From owner-freebsd-current  Mon Nov  9 00:36:55 1998
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id AAA29261
          for freebsd-current-outgoing; Mon, 9 Nov 1998 00:36:55 -0800 (PST)
          (envelope-from owner-freebsd-current@FreeBSD.ORG)
Received: from foobar.franken.de (foobar.franken.de [194.94.249.81])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id AAA29253
          for <freebsd-current@FreeBSD.ORG>; Mon, 9 Nov 1998 00:36:48 -0800 (PST)
          (envelope-from logix@foobar.franken.de)
Received: (from logix@localhost)
	by foobar.franken.de (8.8.8/8.8.5) id JAA22519;
	Mon, 9 Nov 1998 09:34:59 +0100 (CET)
Message-ID: <19981109093459.B22438@foobar.franken.de>
Date: Mon, 9 Nov 1998 09:34:59 +0100
From: Harold Gutch <logix@foobar.franken.de>
To: Marc Slemko <marcs@znep.com>,
        Phillip Salzman <psalzman@gamefish.pcola.gulf.net>
Cc: pal <pal@PaLaDiN7.ml.org>, sporkl@ix.netcom.com,
        freebsd-current@FreeBSD.ORG, osa@freebsd.org.ru
Subject: Re: SSH 2.0.10 BUG? (!)
References: <Pine.BSF.4.05.9811090329010.5722-100000@gamefish.pcola.gulf.net> <Pine.BSF.4.05.9811081938100.8174-100000@alive.znep.com> <19981109091957.A22438@foobar.franken.de>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.93.2i
In-Reply-To: <19981109091957.A22438@foobar.franken.de>; from Harold Gutch on Mon, Nov 09, 1998 at 09:19:57AM +0100
X-Organisation: BatmanSystemDistribution
X-Mission: To free the world from the Penguin
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Mon, Nov 09, 1998 at 09:19:57AM +0100, Harold Gutch wrote:
> On Sun, Nov 08, 1998 at 07:39:14PM -0800, Marc Slemko wrote:
> > On Mon, 9 Nov 1998, Phillip Salzman wrote:
> > > make it +s
> > 
> > DO NOT.
> > 
> > Doing so would quite possibly introduce a major security hole.  Very few
> > daemons are designed to have the setuid bit set, for the simple reason
> > that if they have to be root they are normally already root.  
> > 
> sshd has to run as root if you want to be able to login as more
> than the user it runs as. What difference should an suid-bit make
> if it belongs to root and it's run by root anyway ? Not that it
> would be of any use, I just don't see how it should do any harm
> or even "indroduce a major security hole".
> 
Sorry, forget this argumentation, I somehow assumed sshd would
only be run once at startup and that was it.
I guess users can run sshd later on too without any problems and
yes, a suid bit probably will give them more privileges in this
case.

-- 
bye, logix

<Shabby> Sleep is an abstinence syndrome wich occurs due to lack of caffein.
Wed Mar  4 04:53:33 CET 1998   #unix, ircnet

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message