Date: Fri, 4 Aug 2000 17:12:12 +0200 From: Andre Albsmeier <andre.albsmeier@mchp.siemens.de> To: Terje Elde <terje@elde.net> Cc: Andre Albsmeier <andre.albsmeier@mchp.siemens.de>, freebsd-security@FreeBSD.ORG Subject: Re: What will I lose if ssh is no more suid root? Message-ID: <20000804171212.B6933@curry.mchp.siemens.de> In-Reply-To: <20000804163918.W23567@dlt.follo.net>; from terje@elde.net on Fri, Aug 04, 2000 at 04:39:18PM %2B0200 References: <20000803074228.A1682@curry.mchp.siemens.de> <20000804163918.W23567@dlt.follo.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 04-Aug-2000 at 16:39:18 +0200, Terje Elde wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > * Andre Albsmeier (andre.albsmeier@mchp.siemens.de) [000803 07:47]: > > Since I assume that no program is suid root without reason, > > can someone please enlighten me what I will lose now? > > It seems everyone's mentioned the low port issues, which IMHO isn't offering > much security as it could be any box popped up on the same IP... > > Anyways, what it does give you is the ability to read the host key's private > part, and thus use RSAHostAuthentication, which is far more useful. Yes, I found this issue in the docs meanwhile... > If you don't need/want it though, running with the setuid bits off should not > give you too much of a problem. No, I am currently running without it and didn't have problems. Thanks, -Andre To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000804171212.B6933>