Date: Wed, 13 Mar 2002 11:30:59 -0800 (PST) From: Jason Stone <jason-fbsd-security@shalott.net> To: <security@FreeBSD.ORG> Subject: Re: sshd UseLogin option Message-ID: <20020313112159.G9375-100000@walter> In-Reply-To: <20020313190021.GB1761@frolic.no-support.loc>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> > Could someone please explain to me why we don't use sshd's UseLogin
> > option by default? I know that there was a security hole related to
> > that option recently, but that's not a real reason - security holes
> > can show up anywhere - so is there anything that makes UseLogin a
> > particularly bad idea?
>
> And additionally to that, why is the environment variable MAIL hardcoded
> to /var/mail/${logname} (or _PATH_MAILDIR/${logname}) in session.c
> although setusercontext() is used? Crap!
the CheckMail option in sshd is deprecated (I think that it actually
generates an error in 3.1, the current version) and should not be used
anymore.
-Jason
-----------------------------------------------------------------------
I worry about my child and the Internet all the time, even though she's
too young to have logged on yet. Here's what I worry about. I worry
that 10 or 15 years from now, she will come to me and say "Daddy, where
were you when they took freedom of the press away from the Internet?"
-- Mike Godwin
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: See https://private.idealab.com/public/jason/jason.gpg
iD8DBQE8j6j3swXMWWtptckRAlaDAJ9roGP6R8x2oC0bJoDbCc4KRJMKNgCfXc6F
MMOFXKEYLWFK9figidjzWGU=
=TyAr
-----END PGP SIGNATURE-----
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020313112159.G9375-100000>