Date: Thu, 3 Aug 2000 08:10:49 +0200 From: Andre Albsmeier <andre.albsmeier@mchp.siemens.de> To: airboss@bitstream.net Cc: Andre Albsmeier <andre.albsmeier@mchp.siemens.de>, freebsd-security@freebsd.org Subject: Re: What will I lose if ssh is no more suid root? Message-ID: <20000803081049.A2901@curry.mchp.siemens.de> In-Reply-To: <Pine.LNX.4.20.0008030108130.607-100000@dmitri.bitstream.net>; from airboss@bitstream.net on Thu, Aug 03, 2000 at 01:15:23AM -0500 References: <20000803074228.A1682@curry.mchp.siemens.de> <Pine.LNX.4.20.0008030108130.607-100000@dmitri.bitstream.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 03-Aug-2000 at 01:15:23 -0500, airboss@bitstream.net wrote: > On Thu, 3 Aug 2000, Andre Albsmeier wrote: > > > As the subject says: What functionality will I lose when ssh > > in 4.1-STABLE is not setuid root anymore? > > The setuid SSH uses low ephemeral ports -- starting around 1000 for > ordinary SSH, and at 950 or so for OpenSSH -- instead of the ordinary > 1024-65535. Apparently, the intent is that one "proves" one's authenticity > by binding to a low port. All this really proves (IMHO) is that you have a > setuid binary on your machine ;). > > Removing the setuid bit may (as stated by others) break rhosts > authentication, but is otherwise harmless, AFAIK. There's plenty of > comment on this subject on the OpenSSH mailing list. Will look there, thanks for the hint. -Andre To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000803081049.A2901>