From owner-freebsd-security Fri Aug 4 8:12:27 2000 Delivered-To: freebsd-security@freebsd.org Received: from david.siemens.de (david.siemens.de [192.35.17.14]) by hub.freebsd.org (Postfix) with ESMTP id A2A0A37BB35 for ; Fri, 4 Aug 2000 08:12:18 -0700 (PDT) (envelope-from andre.albsmeier@mchp.siemens.de) X-Envelope-Sender-Is: andre.albsmeier@mchp.siemens.de (at relayer david.siemens.de) Received: from mail1.siemens.de (mail1.siemens.de [139.23.33.14]) by david.siemens.de (8.10.1/8.10.1) with ESMTP id e74FCD618112; Fri, 4 Aug 2000 17:12:14 +0200 (MET DST) Received: from curry.mchp.siemens.de (curry.mchp.siemens.de [139.25.42.7]) by mail1.siemens.de (8.10.1/8.10.1) with ESMTP id e74FCCP26982; Fri, 4 Aug 2000 17:12:13 +0200 (MET DST) Received: (from localhost) by curry.mchp.siemens.de (8.10.2/8.10.2) id e74FCCT56744; Date: Fri, 4 Aug 2000 17:12:12 +0200 From: Andre Albsmeier To: Terje Elde Cc: Andre Albsmeier , freebsd-security@FreeBSD.ORG Subject: Re: What will I lose if ssh is no more suid root? Message-ID: <20000804171212.B6933@curry.mchp.siemens.de> References: <20000803074228.A1682@curry.mchp.siemens.de> <20000804163918.W23567@dlt.follo.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.4i In-Reply-To: <20000804163918.W23567@dlt.follo.net>; from terje@elde.net on Fri, Aug 04, 2000 at 04:39:18PM +0200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, 04-Aug-2000 at 16:39:18 +0200, Terje Elde wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > * Andre Albsmeier (andre.albsmeier@mchp.siemens.de) [000803 07:47]: > > Since I assume that no program is suid root without reason, > > can someone please enlighten me what I will lose now? > > It seems everyone's mentioned the low port issues, which IMHO isn't offering > much security as it could be any box popped up on the same IP... > > Anyways, what it does give you is the ability to read the host key's private > part, and thus use RSAHostAuthentication, which is far more useful. Yes, I found this issue in the docs meanwhile... > If you don't need/want it though, running with the setuid bits off should not > give you too much of a problem. No, I am currently running without it and didn't have problems. Thanks, -Andre To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message