Date: Wed, 21 Feb 2001 19:36:12 -0300 (ART) From: Fernando Schapachnik <fpscha@ns1.via-net-works.net.ar> To: Kris Kennaway <kris@obsecurity.org> Cc: Fernando Schapachnik <fschapachnik@vianetworks.com.ar>, security@FreeBSD.ORG Subject: Re: Inconsistent behavior on openssh Message-ID: <200102212236.TAA80210@ns1.via-net-works.net.ar> In-Reply-To: <20010220112654.A35156@mollari.cthul.hu> "from Kris Kennaway at Feb 20, 2001 11:26:55 am"
next in thread | previous in thread | raw e-mail | index | archive | help
En un mensaje anterior, Kris Kennaway escribió:
-- Start of PGP signed section.
> On Tue, Feb 20, 2001 at 09:15:59AM -0300, Fernando Schapachnik wrote:
> > En un mensaje anterior, Kris Kennaway escribió:
> > > > Simply install your ~/.ssh/identity.pub in your remote account's
> > > > ~/.ssh/authorized_keys file. That's why I use. I've never in my
> > > > life used .rhosts or .shosts with ssh.
> > >
> > > Or if you really want to use RhostsRSAAuthentication, rebuild sshd
> > > with ENABLE_SUID_SSH=true in /etc/make.conf
> >
> > I don't think it will sufice:
> >
> > ssh.c:
> > /* Disable rhosts authentication if not running as root. */
> > if (original_effective_uid != 0 ||!options.use_privileged_port) {
> > options.rhosts_authentication = 0;
> > options.rhosts_rsa_authentication = 0;
> >
> >
> > It's not #ifdef'd.
>
> Erm - if it's setuid root (controlled by the makefile when it's
> installed), the original_effective_uid == 0.
Then you were right. Should have looked better :). Thanks!
Fernando P. Schapachnik
Administración de la red
VIA NET.WORKS ARGENTINA S.A.
fschapachnik@vianetworks.com.ar
Conmutador: (54-11) 4323-3333 - Soporte: 0810-333-AYUDA
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200102212236.TAA80210>