024-65535. Apparently, the intent is that one "proves" one's authenticity by binding to a low port. All this really proves (IMHO) is that you have a setuid binary on your machine ;). Removing the setuid bit may (as stated by others) break rhosts authentication, but is otherwise harmless, AFAIK. There's plenty of comment on this subject on the OpenSSH mailing list. ~Dan D. -- __________________________________________________________________ -- I feel the earth move. -- I feel the tumbling down, the tumbling down. ++ Dan Debertin ++ Senior Systems Administrator ++ Bitstream Underground, LLC ++ airboss@bitstream.net ++ (612)321-9290 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.20.0008030108130.607-100000>