From owner-freebsd-arch Sun Sep 3 17:59:55 2000 Delivered-To: freebsd-arch@freebsd.org Received: from odin.ac.hmc.edu (Odin.AC.HMC.Edu [134.173.32.75]) by hub.freebsd.org (Postfix) with ESMTP id 79C7237B43C for ; Sun, 3 Sep 2000 17:59:53 -0700 (PDT) Received: (from brdavis@localhost) by odin.ac.hmc.edu (8.11.0/8.11.0) id e840xeF01766; Sun, 3 Sep 2000 17:59:40 -0700 Date: Sun, 3 Sep 2000 17:59:39 -0700 From: Brooks Davis To: Warner Losh Cc: "Jacques A. Vidrine" , arch@FreeBSD.ORG Subject: Re: setuid ssh should die Message-ID: <20000903175939.B310@Odin.AC.HMC.Edu> References: <20000902160156.D1263@hamlet.nectar.com> <200009022015.e82KFN740808@hak.lan.Awfulhak.org> <41784.967926245@critter> <20000902223244.A39844@mithrandr.moria.org> <20000902160156.D1263@hamlet.nectar.com> <200009022222.e82MMqG02383@billy-club.village.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2i In-Reply-To: <200009022222.e82MMqG02383@billy-club.village.org>; from imp@village.org on Sat, Sep 02, 2000 at 04:22:52PM -0600 Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sat, Sep 02, 2000 at 04:22:52PM -0600, Warner Losh wrote: > Put me down for "turn of setuid" bit. It is needed only for rsh > compatibility (yes, in the client), but we shouldn't encourage that > usage of ssh. I will comment that while I definatly want to see RSH die, I'm on networks where I'm forced to use ssh as a slightly better rsh instead of a secure login system because some of the admins couldn't tie their shoes without help. In those cases it's really nice to just force ssh to use RSH auth and use the config aliasing feature to allow me to connect to machines that aren't in DNS by name. I guess I'm just pointing out that there are cases where this feature is quite useful though I'd not scream about it as long as there's a make.conf option to restore the old (evil) behavior. -- Brooks -- Any statement of the form "X is the one, true Y" is FALSE. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message