From owner-freebsd-security Fri Aug 4 7:39:27 2000 Delivered-To: freebsd-security@freebsd.org Received: from dlt.follo.net (elde.org [195.204.143.185]) by hub.freebsd.org (Postfix) with ESMTP id 8E82A37BB5D for ; Fri, 4 Aug 2000 07:39:20 -0700 (PDT) (envelope-from terje@elde.net) Received: by dlt.follo.net (Postfix, from userid 1002) id 467F75EF3D; Fri, 4 Aug 2000 16:39:18 +0200 (CEST) Date: Fri, 4 Aug 2000 16:39:18 +0200 From: Terje Elde To: Andre Albsmeier Cc: freebsd-security@FreeBSD.ORG Subject: Re: What will I lose if ssh is no more suid root? Message-ID: <20000804163918.W23567@dlt.follo.net> References: <20000803074228.A1682@curry.mchp.siemens.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.4i In-Reply-To: <20000803074228.A1682@curry.mchp.siemens.de>; from andre.albsmeier@mchp.siemens.de on Thu, Aug 03, 2000 at 07:42:28AM +0200 X-Mailer: Mutt http://www.mutt.org/ X-Editor: Vim http://www.vim.org/ X-IRC: ircii!epic4-2000 - prevail[1214] X-Goal: Exterminate All Rational Thought Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 * Andre Albsmeier (andre.albsmeier@mchp.siemens.de) [000803 07:47]: > Since I assume that no program is suid root without reason, > can someone please enlighten me what I will lose now? It seems everyone's mentioned the low port issues, which IMHO isn't offering much security as it could be any box popped up on the same IP... Anyways, what it does give you is the ability to read the host key's private part, and thus use RSAHostAuthentication, which is far more useful. If you don't need/want it though, running with the setuid bits off should not give you too much of a problem. Terje -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.2 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE5itWV8HLgLrwmRg0RAmOTAJ9rKG5Mm/UqZ373Hx3RIIhuenVQHQCgr7zC PJ1oz7uelJhMC/WHg/z6klk= =CB1U -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message