From owner-freebsd-security Wed Mar 13 11:10:46 2002 Delivered-To: freebsd-security@freebsd.org Received: from mailout07.sul.t-online.com (mailout07.sul.t-online.com [194.25.134.83]) by hub.freebsd.org (Postfix) with ESMTP id 71F7437B400 for ; Wed, 13 Mar 2002 11:10:40 -0800 (PST) Received: from fwd06.sul.t-online.de by mailout07.sul.t-online.com with smtp id 16lE0h-0008No-0E; Wed, 13 Mar 2002 20:02:03 +0100 Received: from frolic.no-support.loc (520094253176-0001@[80.130.205.223]) by fmrl06.sul.t-online.com with esmtp id 16lE0c-0kClW4C; Wed, 13 Mar 2002 20:01:58 +0100 Received: (from bjoern@localhost) by frolic.no-support.loc (8.11.6/8.9.3) id g2DJ0M702145; Wed, 13 Mar 2002 20:00:22 +0100 (CET) (envelope-from bjoern) From: Bjoern Fischer Date: Wed, 13 Mar 2002 20:00:21 +0100 To: Dag-Erling Smorgrav Cc: security@FreeBSD.ORG Subject: Re: sshd UseLogin option Message-ID: <20020313190021.GB1761@frolic.no-support.loc> References: Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable In-Reply-To: User-Agent: Mutt/1.3.25i X-Sender: 520094253176-0001@t-dialin.net Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, Mar 13, 2002 at 02:51:40PM +0100, Dag-Erling Smorgrav wrote: > Could someone please explain to me why we don't use sshd's UseLogin > option by default? I know that there was a security hole related to > that option recently, but that's not a real reason - security holes > can show up anywhere - so is there anything that makes UseLogin a > particularly bad idea? And additionally to that, why is the environment variable MAIL hardcoded to /var/mail/${logname} (or _PATH_MAILDIR/${logname}) in session.c although setusercontext() is used? Crap! -Bj=F6rn To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message