Date: Fri, 4 Aug 2000 16:39:18 +0200 From: Terje Elde <terje@elde.net> To: Andre Albsmeier <andre.albsmeier@mchp.siemens.de> Cc: freebsd-security@FreeBSD.ORG Subject: Re: What will I lose if ssh is no more suid root? Message-ID: <20000804163918.W23567@dlt.follo.net> In-Reply-To: <20000803074228.A1682@curry.mchp.siemens.de>; from andre.albsmeier@mchp.siemens.de on Thu, Aug 03, 2000 at 07:42:28AM %2B0200 References: <20000803074228.A1682@curry.mchp.siemens.de>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 * Andre Albsmeier (andre.albsmeier@mchp.siemens.de) [000803 07:47]: > Since I assume that no program is suid root without reason, > can someone please enlighten me what I will lose now? It seems everyone's mentioned the low port issues, which IMHO isn't offering much security as it could be any box popped up on the same IP... Anyways, what it does give you is the ability to read the host key's private part, and thus use RSAHostAuthentication, which is far more useful. If you don't need/want it though, running with the setuid bits off should not give you too much of a problem. Terje -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.2 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE5itWV8HLgLrwmRg0RAmOTAJ9rKG5Mm/UqZ373Hx3RIIhuenVQHQCgr7zC PJ1oz7uelJhMC/WHg/z6klk= =CB1U -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000804163918.W23567>