From owner-freebsd-security  Mon Jul  1  7: 1:39 2002
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 0761237B400
	for <security@freebsd.org>; Mon,  1 Jul 2002 07:01:37 -0700 (PDT)
Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 8A41443E0A
	for <security@freebsd.org>; Mon,  1 Jul 2002 07:01:36 -0700 (PDT)
	(envelope-from des@ofug.org)
Received: by flood.ping.uio.no (Postfix, from userid 2602)
	id 483E2534A; Mon,  1 Jul 2002 16:01:35 +0200 (CEST)
X-URL: http://www.ofug.org/~des/
X-Disclaimer: The views expressed in this message do not necessarily
  coincide with those of any organisation or company with
  which I am or have been affiliated.
To: Chris Johnson <cjohnson@palomine.net>
Cc: security@freebsd.org
Subject: Re: security risk: ktrace(2) in FreeBSD prior to -current.
References: <200206301817.EAA05639@caligula.anu.edu.au>
	<xzp65zzk2ds.fsf@flood.ping.uio.no>
	<20020701135719.GA65770@palomine.net>
From: Dag-Erling Smorgrav <des@ofug.org>
Date: 01 Jul 2002 16:01:34 +0200
In-Reply-To: <20020701135719.GA65770@palomine.net>
Message-ID: <xzpelenim2p.fsf@flood.ping.uio.no>
Lines: 27
User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/21.2
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Chris Johnson <cjohnson@palomine.net> writes:
> On Mon, Jul 01, 2002 at 03:23:59PM +0200, Dag-Erling Smorgrav wrote:
> > Darren Reed <avalon@coombs.anu.edu.au> writes:
> > > With OpenSSH 3.4, ssh-keysign gets installed setuid-root.
> > Not in FreeBSD.
> Are you sure?

I don't care about the port.  Personally, I'd rather it didn't exist,
and I think admins who install it need to have their head checked.

des@des ~% cat /usr/src/secure/usr.bin/ssh-keysign/Makefile
# $FreeBSD: src/secure/usr.bin/ssh-keysign/Makefile,v 1.4 2002/06/25 19:10:09 des Exp $

PROG=   ssh-keysign
MAN=    ssh-keysign.8
CFLAGS+=-I${SSHDIR}

DPADD=  ${LIBSSH} ${LIBCRYPTO} ${LIBZ}
LDADD=  -lssh -lcrypto -lz

.include <bsd.prog.mk>

.PATH:  ${SSHDIR}

DES
-- 
Dag-Erling Smorgrav - des@ofug.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message